Jump to content
Sign in to follow this  
Zephyr

Ivrig botnett prøver å ta kontroll over serveren min!

Recommended Posts

Har et stort problem med at min server som kjører Win2003 server blir overtatt av et botnett.

Det er hvertfall det det ser ut som.

De siste 2 ukene har den blitt overtatt en 5-6 ganger og sist for ca 20min siden.

Dette er det jeg veit blir forandret;

 

Disse filene blir kopiert inn i C:\Documents and Settings\Administrator;

 

222.exe -->Passordbeskyttet SFX som inneholder tianxia.bat

Kommentarer i filen er:

Path=%systemroot%\system32

SavePath

Setup=tianxia.bat

Silent=1

Overwrite=1

 

Spools13.exe --> Kjører som en prosess

Xg.exe --> Forandrer port for Remote Desktop til 3399 eller 3366 i registeret.

My Computer\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\(PortNumber(3366))

 

I tillegg blir det lagt til noen flere verdier i registeret:

 

My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Currentversion\Image File Execution Options\sethc.exe\(debugger(c:\windows\config\222.exe))

 

Som jeg har skjønt det var det slik den kom inn første gangen. Tydeligvis er ikke sethc.exe en beskyttet operativsystemfil. Den kan derfor forandres uten at windows sier ifra. Det er programfilen til ”sticky keys” eller trege taster og kan startes ved loginskjermen.

 

My Computer\HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SkServer\(ImagePath(C:\Documents and Settings\Administrator\spools13.exe))

 

My Computer\HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SkServer\(ImagePath(C:\Documents and Settings\Administrator\spools13.exe))

 

Lurer på om hele den SkServer mappa er no rusk, men er ikke sikker.

 

Under Services er det også lagt til Snake SockProxy Service som ikke høres helt bra ut.

 

Problemet er at uansett hva jeg fjerner og redigerer av registre så kommer denna saken tilbake.

Er det noen som har vært borti samme greia eller har noen tips til hvordan man skal kunne bli kvitt alt. Maskinen blir i tillegg restartet for å aktivere nye innstillinger og forandre port på RDP mellom hver gang. Meget irriterende det her.

 

Kjører også NOD32 V4 Antivirus og Ad-Aware Live, men ser ikke ut til at de klarer og stoppe noe som helst her.

Share this post


Link to post

Start maskinen i sikkermodus, bruk msconfig til å fjerne skumle programmer og tjenester fra oppstart, bytt passord på kontoene dine og kjør antivirus-scan igjen.

 

EDIT: Pass også på at du har alle de nyeste oppdateringene fra Windows Update.

Edited by Jckf

Share this post


Link to post

Har fjernet alt jeg kan finne av ting nå og kjørte en HijackThis runde og kom opp med det her;

 

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 14:20:06, on 12.02.2010

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\PROGRA~2\Serv-U\ServUDaemon.exe

C:\WINDOWS\SysWOW64\svchost.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\PROGRA~2\Serv-U\SERVUT~1.EXE

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://google.no/" target="_blank" rel="nofollow">http://google.no/</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=69157</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=69157</a>

F2 - REG:system.ini: UserInit=userinit

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [servUTrayIcon] C:\PROGRA~2\Serv-U\SERVUT~1.EXE

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O15 - ESC Trusted Zone: <a href="http://runonce.msn.com" target="_blank" rel="nofollow">http://runonce.msn.com</a>

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - <a href="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264937302639" target="_blank" rel="nofollow">http://update.microsoft.com/windowsupdate/...b?1264937302639</a>

O17 - HKLM\System\CCS\Services\Tcpip\..\{E34F4D04-CFCC-427B-8B47-77B024E60D1E}: NameServer = 10.0.0.1

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~2\Serv-U\ServUDaemon.exe

O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

 

--

End of file - 5342 bytes

 

 

 

Noe som ser skummelt ut her ??

Edited by Zephyr

Share this post


Link to post

Kjørte den som default og da kom jeg opp med det her. Den finner jo masse filer siden windows ble installert for under 30 dager siden.

 

 

OTL logfile created on: 12.02.2010 19:49:47 - Run 1

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Administrator\Desktop

64bit-Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

 

12,00 Gb Total Physical Memory | 11,00 Gb Available Physical Memory | 92,00% Memory free

13,00 Gb Paging File | 13,00 Gb Available in Paging File | 97,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 37,57 Gb Total Space | 28,12 Gb Free Space | 74,87% Space Free | Partition Type: NTFS

Drive D: | 195,32 Gb Total Space | 170,79 Gb Free Space | 87,44% Space Free | Partition Type: NTFS

Drive E: | 8381,78 Gb Total Space | 539,99 Gb Free Space | 6,44% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SERVER

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Processes (SafeList) ==========<!--colorc--></span><!--/colorc-->

 

PRC - [2010.02.12 19:49:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2010.02.04 22:24:04 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010.02.04 13:38:03 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

PRC - [2010.02.03 10:24:36 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010.01.31 19:13:09 | 003,364,352 | ---- | M] (Cat Soft) -- C:\Program Files (x86)\Serv-U\servudaemon.exe

PRC - [2010.01.16 04:17:22 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2009.10.26 08:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

PRC - [2008.08.18 13:25:10 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

PRC - [2005.01.04 10:41:36 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\Serv-U\ServUTray.exe

 

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Modules (SafeList) ==========<!--colorc--></span><!--/colorc-->

 

MOD - [2010.02.12 19:49:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

MOD - [2009.10.26 08:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll

MOD - [2007.02.18 11:24:12 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll

MOD - [2007.02.18 11:06:00 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\winsta.dll

MOD - [2007.02.18 11:05:38 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msctfime.ime

MOD - [2007.02.18 11:05:22 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll

 

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Win32 Services (SafeList) ==========<!--colorc--></span><!--/colorc-->

 

SRV:<b>64bit:</b> - [2008.08.18 13:31:02 | 000,021,760 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV:<b>64bit:</b> - [2008.08.18 13:25:10 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)

SRV - [2010.02.04 22:24:04 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010.01.31 19:13:09 | 003,364,352 | ---- | M] (Cat Soft) [Auto | Running] -- C:\Program Files (x86)\Serv-U\servudaemon.exe -- (Serv-U)

SRV - [2009.09.28 19:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)

SRV - [2008.08.11 12:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

SRV - [2008.07.25 10:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\microsoft.net\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2008.07.25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\microsoft.net\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)

SRV - [2007.02.18 11:05:48 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\rsopprov.exe -- (RSoPProv)

SRV - [2007.02.18 11:05:44 | 000,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\ntfrs.exe -- (NtFrs)

SRV - [2007.02.18 11:05:34 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\llssrv.exe -- (LicenseService)

SRV - [2007.02.18 11:05:32 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\ismserv.exe -- (IsmServ)

SRV - [2007.02.18 11:05:24 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\dfssvc.exe -- (Dfs)

SRV - [2007.02.17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)

SRV - [2005.11.30 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)

SRV - [2005.11.30 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\trksvr.dll -- (TrkSvr)

SRV - [2005.11.30 13:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)

 

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Driver Services (SafeList) ==========<!--colorc--></span><!--/colorc-->

 

DRV - [2010.01.16 01:49:49 | 000,000,006 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Mozilla Firefox\update.locale -- (Update)

DRV - [2008.08.11 12:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

DRV - [2005.11.30 13:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wlbs.exe -- (WLBS)

DRV - [2005.11.30 13:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\mnmdd.dll -- (mnmdd)

 

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Standard Registry (SafeList) ==========<!--colorc--></span><!--/colorc-->

 

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Internet Explorer ==========<!--colorc--></span><!--/colorc-->

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <a href="http://google.no/" target="_blank" rel="nofollow">http://google.no/</a>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== FireFox ==========<!--colorc--></span><!--/colorc-->

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.01.31 12:32:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.01.31 12:32:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

[2010.01.31 12:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010.02.11 11:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\anou8m4b.default\extensions

[2010.01.31 12:32:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010.01.16 01:49:49 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010.01.16 01:49:49 | 000,000,955 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bok-NO.xml

[2010.01.16 01:49:49 | 000,000,968 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\qxl-NO.xml

[2010.01.16 01:49:49 | 000,001,203 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\telefonkatalogen-NO.xml

[2010.01.16 01:49:49 | 000,001,176 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-NO.xml

[2010.01.16 01:49:49 | 000,001,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-NO.xml

 

Hosts file not found

O4:<b>64bit:</b> - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4:<b>64bit:</b> - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)

O4:<b>64bit:</b> - HKLM..\Run: [NodEnabler] C:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe ()

O4:<b>64bit:</b> - HKLM..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe File not found

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()

O4 - HKCU..\Run: [servUTrayIcon] C:\Program Files (x86)\Serv-U\ServUTray.exe ()

O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15:<b>64bit:</b> - ..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} <a href="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264937302639" target="_blank" rel="nofollow">http://update.microsoft.com/windowsupdate/...b?1264937302639</a> (WUWebControl Class)

O18:<b>64bit:</b> - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found

O18:<b>64bit:</b> - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18:<b>64bit:</b> - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18:<b>64bit:</b> - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O20:<b>64bit:</b> - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:<b>64bit:</b> - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found

O20:<b>64bit:</b> - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: System - (lsass.exe) - File not found

O20:<b>64bit:</b> - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\LMIinit: DllName - Reg Error: Key error. - File not found

O20:<b>64bit:</b> - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found

O20:<b>64bit:</b> - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found

O21:<b>64bit:</b> - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found

O28:<b>64bit:</b> - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.01.31 23:55:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - File not found

<b>64bit:</b> O35 - comfile [open] -- "%1" %* File not found

<b>64bit:</b> O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files/Folders - Created Within 30 Days ==========<!--colorc--></span><!--/colorc-->

 

[2010.02.12 19:49:16 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010.02.12 14:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro

[2010.02.12 13:55:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010.02.11 09:27:11 | 030,364,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MRT.exe

[2010.02.11 00:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Desktopicon

[2010.02.11 00:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker

[2010.02.04 13:36:53 | 000,319,280 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Administrator\Desktop\utorrent.exe

[2010.02.03 17:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2010.02.03 16:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn

[2010.02.03 16:58:45 | 002,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.0.0.exe

[2010.02.03 15:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET

[2010.02.03 13:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ESET

[2010.02.03 13:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010.02.03 13:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search

[2010.02.03 10:24:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

[2010.02.03 10:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft

[2010.02.03 10:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010.02.03 10:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2010.02.03 10:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn

[2010.02.03 10:06:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn

[2010.02.03 10:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment

[2010.02.01 11:14:22 | 001,703,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdiplus.dll

[2010.02.01 11:14:22 | 000,991,232 | ---- | C] (Viscom Software ) -- C:\WINDOWS\SysWow64\imageviewer2.ocx

[2010.02.01 11:14:22 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comctl32.ocx

[2010.02.01 11:14:22 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tabctl32.ocx

[2010.02.01 11:14:22 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\threed32.ocx

[2010.02.01 11:14:22 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comct232.ocx

[2010.02.01 11:14:22 | 000,151,552 | ---- | C] (Domenico Statuto - CCRP) -- C:\WINDOWS\SysWow64\ccrpfd6.ocx

[2010.02.01 11:14:22 | 000,110,592 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\SysWow64\ccrpbds6.dll

[2010.02.01 11:14:22 | 000,106,496 | ---- | C] (Marco Bellinaso) -- C:\WINDOWS\SysWow64\mbprgbar.ocx

[2010.02.01 11:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PIXresizer

[2010.02.01 11:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TagRename

[2010.02.01 00:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Intel

[2010.02.01 00:19:52 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\SysWow64\CSVer.dll

[2010.02.01 00:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel

[2010.02.01 00:19:42 | 000,000,000 | ---D | C] -- C:\Intel

[2010.02.01 00:04:25 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmcex.dll

[2010.02.01 00:04:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\microsoft.managementconsole.dll

[2010.02.01 00:04:25 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmcfxcommon.dll

[2010.02.01 00:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en

[2010.02.01 00:04:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmcperf.exe

[2010.02.01 00:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities

[2010.02.01 00:02:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft

[2010.02.01 00:02:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft

[2010.02.01 00:02:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo

[2010.02.01 00:02:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2010.02.01 00:02:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data

[2010.02.01 00:02:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu

[2010.02.01 00:02:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents

[2010.02.01 00:02:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites

[2010.02.01 00:02:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies

[2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates

[2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood

[2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood

[2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings

[2010.02.01 00:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop

[2010.02.01 00:02:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution

[2010.02.01 00:02:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\wmpub

[2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\system

[2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\speechengines

[2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\microsoft shared

[2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\inetsrv

[2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ime

[2010.01.31 23:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2010.01.31 23:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2010.01.31 23:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2010.01.31 23:55:16 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mapi32.dll

[2010.01.31 23:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\MicrosoftPassport

[2010.01.31 23:54:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM

[2010.01.31 23:54:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information

[2010.01.31 23:54:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ils.dll

[2010.01.31 23:54:03 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\WINDOWS\SysWow64\isrdbg32.dll

[2010.01.31 23:54:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nmevtmsg.dll

[2010.01.31 23:54:02 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msconf.dll

[2010.01.31 23:54:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mnmdd.dll

[2010.01.31 23:54:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nmmkcert.dll

[2010.01.31 23:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeeting

[2010.01.31 23:53:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files

[2010.01.31 23:53:59 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages

[2010.01.31 23:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Music

[2010.01.31 23:53:37 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuaucpl.cpl

[2010.01.31 23:53:36 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll

[2010.01.31 23:53:36 | 000,209,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuweb.dll

[2010.01.31 23:53:36 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups2.dll

[2010.01.31 23:53:36 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll

[2010.01.31 23:53:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qmgrprxy.dll

[2010.01.31 23:53:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bitsprx2.dll

[2010.01.31 23:53:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bitsprx3.dll

[2010.01.31 23:53:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player

[2010.01.31 23:53:19 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msoeacct.dll

[2010.01.31 23:53:19 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msoert2.dll

[2010.01.31 23:53:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\acctres.dll

[2010.01.31 23:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Services

[2010.01.31 23:53:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH

[2010.01.31 23:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services

[2010.01.31 23:53:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetres.dll

[2010.01.31 23:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outlook Express

[2010.01.31 23:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express

[2010.01.31 23:53:08 | 000,300,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstask.dll

[2010.01.31 23:53:08 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icwdial.dll

[2010.01.31 23:53:08 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icwphbk.dll

[2010.01.31 23:53:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstinit.exe

[2010.01.31 23:53:08 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks

[2010.01.31 23:53:07 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcfg.dll

[2010.01.31 23:53:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\isign32.dll

[2010.01.31 23:53:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icfgnt5.dll

[2010.01.31 23:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\System

[2010.01.31 23:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System

[2010.01.31 23:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer

[2010.01.31 23:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer

[2010.01.31 23:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications

[2010.01.31 23:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration

[2010.01.31 23:52:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\write.exe

[2010.01.31 23:52:01 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\accwiz.exe

[2010.01.31 23:52:01 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\access.cpl

[2010.01.31 23:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT

[2010.01.31 23:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows NT

[2010.01.31 23:51:55 | 000,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mspaint.exe

[2010.01.31 23:51:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winchat.exe

[2010.01.31 23:51:52 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clipbrd.exe

[2010.01.31 23:51:51 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\getuname.dll

[2010.01.31 23:51:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\charmap.exe

[2010.01.31 23:51:50 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\calc.exe

[2010.01.31 23:51:48 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\resrcmon.exe

[2010.01.31 23:51:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cluster

[2010.01.31 23:51:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Compatibility Scripts

[2010.01.31 23:51:41 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tscc.dll

[2010.01.31 23:51:41 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsmmc.dll

[2010.01.31 23:51:41 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsmhst.dll

[2010.01.31 23:51:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\quser.exe

[2010.01.31 23:51:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\chgusr.exe

[2010.01.31 23:51:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\chglogon.exe

[2010.01.31 23:51:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\query.exe

[2010.01.31 23:51:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\change.exe

[2010.01.31 23:51:39 | 001,871,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll

[2010.01.31 23:51:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qwinsta.exe

[2010.01.31 23:51:39 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qprocess.exe

[2010.01.31 23:51:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qappsrv.exe

[2010.01.31 23:51:36 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxlegih.dll

[2010.01.31 23:51:36 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxdm.dll

[2010.01.31 23:51:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxex.dll

[2010.01.31 23:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Com

[2010.01.31 23:51:35 | 001,295,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll

[2010.01.31 23:51:35 | 000,616,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll

[2010.01.31 23:51:35 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comuid.dll

[2010.01.31 23:51:35 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrv.dll

[2010.01.31 23:51:35 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsnap.dll

[2010.01.31 23:51:35 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comadmin.dll

[2010.01.31 23:51:35 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clbcatex.dll

[2010.01.31 23:51:35 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\stclient.dll

[2010.01.31 23:51:35 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\colbact.dll

[2010.01.31 23:51:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comaddin.dll

[2010.01.31 23:51:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvps.dll

[2010.01.31 23:51:30 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcuiu.dll

[2010.01.31 23:51:30 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxoci.dll

[2010.01.31 23:51:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xolehlp.dll

[2010.01.31 23:51:29 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcprx.dll

[2010.01.31 23:51:26 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\servdeps.dll

[2010.01.31 23:51:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmfutil.dll

[2010.01.31 19:11:14 | 000,000,000 | ---D | C] -- C:\ftphome

[2010.01.31 19:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serv-U

[2010.01.31 17:35:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2010.01.31 17:34:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\windowspowershell

[2010.01.31 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search

[2010.01.31 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Desktop Search

[2010.01.31 15:35:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\config

[2010.01.31 15:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\XPSViewer

[2010.01.31 15:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild

[2010.01.31 15:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild

[2010.01.31 15:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2010.01.31 15:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies

[2010.01.31 15:30:58 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly

[2010.01.31 15:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0

[2010.01.31 15:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 6.0

[2010.01.31 15:25:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache

[2010.01.31 15:24:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE

[2010.01.31 15:21:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information

[2010.01.31 15:21:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache

[2010.01.31 14:53:54 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wininet.dll

[2010.01.31 14:53:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll

[2010.01.31 14:53:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010.01.31 14:52:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2010.01.31 14:51:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010.01.31 14:35:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en-us

[2010.01.31 13:32:32 | 000,963,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dhcpsnap.dll

[2010.01.31 13:32:32 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\msizap.exe

[2010.01.31 13:32:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\azrlreg.exe

[2010.01.31 13:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\microsoft.net

[2010.01.31 13:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\adam

[2010.01.31 13:32:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icacls.exe

[2010.01.31 13:32:31 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\verclsid.exe

[2010.01.31 13:32:31 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\setupn.exe

[2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsmsno.dll

[2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsmsfi.dll

[2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdno1.dll

[2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdfi1.dll

[2010.01.31 13:32:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdukx.dll

[2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmlt48.dll

[2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmlt47.dll

[2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdiultn.dll

[2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdbhc.dll

[2010.01.31 13:32:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdpash.dll

[2010.01.31 13:32:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdnepr.dll

[2010.01.31 13:32:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmaori.dll

[2010.01.31 13:32:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\adfs

[2010.01.31 13:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

[2010.01.31 13:29:38 | 001,364,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[2010.01.31 13:29:37 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\activeds.dll

[2010.01.31 13:29:36 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adsldpc.dll

[2010.01.31 13:29:32 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cabinet.dll

[2010.01.31 13:29:30 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clusapi.dll

[2010.01.31 13:29:29 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comdlg32.dll

[2010.01.31 13:29:28 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comres.dll

[2010.01.31 13:29:27 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cryptui.dll

[2010.01.31 13:29:27 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credui.dll

[2010.01.31 13:29:26 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cscui.dll

[2010.01.31 13:29:15 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hnetcfg.dll

[2010.01.31 13:29:14 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\imagehlp.dll

[2010.01.31 13:29:12 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iphlpapi.dll

[2010.01.31 13:29:08 | 000,589,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mlang.dll

[2010.01.31 13:29:04 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mprapi.dll

[2010.01.31 13:29:03 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msacm32.dll

[2010.01.31 13:29:00 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msihnd.dll

[2010.01.31 13:28:59 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msimtf.dll

[2010.01.31 13:28:53 | 001,809,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netshell.dll

[2010.01.31 13:28:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\olecli32.dll

[2010.01.31 13:28:49 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\olecnv32.dll

[2010.01.31 13:28:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasapi32.dll

[2010.01.31 13:28:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasadhlp.dll

[2010.01.31 13:28:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasman.dll

[2010.01.31 13:28:43 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rsaenh.dll

[2010.01.31 13:28:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sensapi.dll

[2010.01.31 13:28:39 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sfc_os.dll

[2010.01.31 13:28:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\stdole2.tlb

[2010.01.31 13:28:34 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sxs.dll

[2010.01.31 13:28:32 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tapi32.dll

[2010.01.31 13:28:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winsta.dll

[2010.01.31 13:28:22 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wintrust.dll

[2010.01.31 13:28:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wshtcpip.dll

[2010.01.31 13:28:11 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xpsp2res.dll

[2010.01.31 13:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET

[2010.01.31 13:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR

[2010.01.31 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRar

[2010.01.31 13:21:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.01.31 13:19:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2010.01.31 13:19:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\PolicyBackup

[2010.01.31 13:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG8

[2010.01.31 12:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\UltraVNC

[2010.01.31 12:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC

[2010.01.31 12:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia

[2010.01.31 12:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe

[2010.01.31 12:50:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Macromed

[2010.01.31 12:43:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$

[2010.01.31 12:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent

[2010.01.31 12:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent

[2010.01.31 12:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Nedlastinger

[2010.01.31 12:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla

[2010.01.31 12:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[2010.01.31 12:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2010.01.31 12:28:58 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuaueng.dll.mui

[2010.01.31 12:28:58 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuaucpl.cpl.mui

[2010.01.31 12:28:58 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll.mui

[2010.01.31 12:28:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\SoftwareDistribution

[2010.01.31 12:27:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\UserData

[2010.01.31 03:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ODBC

[2010.01.31 03:44:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer

[2010.01.31 03:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC

[2010.01.31 03:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeechEngines

[2010.01.31 03:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Shared

[2010.01.31 03:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines

[2010.01.31 03:44:04 | 000,000,000 | R--D | C] -- C:\Program Files

[2010.01.31 03:44:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)

[2010.01.31 03:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared

[2010.01.31 03:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files

[2010.01.31 03:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files

[2010.01.31 03:44:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdtuq.dll

[2010.01.31 03:44:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdtuf.dll

[2010.01.31 03:44:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdru1.dll

[2010.01.31 03:44:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdaze.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdycc.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbduzb.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdur.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdtat.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdru.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmon.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdkyr.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdkaz.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdbu.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdblr.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdazel.dll

[2010.01.31 03:44:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhept.dll

[2010.01.31 03:44:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhela3.dll

[2010.01.31 03:44:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhela2.dll

[2010.01.31 03:44:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgkl.dll

[2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlv1.dll

[2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlv.dll

[2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhe319.dll

[2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhe220.dll

[2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhe.dll

[2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdest.dll

[2010.01.31 03:44:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlt1.dll

[2010.01.31 03:44:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlt.dll

[2010.01.31 03:44:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcz2.dll

[2010.01.31 03:44:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcz.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdycl.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsl1.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsl.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdpl1.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdpl.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhu.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcz1.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcr.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAL.DLL

[2010.01.31 03:44:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdro.dll

[2010.01.31 03:44:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhu1.dll

[2010.01.31 03:43:48 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE

[2010.01.31 03:43:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu

[2010.01.31 03:43:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents

[2010.01.31 03:43:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Desktop

[2010.01.31 03:43:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates

[2010.01.31 03:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites

[2010.01.31 03:41:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2010.01.31 03:41:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data

[2010.01.31 03:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings

[2010.01.31 03:41:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2010.01.31 03:33:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts

[2010.01.31 03:33:25 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\wbem

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\usmt

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\TAPI

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWOW64

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\security

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\mui

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent64

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\java

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\InstallShield

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\inf

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime (x86)

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ias

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\export

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Drivers

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\3076

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\2052

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1054

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1042

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1041

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1037

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1033

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1031

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1028

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1025

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files - Modified Within 30 Days ==========<!--colorc--></span><!--/colorc-->

 

[2010.02.12 19:49:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010.02.12 16:24:37 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010.02.12 16:24:37 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010.02.12 16:24:37 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010.02.12 16:24:36 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010.02.12 16:24:35 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010.02.12 14:19:55 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk

[2010.02.12 14:19:40 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.msi

[2010.02.12 11:37:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.02.12 11:37:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.02.12 11:35:35 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010.02.12 11:35:27 | 005,880,168 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db

[2010.02.12 08:07:55 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010.02.11 09:21:35 | 000,003,583 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010.02.04 13:38:08 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk

[2010.02.04 13:37:05 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Administrator\Desktop\utorrent.exe

[2010.02.03 16:59:29 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk

[2010.02.03 16:59:16 | 002,169,915 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.0.0.exe

[2010.02.03 10:42:20 | 000,000,192 | -H-- | M] () -- C:\aaw7boot.cmd

[2010.02.03 10:24:03 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010.02.03 10:06:15 | 000,001,024 | ---- | M] () -- C:\.rnd

[2010.02.01 11:40:20 | 000,036,390 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\folder.jpg

[2010.02.01 11:26:22 | 030,364,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MRT.exe

[2010.02.01 11:14:35 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010.02.01 11:13:48 | 000,159,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1.jpg

[2010.02.01 00:04:40 | 000,001,465 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\R2Help.lnk

[2010.01.31 23:55:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010.01.31 23:55:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010.01.31 23:55:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini

[2010.01.31 23:55:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010.01.31 23:55:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010.01.31 23:55:24 | 000,000,401 | ---- | M] () -- C:\WINDOWS\win.ini

[2010.01.31 23:55:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010.01.31 23:55:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb

[2010.01.31 23:55:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb

[2010.01.31 23:55:16 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\wuaucpl.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\sapi.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\nwc.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\ncpa.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\cdplayer.exe.manifest

[2010.01.31 23:52:27 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini

[2010.01.31 23:52:27 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini

[2010.01.31 23:50:33 | 000,000,221 | -HS- | M] () -- C:\boot.ini

[2010.01.31 17:37:41 | 000,562,546 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2010.01.31 13:33:24 | 000,001,367 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk

[2010.01.31 13:26:02 | 000,297,072 | RHS- | M] () -- C:\ntldr

[2010.01.31 12:57:20 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode).lnk

[2010.01.31 12:57:16 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode Encrypt)).lnk

[2010.01.31 12:56:39 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UltraVNC Viewer.lnk

[2010.01.31 12:32:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010.01.31 12:25:41 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2010.01.31 03:47:55 | 000,000,150 | ---- | M] () -- C:\WINDOWS\system.ini

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files Created - No Company Name ==========<!--colorc--></span><!--/colorc-->

 

[2010.02.12 14:19:50 | 000,002,493 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk

[2010.02.12 14:19:38 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.msi

[2010.02.04 13:38:08 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk

[2010.02.03 16:59:29 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk

[2010.02.03 10:26:34 | 000,000,192 | -H-- | C] () -- C:\aaw7boot.cmd

[2010.02.03 10:25:58 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010.02.03 10:25:58 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010.02.03 10:25:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010.02.03 10:25:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010.02.03 10:25:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010.02.03 10:24:03 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010.02.03 10:06:14 | 000,001,024 | ---- | C] () -- C:\.rnd

[2010.02.01 11:14:59 | 000,036,390 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\folder.jpg

[2010.02.01 11:13:48 | 000,159,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1.jpg

[2010.02.01 00:04:40 | 000,001,465 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\R2Help.lnk

[2010.02.01 00:02:35 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010.02.01 00:02:34 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010.01.31 23:59:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010.01.31 23:56:12 | 000,180,770 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20932.nls

[2010.01.31 23:56:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20936.nls

[2010.01.31 23:56:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_720.nls

[2010.01.31 23:56:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_708.nls

[2010.01.31 23:56:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_21027.nls

[2010.01.31 23:56:10 | 000,187,938 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20005.nls

[2010.01.31 23:56:10 | 000,180,258 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20004.nls

[2010.01.31 23:56:09 | 000,185,378 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20003.nls

[2010.01.31 23:56:09 | 000,173,602 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20002.nls

[2010.01.31 23:56:08 | 000,186,402 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20001.nls

[2010.01.31 23:56:08 | 000,180,258 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20000.nls

[2010.01.31 23:56:07 | 000,189,986 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1361.nls

[2010.01.31 23:56:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20108.nls

[2010.01.31 23:56:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20107.nls

[2010.01.31 23:56:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20106.nls

[2010.01.31 23:56:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20105.nls

[2010.01.31 23:56:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28596.nls

[2010.01.31 23:56:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20269.nls

[2010.01.31 23:56:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_870.nls

[2010.01.31 23:56:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_21025.nls

[2010.01.31 23:56:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20924.nls

[2010.01.31 23:56:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20880.nls

[2010.01.31 23:56:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20871.nls

[2010.01.31 23:56:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20838.nls

[2010.01.31 23:56:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20833.nls

[2010.01.31 23:55:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20424.nls

[2010.01.31 23:55:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20423.nls

[2010.01.31 23:55:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20420.nls

[2010.01.31 23:55:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20297.nls

[2010.01.31 23:55:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20290.nls

[2010.01.31 23:55:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20285.nls

[2010.01.31 23:55:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20284.nls

[2010.01.31 23:55:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20280.nls

[2010.01.31 23:55:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20278.nls

[2010.01.31 23:55:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20277.nls

[2010.01.31 23:55:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20273.nls

[2010.01.31 23:55:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1149.nls

[2010.01.31 23:55:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1148.nls

[2010.01.31 23:55:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1147.nls

[2010.01.31 23:55:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1146.nls

[2010.01.31 23:55:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1145.nls

[2010.01.31 23:55:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1144.nls

[2010.01.31 23:55:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1143.nls

[2010.01.31 23:55:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1142.nls

[2010.01.31 23:55:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1141.nls

[2010.01.31 23:55:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1140.nls

[2010.01.31 23:55:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1047.nls

[2010.01.31 23:55:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10021.nls

[2010.01.31 23:55:49 | 000,173,602 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10008.nls

[2010.01.31 23:55:47 | 000,177,698 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10003.nls

[2010.01.31 23:55:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10005.nls

[2010.01.31 23:55:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10004.nls

[2010.01.31 23:55:46 | 000,195,618 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10002.nls

[2010.01.31 23:55:46 | 000,162,850 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10001.nls

[2010.01.31 23:55:45 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_864.nls

[2010.01.31 23:55:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_862.nls

[2010.01.31 23:55:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_858.nls

[2010.01.31 23:55:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2010.01.31 23:55:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2010.01.31 23:55:25 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS

[2010.01.31 23:55:25 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT

[2010.01.31 23:55:22 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx

[2010.01.31 23:55:21 | 000,023,392 | ---- | C] () -- C:\WINDOWS\SysWow64\nscompat.tlb

[2010.01.31 23:55:21 | 000,016,832 | ---- | C] () -- C:\WINDOWS\SysWow64\amcompat.tlb

[2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\wuaucpl.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\sapi.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\nwc.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\ncpa.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\cdplayer.exe.manifest

[2010.01.31 23:53:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest

[2010.01.31 23:53:49 | 000,001,367 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk

[2010.01.31 23:53:26 | 000,049,104 | -HS- | C] () -- C:\WINDOWS\lanmannt.bmp

[2010.01.31 23:53:26 | 000,049,104 | -HS- | C] () -- C:\WINDOWS\lanma256.bmp

[2010.01.31 23:51:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp

[2010.01.31 23:51:53 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp

[2010.01.31 23:51:53 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp

[2010.01.31 23:51:53 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp

[2010.01.31 23:51:53 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp

[2010.01.31 23:51:53 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp

[2010.01.31 23:51:53 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp

[2010.01.31 23:51:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp

[2010.01.31 23:51:53 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp

[2010.01.31 23:51:53 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp

[2010.01.31 23:51:52 | 000,093,702 | ---- | C] () -- C:\WINDOWS\SysWow64\subrange.uce

[2010.01.31 23:51:52 | 000,016,740 | ---- | C] () -- C:\WINDOWS\SysWow64\shiftjis.uce

[2010.01.31 23:51:52 | 000,012,876 | ---- | C] () -- C:\WINDOWS\SysWow64\korean.uce

[2010.01.31 23:51:52 | 000,008,484 | ---- | C] () -- C:\WINDOWS\SysWow64\kanji_2.uce

[2010.01.31 23:51:52 | 000,006,948 | ---- | C] () -- C:\WINDOWS\SysWow64\kanji_1.uce

[2010.01.31 23:51:52 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp

[2010.01.31 23:51:51 | 000,060,458 | ---- | C] () -- C:\WINDOWS\SysWow64\ideograf.uce

[2010.01.31 23:51:51 | 000,024,006 | ---- | C] () -- C:\WINDOWS\SysWow64\gb2312.uce

[2010.01.31 23:51:51 | 000,022,984 | ---- | C] () -- C:\WINDOWS\SysWow64\bopomofo.uce

[2010.01.31 15:31:22 | 000,562,546 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2010.01.31 13:32:31 | 001,099,264 | ---- | C] () -- C:\WINDOWS\adfs.msp

[2010.01.31 12:57:20 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode).lnk

[2010.01.31 12:57:16 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode Encrypt)).lnk

[2010.01.31 12:56:39 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UltraVNC Viewer.lnk

[2010.01.31 12:32:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010.01.31 12:25:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2010.01.31 03:44:14 | 000,003,583 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010.01.31 03:44:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_857.nls

[2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28599.nls

[2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28595.NLS

[2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10081.nls

[2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10017.nls

[2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_869.nls

[2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_866.nls

[2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_855.nls

[2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_737.nls

[2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_875.nls

[2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28603.nls

[2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28597.NLS

[2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28594.NLS

[2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10007.nls

[2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10006.nls

[2010.01.31 03:44:01 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_852.nls

[2010.01.31 03:44:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10082.nls

[2010.01.31 03:44:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10029.nls

[2010.01.31 03:44:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10010.nls

[2010.01.31 03:43:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20127.nls

[2010.01.31 03:39:14 | 000,000,221 | -HS- | C] () -- C:\boot.ini

[2005.11.30 13:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll

[2005.11.30 13:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll

[2005.11.30 13:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll

[2005.11.30 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll

[2005.11.30 13:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll

[2005.11.30 13:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2005.11.30 13:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll

[2005.11.30 13:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll

[2005.11.30 13:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll

[2005.11.30 13:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll

[2005.11.30 13:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll

[2005.11.30 13:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll

[2005.11.30 13:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll

[2005.11.30 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll

[2005.11.30 13:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll

< End of report >

 

Edited by Zephyr

Share this post


Link to post

Fortsatt ikke noe å se til malwaren.

 

Snake SockProxy Service er en trojan, men jeg kan ikke se at den kjører på pc'n din.

Fjernet du noen før du kjørte skanningen?

 

Hvis du starter HJT og velger "Open the misc tools section", klikk på "Generate Startuplist log". Post loggen.

Share this post


Link to post

Jeg har fjernet alt jeg har funnet ja, men filene kommer tilbake hele tiden så lurte på om jeg hadde glemt noe.

har også deaktivert Snake SockProxy Servicen. Er mulig det var det jeg glemte sist.

Hvis det kommer tilbake snart så kan jeg kjøre tester uten å slette noe først.

Share this post


Link to post

Da var den her tilbake igjen så poster logger fra HJT og OTL

 

 

OTL logfile created on: 14.02.2010 14:58:58 - Run 2

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Administrator\Desktop

64bit-Windows Server 2003 Enterprise Edition Service Pack 2 (Version = 5.2.3790) - Type = NTServer

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy

 

12,00 Gb Total Physical Memory | 11,00 Gb Available Physical Memory | 92,00% Memory free

13,00 Gb Paging File | 13,00 Gb Available in Paging File | 97,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 37,57 Gb Total Space | 28,07 Gb Free Space | 74,71% Space Free | Partition Type: NTFS

Drive D: | 195,32 Gb Total Space | 170,30 Gb Free Space | 87,19% Space Free | Partition Type: NTFS

Drive E: | 8381,78 Gb Total Space | 539,99 Gb Free Space | 6,44% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: SERVER

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Processes (SafeList) ==========<!--colorc--></span><!--/colorc-->

 

PRC - [2010.02.14 04:45:11 | 000,266,240 | ---- | M] (noname. <a href="http://snake.gnuchina.org)" target="_blank" rel="nofollow">http://snake.gnuchina.org)</a> -- C:\Documents and Settings\Administrator\spools13.exe

PRC - [2010.02.12 19:49:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

PRC - [2010.02.04 22:24:04 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010.02.04 13:38:03 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

PRC - [2010.02.03 10:24:36 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010.01.31 19:13:09 | 003,364,352 | ---- | M] (Cat Soft) -- C:\Program Files (x86)\Serv-U\servudaemon.exe

PRC - [2009.10.26 08:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

PRC - [2008.08.18 13:25:10 | 000,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

PRC - [2005.01.04 10:41:36 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\Serv-U\ServUTray.exe

 

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Modules (SafeList) ==========<!--colorc--></span><!--/colorc-->

 

MOD - [2010.02.12 19:49:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

MOD - [2009.10.26 08:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll

MOD - [2007.02.18 11:24:12 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll

MOD - [2007.02.18 11:05:38 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\msctfime.ime

MOD - [2007.02.18 11:05:22 | 000,273,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\comdlg32.dll

 

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Win32 Services (SafeList) ==========<!--colorc--></span><!--/colorc-->

 

SRV:<b>64bit:</b> - [2008.08.18 13:31:02 | 000,021,760 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV:<b>64bit:</b> - [2008.08.18 13:25:10 | 000,468,224 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)

SRV - [2010.02.14 04:45:11 | 000,266,240 | ---- | M] (noname. <a href="http://snake.gnuchina.org)" target="_blank" rel="nofollow">http://snake.gnuchina.org)</a> [Auto | Running] -- C:\Documents and Settings\Administrator\spools13.exe -- (SkServer)

SRV - [2010.02.04 22:24:04 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2010.01.31 19:13:09 | 003,364,352 | ---- | M] (Cat Soft) [Auto | Running] -- C:\Program Files (x86)\Serv-U\servudaemon.exe -- (Serv-U)

SRV - [2009.09.28 19:35:04 | 000,120,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -- (LMIMaint)

SRV - [2008.08.11 12:40:58 | 000,057,920 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)

SRV - [2008.07.25 10:13:48 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\microsoft.net\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)

SRV - [2008.07.25 10:13:44 | 000,046,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\microsoft.net\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)

SRV - [2007.02.18 11:05:48 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\rsopprov.exe -- (RSoPProv)

SRV - [2007.02.18 11:05:44 | 000,792,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\ntfrs.exe -- (NtFrs)

SRV - [2007.02.18 11:05:34 | 000,094,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\llssrv.exe -- (LicenseService)

SRV - [2007.02.18 11:05:32 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\ismserv.exe -- (IsmServ)

SRV - [2007.02.18 11:05:24 | 000,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\dfssvc.exe -- (Dfs)

SRV - [2007.02.17 00:44:20 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc.dll -- (helpsvc)

SRV - [2005.11.30 13:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)

SRV - [2005.11.30 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\trksvr.dll -- (TrkSvr)

SRV - [2005.11.30 13:00:00 | 000,039,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)

 

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Driver Services (SafeList) ==========<!--colorc--></span><!--/colorc-->

 

DRV - [2008.08.11 12:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)

DRV - [2005.11.30 13:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\wlbs.exe -- (WLBS)

DRV - [2005.11.30 13:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWOW64\mnmdd.dll -- (mnmdd)

 

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Standard Registry (SafeList) ==========<!--colorc--></span><!--/colorc-->

 

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Internet Explorer ==========<!--colorc--></span><!--/colorc-->

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <a href="http://google.no/" target="_blank" rel="nofollow">http://google.no/</a>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== FireFox ==========<!--colorc--></span><!--/colorc-->

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.01.31 12:32:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.01.31 12:32:12 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

 

[2010.01.31 12:32:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010.02.12 14:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\anou8m4b.default\extensions

[2010.01.31 12:32:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010.01.16 01:49:49 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2010.01.16 01:49:49 | 000,000,955 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bok-NO.xml

[2010.01.16 01:49:49 | 000,000,968 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\qxl-NO.xml

[2010.01.16 01:49:49 | 000,001,203 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\telefonkatalogen-NO.xml

[2010.01.16 01:49:49 | 000,001,176 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-NO.xml

[2010.01.16 01:49:49 | 000,001,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-NO.xml

 

Hosts file not found

O4:<b>64bit:</b> - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4:<b>64bit:</b> - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)

O4:<b>64bit:</b> - HKLM..\Run: [NodEnabler] C:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe ()

O4:<b>64bit:</b> - HKLM..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe File not found

O4 - HKLM..\Run: [unlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()

O4 - HKCU..\Run: [servUTrayIcon] C:\Program Files (x86)\Serv-U\ServUTray.exe ()

O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15:<b>64bit:</b> - ..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} <a href="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264937302639" target="_blank" rel="nofollow">http://update.microsoft.com/windowsupdate/...b?1264937302639</a> (WUWebControl Class)

O18:<b>64bit:</b> - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found

O18:<b>64bit:</b> - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18:<b>64bit:</b> - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18:<b>64bit:</b> - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O20:<b>64bit:</b> - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:<b>64bit:</b> - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found

O20:<b>64bit:</b> - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: System - (lsass.exe) - File not found

O20:<b>64bit:</b> - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\LMIinit: DllName - Reg Error: Key error. - File not found

O20:<b>64bit:</b> - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found

O20:<b>64bit:</b> - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found

O20:<b>64bit:</b> - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found

O21:<b>64bit:</b> - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found

O27:<b>64bit:</b> - HKLM IFEO\sethc.exe: Debugger - c:\windows\config\222.exe File not found

O28:<b>64bit:</b> - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.01.31 23:55:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - File not found

<b>64bit:</b> O35 - comfile [open] -- "%1" %* File not found

<b>64bit:</b> O35 - exefile [open] -- "%1" %* File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files/Folders - Created Within 30 Days ==========<!--colorc--></span><!--/colorc-->

 

[2010.02.14 04:45:40 | 000,077,824 | ---- | C] (http://yingzinet.com) -- C:\Documents and Settings\Administrator\xg.exe

[2010.02.14 04:45:03 | 000,266,240 | ---- | C] (noname. <a href="http://snake.gnuchina.org)" target="_blank" rel="nofollow">http://snake.gnuchina.org)</a> -- C:\Documents and Settings\Administrator\spools13.exe

[2010.02.14 04:38:32 | 000,025,088 | ---- | C] (noname. <a href="http://snake.gnuchina.org)" target="_blank" rel="nofollow">http://snake.gnuchina.org)</a> -- C:\Documents and Settings\Administrator\spools4.exe

[2010.02.12 21:35:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FileZilla

[2010.02.12 21:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client

[2010.02.12 19:49:16 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010.02.12 14:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro

[2010.02.12 13:55:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2010.02.11 09:27:11 | 030,364,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MRT.exe

[2010.02.11 00:58:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Desktopicon

[2010.02.11 00:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker

[2010.02.04 13:36:53 | 000,319,280 | ---- | C] (BitTorrent, Inc.) -- C:\Documents and Settings\Administrator\Desktop\utorrent.exe

[2010.02.03 17:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2010.02.03 16:59:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn

[2010.02.03 16:58:45 | 002,169,915 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.0.0.exe

[2010.02.03 15:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET

[2010.02.03 13:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ESET

[2010.02.03 13:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010.02.03 13:42:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search

[2010.02.03 10:24:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}

[2010.02.03 10:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft

[2010.02.03 10:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2010.02.03 10:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2010.02.03 10:06:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn

[2010.02.03 10:06:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn

[2010.02.03 10:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment

[2010.02.01 11:14:22 | 001,703,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdiplus.dll

[2010.02.01 11:14:22 | 000,991,232 | ---- | C] (Viscom Software ) -- C:\WINDOWS\SysWow64\imageviewer2.ocx

[2010.02.01 11:14:22 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comctl32.ocx

[2010.02.01 11:14:22 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tabctl32.ocx

[2010.02.01 11:14:22 | 000,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\SysWow64\threed32.ocx

[2010.02.01 11:14:22 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comct232.ocx

[2010.02.01 11:14:22 | 000,151,552 | ---- | C] (Domenico Statuto - CCRP) -- C:\WINDOWS\SysWow64\ccrpfd6.ocx

[2010.02.01 11:14:22 | 000,110,592 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\SysWow64\ccrpbds6.dll

[2010.02.01 11:14:22 | 000,106,496 | ---- | C] (Marco Bellinaso) -- C:\WINDOWS\SysWow64\mbprgbar.ocx

[2010.02.01 11:14:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PIXresizer

[2010.02.01 11:10:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TagRename

[2010.02.01 00:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Intel

[2010.02.01 00:19:52 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\SysWow64\CSVer.dll

[2010.02.01 00:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel

[2010.02.01 00:19:42 | 000,000,000 | ---D | C] -- C:\Intel

[2010.02.01 00:04:25 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmcex.dll

[2010.02.01 00:04:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\microsoft.managementconsole.dll

[2010.02.01 00:04:25 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmcfxcommon.dll

[2010.02.01 00:04:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en

[2010.02.01 00:04:24 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmcperf.exe

[2010.02.01 00:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities

[2010.02.01 00:02:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft

[2010.02.01 00:02:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft

[2010.02.01 00:02:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo

[2010.02.01 00:02:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2010.02.01 00:02:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data

[2010.02.01 00:02:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu

[2010.02.01 00:02:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents

[2010.02.01 00:02:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites

[2010.02.01 00:02:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies

[2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates

[2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood

[2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood

[2010.02.01 00:02:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings

[2010.02.01 00:02:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop

[2010.02.01 00:02:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution

[2010.02.01 00:02:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch

[2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\wmpub

[2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\system

[2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\speechengines

[2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\microsoft shared

[2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\inetsrv

[2010.01.31 23:56:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ime

[2010.01.31 23:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2010.01.31 23:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2010.01.31 23:55:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2010.01.31 23:55:16 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mapi32.dll

[2010.01.31 23:55:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\MicrosoftPassport

[2010.01.31 23:54:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM

[2010.01.31 23:54:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information

[2010.01.31 23:54:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ils.dll

[2010.01.31 23:54:03 | 000,024,576 | ---- | C] (Intel Corporation) -- C:\WINDOWS\SysWow64\isrdbg32.dll

[2010.01.31 23:54:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nmevtmsg.dll

[2010.01.31 23:54:02 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msconf.dll

[2010.01.31 23:54:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mnmdd.dll

[2010.01.31 23:54:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nmmkcert.dll

[2010.01.31 23:54:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeeting

[2010.01.31 23:53:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files

[2010.01.31 23:53:59 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages

[2010.01.31 23:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Music

[2010.01.31 23:53:37 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuaucpl.cpl

[2010.01.31 23:53:36 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll

[2010.01.31 23:53:36 | 000,209,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuweb.dll

[2010.01.31 23:53:36 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups2.dll

[2010.01.31 23:53:36 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll

[2010.01.31 23:53:35 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qmgrprxy.dll

[2010.01.31 23:53:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bitsprx2.dll

[2010.01.31 23:53:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bitsprx3.dll

[2010.01.31 23:53:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player

[2010.01.31 23:53:19 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msoeacct.dll

[2010.01.31 23:53:19 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msoert2.dll

[2010.01.31 23:53:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\acctres.dll

[2010.01.31 23:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Services

[2010.01.31 23:53:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH

[2010.01.31 23:53:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services

[2010.01.31 23:53:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetres.dll

[2010.01.31 23:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outlook Express

[2010.01.31 23:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express

[2010.01.31 23:53:08 | 000,300,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstask.dll

[2010.01.31 23:53:08 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icwdial.dll

[2010.01.31 23:53:08 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icwphbk.dll

[2010.01.31 23:53:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstinit.exe

[2010.01.31 23:53:08 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks

[2010.01.31 23:53:07 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcfg.dll

[2010.01.31 23:53:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\isign32.dll

[2010.01.31 23:53:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icfgnt5.dll

[2010.01.31 23:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\System

[2010.01.31 23:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System

[2010.01.31 23:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer

[2010.01.31 23:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer

[2010.01.31 23:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications

[2010.01.31 23:52:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration

[2010.01.31 23:52:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\write.exe

[2010.01.31 23:52:01 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\accwiz.exe

[2010.01.31 23:52:01 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\access.cpl

[2010.01.31 23:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT

[2010.01.31 23:52:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows NT

[2010.01.31 23:51:55 | 000,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mspaint.exe

[2010.01.31 23:51:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winchat.exe

[2010.01.31 23:51:52 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clipbrd.exe

[2010.01.31 23:51:51 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\getuname.dll

[2010.01.31 23:51:51 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\charmap.exe

[2010.01.31 23:51:50 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\calc.exe

[2010.01.31 23:51:48 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\resrcmon.exe

[2010.01.31 23:51:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cluster

[2010.01.31 23:51:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Compatibility Scripts

[2010.01.31 23:51:41 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tscc.dll

[2010.01.31 23:51:41 | 000,161,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsmmc.dll

[2010.01.31 23:51:41 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsmhst.dll

[2010.01.31 23:51:41 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\quser.exe

[2010.01.31 23:51:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\chgusr.exe

[2010.01.31 23:51:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\chglogon.exe

[2010.01.31 23:51:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\query.exe

[2010.01.31 23:51:41 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\change.exe

[2010.01.31 23:51:39 | 001,871,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll

[2010.01.31 23:51:39 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qwinsta.exe

[2010.01.31 23:51:39 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qprocess.exe

[2010.01.31 23:51:39 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qappsrv.exe

[2010.01.31 23:51:36 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxlegih.dll

[2010.01.31 23:51:36 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxdm.dll

[2010.01.31 23:51:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxex.dll

[2010.01.31 23:51:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Com

[2010.01.31 23:51:35 | 001,295,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsvcs.dll

[2010.01.31 23:51:35 | 000,616,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvut.dll

[2010.01.31 23:51:35 | 000,593,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comuid.dll

[2010.01.31 23:51:35 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrv.dll

[2010.01.31 23:51:35 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comsnap.dll

[2010.01.31 23:51:35 | 000,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comadmin.dll

[2010.01.31 23:51:35 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clbcatex.dll

[2010.01.31 23:51:35 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\stclient.dll

[2010.01.31 23:51:35 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\colbact.dll

[2010.01.31 23:51:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comaddin.dll

[2010.01.31 23:51:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\catsrvps.dll

[2010.01.31 23:51:30 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcuiu.dll

[2010.01.31 23:51:30 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxoci.dll

[2010.01.31 23:51:30 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xolehlp.dll

[2010.01.31 23:51:29 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcprx.dll

[2010.01.31 23:51:26 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\servdeps.dll

[2010.01.31 23:51:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mmfutil.dll

[2010.01.31 19:11:14 | 000,000,000 | ---D | C] -- C:\ftphome

[2010.01.31 19:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serv-U

[2010.01.31 17:35:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2010.01.31 17:34:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\windowspowershell

[2010.01.31 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search

[2010.01.31 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Desktop Search

[2010.01.31 15:35:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\config

[2010.01.31 15:33:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\XPSViewer

[2010.01.31 15:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild

[2010.01.31 15:32:53 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild

[2010.01.31 15:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies

[2010.01.31 15:32:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies

[2010.01.31 15:30:58 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly

[2010.01.31 15:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0

[2010.01.31 15:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 6.0

[2010.01.31 15:25:30 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache

[2010.01.31 15:24:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE

[2010.01.31 15:21:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information

[2010.01.31 15:21:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache

[2010.01.31 14:53:54 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wininet.dll

[2010.01.31 14:53:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll

[2010.01.31 14:53:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010.01.31 14:52:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM

[2010.01.31 14:51:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010.01.31 14:35:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en-us

[2010.01.31 13:32:32 | 000,963,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dhcpsnap.dll

[2010.01.31 13:32:32 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\msizap.exe

[2010.01.31 13:32:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\azrlreg.exe

[2010.01.31 13:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\microsoft.net

[2010.01.31 13:32:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\adam

[2010.01.31 13:32:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\icacls.exe

[2010.01.31 13:32:31 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\verclsid.exe

[2010.01.31 13:32:31 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\setupn.exe

[2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsmsno.dll

[2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsmsfi.dll

[2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdno1.dll

[2010.01.31 13:32:31 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdfi1.dll

[2010.01.31 13:32:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdukx.dll

[2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmlt48.dll

[2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmlt47.dll

[2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdiultn.dll

[2010.01.31 13:32:31 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdbhc.dll

[2010.01.31 13:32:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdpash.dll

[2010.01.31 13:32:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdnepr.dll

[2010.01.31 13:32:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmaori.dll

[2010.01.31 13:32:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\adfs

[2010.01.31 13:30:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles

[2010.01.31 13:29:38 | 001,364,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

[2010.01.31 13:29:37 | 000,200,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\activeds.dll

[2010.01.31 13:29:36 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adsldpc.dll

[2010.01.31 13:29:32 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cabinet.dll

[2010.01.31 13:29:30 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\clusapi.dll

[2010.01.31 13:29:29 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comdlg32.dll

[2010.01.31 13:29:28 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\comres.dll

[2010.01.31 13:29:27 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cryptui.dll

[2010.01.31 13:29:27 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credui.dll

[2010.01.31 13:29:26 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cscui.dll

[2010.01.31 13:29:15 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hnetcfg.dll

[2010.01.31 13:29:14 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\imagehlp.dll

[2010.01.31 13:29:12 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iphlpapi.dll

[2010.01.31 13:29:08 | 000,589,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mlang.dll

[2010.01.31 13:29:04 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mprapi.dll

[2010.01.31 13:29:03 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msacm32.dll

[2010.01.31 13:29:00 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msihnd.dll

[2010.01.31 13:28:59 | 000,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msimtf.dll

[2010.01.31 13:28:53 | 001,809,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netshell.dll

[2010.01.31 13:28:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\olecli32.dll

[2010.01.31 13:28:49 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\olecnv32.dll

[2010.01.31 13:28:46 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasapi32.dll

[2010.01.31 13:28:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasadhlp.dll

[2010.01.31 13:28:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasman.dll

[2010.01.31 13:28:43 | 000,213,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rsaenh.dll

[2010.01.31 13:28:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sensapi.dll

[2010.01.31 13:28:39 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sfc_os.dll

[2010.01.31 13:28:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\stdole2.tlb

[2010.01.31 13:28:34 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sxs.dll

[2010.01.31 13:28:32 | 000,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tapi32.dll

[2010.01.31 13:28:23 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winsta.dll

[2010.01.31 13:28:22 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wintrust.dll

[2010.01.31 13:28:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wshtcpip.dll

[2010.01.31 13:28:11 | 002,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xpsp2res.dll

[2010.01.31 13:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET

[2010.01.31 13:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR

[2010.01.31 13:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRar

[2010.01.31 13:21:19 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.01.31 13:19:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$

[2010.01.31 13:19:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\PolicyBackup

[2010.01.31 13:02:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG8

[2010.01.31 12:57:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\UltraVNC

[2010.01.31 12:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\UltraVNC

[2010.01.31 12:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia

[2010.01.31 12:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe

[2010.01.31 12:50:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Macromed

[2010.01.31 12:43:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$

[2010.01.31 12:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent

[2010.01.31 12:32:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent

[2010.01.31 12:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Nedlastinger

[2010.01.31 12:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla

[2010.01.31 12:32:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla

[2010.01.31 12:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2010.01.31 12:28:58 | 000,017,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuaueng.dll.mui

[2010.01.31 12:28:58 | 000,015,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuaucpl.cpl.mui

[2010.01.31 12:28:58 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll.mui

[2010.01.31 12:28:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\SoftwareDistribution

[2010.01.31 12:27:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\UserData

[2010.01.31 03:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ODBC

[2010.01.31 03:44:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer

[2010.01.31 03:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC

[2010.01.31 03:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeechEngines

[2010.01.31 03:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Shared

[2010.01.31 03:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines

[2010.01.31 03:44:04 | 000,000,000 | R--D | C] -- C:\Program Files

[2010.01.31 03:44:04 | 000,000,000 | R--D | C] -- C:\Program Files (x86)

[2010.01.31 03:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared

[2010.01.31 03:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files

[2010.01.31 03:44:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files

[2010.01.31 03:44:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdtuq.dll

[2010.01.31 03:44:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdtuf.dll

[2010.01.31 03:44:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdru1.dll

[2010.01.31 03:44:03 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdaze.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdycc.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbduzb.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdur.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdtat.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdru.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdmon.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdkyr.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdkaz.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdbu.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdblr.dll

[2010.01.31 03:44:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdazel.dll

[2010.01.31 03:44:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhept.dll

[2010.01.31 03:44:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhela3.dll

[2010.01.31 03:44:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhela2.dll

[2010.01.31 03:44:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdgkl.dll

[2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlv1.dll

[2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlv.dll

[2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhe319.dll

[2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhe220.dll

[2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhe.dll

[2010.01.31 03:44:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdest.dll

[2010.01.31 03:44:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlt1.dll

[2010.01.31 03:44:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdlt.dll

[2010.01.31 03:44:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcz2.dll

[2010.01.31 03:44:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcz.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdycl.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsl1.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdsl.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdpl1.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdpl.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhu.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcz1.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdcr.dll

[2010.01.31 03:44:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\KBDAL.DLL

[2010.01.31 03:44:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdro.dll

[2010.01.31 03:44:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kbdhu1.dll

[2010.01.31 03:43:48 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE

[2010.01.31 03:43:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu

[2010.01.31 03:43:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents

[2010.01.31 03:43:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Desktop

[2010.01.31 03:43:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates

[2010.01.31 03:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites

[2010.01.31 03:41:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2010.01.31 03:41:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data

[2010.01.31 03:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings

[2010.01.31 03:41:42 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2010.01.31 03:33:25 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts

[2010.01.31 03:33:25 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\wbem

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\usmt

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\TAPI

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWOW64

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\system

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\security

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\mui

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent64

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\java

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\InstallShield

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\inf

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime (x86)

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ias

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\export

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Drivers

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\3076

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\2052

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1054

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1042

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1041

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1037

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1033

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1031

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1028

[2010.01.31 03:33:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1025

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files - Modified Within 30 Days ==========<!--colorc--></span><!--/colorc-->

 

[2010.02.14 10:24:05 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010.02.14 04:51:24 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010.02.14 04:51:23 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010.02.14 04:51:23 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010.02.14 04:51:22 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010.02.14 04:49:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.02.14 04:49:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.02.14 04:47:17 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010.02.14 04:47:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010.02.14 04:47:09 | 000,464,516 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db

[2010.02.14 04:45:49 | 000,103,771 | ---- | M] () -- C:\Documents and Settings\Administrator\222.exe

[2010.02.14 04:45:44 | 000,077,824 | ---- | M] (http://yingzinet.com) -- C:\Documents and Settings\Administrator\xg.exe

[2010.02.14 04:45:11 | 000,266,240 | ---- | M] (noname. <a href="http://snake.gnuchina.org)" target="_blank" rel="nofollow">http://snake.gnuchina.org)</a> -- C:\Documents and Settings\Administrator\spools13.exe

[2010.02.14 04:38:35 | 000,025,088 | ---- | M] (noname. <a href="http://snake.gnuchina.org)" target="_blank" rel="nofollow">http://snake.gnuchina.org)</a> -- C:\Documents and Settings\Administrator\spools4.exe

[2010.02.12 21:35:55 | 000,001,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk

[2010.02.12 21:35:38 | 004,124,332 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FileZilla_3.3.1_win32-setup.exe

[2010.02.12 20:22:34 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk

[2010.02.12 19:49:35 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

[2010.02.12 14:19:40 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.msi

[2010.02.11 09:21:35 | 000,003,583 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010.02.04 13:38:08 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk

[2010.02.04 13:37:05 | 000,319,280 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Administrator\Desktop\utorrent.exe

[2010.02.03 16:59:29 | 000,001,582 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk

[2010.02.03 16:59:16 | 002,169,915 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.0.0.exe

[2010.02.03 10:42:20 | 000,000,192 | -H-- | M] () -- C:\aaw7boot.cmd

[2010.02.03 10:24:03 | 000,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010.02.03 10:06:15 | 000,001,024 | ---- | M] () -- C:\.rnd

[2010.02.01 11:40:20 | 000,036,390 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\folder.jpg

[2010.02.01 11:26:22 | 030,364,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MRT.exe

[2010.02.01 11:14:35 | 000,012,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010.02.01 11:13:48 | 000,159,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1.jpg

[2010.02.01 00:04:40 | 000,001,465 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\R2Help.lnk

[2010.01.31 23:55:25 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010.01.31 23:55:25 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010.01.31 23:55:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini

[2010.01.31 23:55:25 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010.01.31 23:55:25 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010.01.31 23:55:24 | 000,000,401 | ---- | M] () -- C:\WINDOWS\win.ini

[2010.01.31 23:55:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2010.01.31 23:55:21 | 000,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb

[2010.01.31 23:55:21 | 000,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb

[2010.01.31 23:55:16 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI

[2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\wuaucpl.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\sapi.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\nwc.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\ncpa.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\cdplayer.exe.manifest

[2010.01.31 23:52:27 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini

[2010.01.31 23:52:27 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini

[2010.01.31 23:50:33 | 000,000,221 | -HS- | M] () -- C:\boot.ini

[2010.01.31 17:37:41 | 000,562,546 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2010.01.31 13:33:24 | 000,001,367 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk

[2010.01.31 13:26:02 | 000,297,072 | RHS- | M] () -- C:\ntldr

[2010.01.31 12:57:20 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode).lnk

[2010.01.31 12:57:16 | 000,000,769 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode Encrypt)).lnk

[2010.01.31 12:56:39 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UltraVNC Viewer.lnk

[2010.01.31 12:32:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat

[2010.01.31 12:25:41 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD

[2010.01.31 03:47:55 | 000,000,150 | ---- | M] () -- C:\WINDOWS\system.ini

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

 

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files Created - No Company Name ==========<!--colorc--></span><!--/colorc-->

 

[2010.02.14 04:45:44 | 000,103,771 | ---- | C] () -- C:\Documents and Settings\Administrator\222.exe

[2010.02.12 21:35:55 | 000,001,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FileZilla Client.lnk

[2010.02.12 21:35:33 | 004,124,332 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FileZilla_3.3.1_win32-setup.exe

[2010.02.12 14:19:50 | 000,002,493 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HiJackThis.lnk

[2010.02.12 14:19:38 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.msi

[2010.02.04 13:38:08 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk

[2010.02.03 16:59:29 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk

[2010.02.03 10:26:34 | 000,000,192 | -H-- | C] () -- C:\aaw7boot.cmd

[2010.02.03 10:25:58 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2010.02.03 10:25:58 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job

[2010.02.03 10:25:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job

[2010.02.03 10:25:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job

[2010.02.03 10:25:57 | 000,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job

[2010.02.03 10:24:03 | 000,000,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk

[2010.02.03 10:06:14 | 000,001,024 | ---- | C] () -- C:\.rnd

[2010.02.01 11:14:59 | 000,036,390 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\folder.jpg

[2010.02.01 11:13:48 | 000,159,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1.jpg

[2010.02.01 00:04:40 | 000,001,465 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\R2Help.lnk

[2010.02.01 00:02:35 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini

[2010.02.01 00:02:34 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT

[2010.01.31 23:59:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010.01.31 23:56:12 | 000,180,770 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20932.nls

[2010.01.31 23:56:12 | 000,173,602 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20936.nls

[2010.01.31 23:56:11 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_720.nls

[2010.01.31 23:56:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_708.nls

[2010.01.31 23:56:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_21027.nls

[2010.01.31 23:56:10 | 000,187,938 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20005.nls

[2010.01.31 23:56:10 | 000,180,258 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20004.nls

[2010.01.31 23:56:09 | 000,185,378 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20003.nls

[2010.01.31 23:56:09 | 000,173,602 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20002.nls

[2010.01.31 23:56:08 | 000,186,402 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20001.nls

[2010.01.31 23:56:08 | 000,180,258 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20000.nls

[2010.01.31 23:56:07 | 000,189,986 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1361.nls

[2010.01.31 23:56:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20108.nls

[2010.01.31 23:56:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20107.nls

[2010.01.31 23:56:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20106.nls

[2010.01.31 23:56:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20105.nls

[2010.01.31 23:56:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28596.nls

[2010.01.31 23:56:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20269.nls

[2010.01.31 23:56:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_870.nls

[2010.01.31 23:56:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_21025.nls

[2010.01.31 23:56:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20924.nls

[2010.01.31 23:56:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20880.nls

[2010.01.31 23:56:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20871.nls

[2010.01.31 23:56:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20838.nls

[2010.01.31 23:56:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20833.nls

[2010.01.31 23:55:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20424.nls

[2010.01.31 23:55:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20423.nls

[2010.01.31 23:55:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20420.nls

[2010.01.31 23:55:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20297.nls

[2010.01.31 23:55:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20290.nls

[2010.01.31 23:55:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20285.nls

[2010.01.31 23:55:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20284.nls

[2010.01.31 23:55:57 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20280.nls

[2010.01.31 23:55:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20278.nls

[2010.01.31 23:55:56 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20277.nls

[2010.01.31 23:55:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20273.nls

[2010.01.31 23:55:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1149.nls

[2010.01.31 23:55:55 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1148.nls

[2010.01.31 23:55:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1147.nls

[2010.01.31 23:55:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1146.nls

[2010.01.31 23:55:54 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1145.nls

[2010.01.31 23:55:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1144.nls

[2010.01.31 23:55:53 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1143.nls

[2010.01.31 23:55:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1142.nls

[2010.01.31 23:55:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1141.nls

[2010.01.31 23:55:52 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1140.nls

[2010.01.31 23:55:51 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_1047.nls

[2010.01.31 23:55:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10021.nls

[2010.01.31 23:55:49 | 000,173,602 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10008.nls

[2010.01.31 23:55:47 | 000,177,698 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10003.nls

[2010.01.31 23:55:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10005.nls

[2010.01.31 23:55:47 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10004.nls

[2010.01.31 23:55:46 | 000,195,618 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10002.nls

[2010.01.31 23:55:46 | 000,162,850 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10001.nls

[2010.01.31 23:55:45 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_864.nls

[2010.01.31 23:55:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_862.nls

[2010.01.31 23:55:44 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_858.nls

[2010.01.31 23:55:25 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2010.01.31 23:55:25 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2010.01.31 23:55:25 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS

[2010.01.31 23:55:25 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT

[2010.01.31 23:55:22 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx

[2010.01.31 23:55:21 | 000,023,392 | ---- | C] () -- C:\WINDOWS\SysWow64\nscompat.tlb

[2010.01.31 23:55:21 | 000,016,832 | ---- | C] () -- C:\WINDOWS\SysWow64\amcompat.tlb

[2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\wuaucpl.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\sapi.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\nwc.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\ncpa.cpl.manifest

[2010.01.31 23:54:42 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\cdplayer.exe.manifest

[2010.01.31 23:53:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest

[2010.01.31 23:53:49 | 000,001,367 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Security Configuration Wizard.lnk

[2010.01.31 23:53:26 | 000,049,104 | -HS- | C] () -- C:\WINDOWS\lanmannt.bmp

[2010.01.31 23:53:26 | 000,049,104 | -HS- | C] () -- C:\WINDOWS\lanma256.bmp

[2010.01.31 23:51:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp

[2010.01.31 23:51:53 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp

[2010.01.31 23:51:53 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp

[2010.01.31 23:51:53 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp

[2010.01.31 23:51:53 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp

[2010.01.31 23:51:53 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp

[2010.01.31 23:51:53 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp

[2010.01.31 23:51:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp

[2010.01.31 23:51:53 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp

[2010.01.31 23:51:53 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp

[2010.01.31 23:51:52 | 000,093,702 | ---- | C] () -- C:\WINDOWS\SysWow64\subrange.uce

[2010.01.31 23:51:52 | 000,016,740 | ---- | C] () -- C:\WINDOWS\SysWow64\shiftjis.uce

[2010.01.31 23:51:52 | 000,012,876 | ---- | C] () -- C:\WINDOWS\SysWow64\korean.uce

[2010.01.31 23:51:52 | 000,008,484 | ---- | C] () -- C:\WINDOWS\SysWow64\kanji_2.uce

[2010.01.31 23:51:52 | 000,006,948 | ---- | C] () -- C:\WINDOWS\SysWow64\kanji_1.uce

[2010.01.31 23:51:52 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp

[2010.01.31 23:51:51 | 000,060,458 | ---- | C] () -- C:\WINDOWS\SysWow64\ideograf.uce

[2010.01.31 23:51:51 | 000,024,006 | ---- | C] () -- C:\WINDOWS\SysWow64\gb2312.uce

[2010.01.31 23:51:51 | 000,022,984 | ---- | C] () -- C:\WINDOWS\SysWow64\bopomofo.uce

[2010.01.31 15:31:22 | 000,562,546 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI

[2010.01.31 13:32:31 | 001,099,264 | ---- | C] () -- C:\WINDOWS\adfs.msp

[2010.01.31 12:57:20 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode).lnk

[2010.01.31 12:57:16 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\(Listen Mode Encrypt)).lnk

[2010.01.31 12:56:39 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UltraVNC Viewer.lnk

[2010.01.31 12:32:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010.01.31 12:25:41 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD

[2010.01.31 03:44:14 | 000,003,583 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2010.01.31 03:44:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_857.nls

[2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28599.nls

[2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28595.NLS

[2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10081.nls

[2010.01.31 03:44:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10017.nls

[2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_869.nls

[2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_866.nls

[2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_855.nls

[2010.01.31 03:44:02 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_737.nls

[2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_875.nls

[2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28603.nls

[2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28597.NLS

[2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28594.NLS

[2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10007.nls

[2010.01.31 03:44:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10006.nls

[2010.01.31 03:44:01 | 000,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_852.nls

[2010.01.31 03:44:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10082.nls

[2010.01.31 03:44:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10029.nls

[2010.01.31 03:44:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10010.nls

[2010.01.31 03:43:50 | 000,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20127.nls

[2010.01.31 03:39:14 | 000,000,221 | -HS- | C] () -- C:\boot.ini

[2005.11.30 13:00:00 | 001,278,464 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll

[2005.11.30 13:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll

[2005.11.30 13:00:00 | 000,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll

[2005.11.30 13:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll

[2005.11.30 13:00:00 | 000,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll

[2005.11.30 13:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2005.11.30 13:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll

[2005.11.30 13:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll

[2005.11.30 13:00:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll

[2005.11.30 13:00:00 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll

[2005.11.30 13:00:00 | 000,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll

[2005.11.30 13:00:00 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll

[2005.11.30 13:00:00 | 000,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll

[2005.11.30 13:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll

[2005.11.30 13:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll

< End of report >

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.3 (BETA)

Scan saved at 15:07:26, on 14.02.2010

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\PROGRA~2\Serv-U\ServUDaemon.exe

C:\Documents and Settings\Administrator\spools13.exe

C:\WINDOWS\SysWOW64\svchost.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\PROGRA~2\Serv-U\SERVUT~1.EXE

C:\WINDOWS\SysWOW64\ctfmon.exe

C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://google.no/" target="_blank" rel="nofollow">http://google.no/</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=69157</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=54896</a>

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" rel="nofollow">http://go.microsoft.com/fwlink/?LinkId=69157</a>

F2 - REG:system.ini: UserInit=userinit

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [servUTrayIcon] C:\PROGRA~2\Serv-U\SERVUT~1.EXE

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O15 - ESC Trusted Zone: <a href="http://runonce.msn.com" target="_blank" rel="nofollow">http://runonce.msn.com</a>

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - <a href="http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264937302639" target="_blank" rel="nofollow">http://update.microsoft.com/windowsupdate/...b?1264937302639</a>

O17 - HKLM\System\CCS\Services\Tcpip\..\{E34F4D04-CFCC-427B-8B47-77B024E60D1E}: NameServer = 10.0.0.1

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)

O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)

O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)

O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\PROGRA~2\Serv-U\ServUDaemon.exe

O23 - Service: Snake SockProxy Service (SkServer) - noname. <a href="http://snake.gnuchina.org" target="_blank" rel="nofollow">http://snake.gnuchina.org</a> - C:\Documents and Settings\Administrator\spools13.exe

O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)

O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

 

--

End of file - 5641 bytes

 

Edited by Zephyr

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...