 Infected with W32.Virut, Formatted all drives, am I okay now? |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help DO NOT post a ComboFix log unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Dec 8 2009, 12:00 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 2 Joined: 7-December 09 Member No.: 413,624  |
I used UBCD with the western digital tool to perform a low level format on my two WD drives, and as for my seagate drive I deleted the mbr and partitions and performed a format on it; Seatools wouldn't work, nor did Killdisk nor Dban for whatever reason. I've then reinstalled XP, ran the UBCD with Dr Web Cureit as well as the other AntiVirus programs on the CD. They all came up clean. Mcafee, updated with latest definitions, in the new XP install also says 'clean'. I have now run all the logs after installing a few things, still no signs of the virut so It doesn't seem to show any signs of the virus rising from the dead (rootkit), but I NEED to be as certain as possible! I feel so violated, as if my house was broken into; I just still don't feel safe. I hope someone here can help me sleep at night! DDS (Ver_09-12-01.01) - NTFSx86 Run by AkaiKishi at 23:43:34.15 on Mon 12/07/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2567 [GMT -5:00] AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\Explorer.EXE D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE D:\Program Files\McAfee\Common Framework\UdaterUI.exe D:\Program Files\ITE\Smart Guardian\ITESMART.exe C:\WINDOWS\system32\CTHELPER.EXE D:\Program Files\Creative\DVDAudio\CTDVDDET.EXE C:\WINDOWS\system32\ctfmon.exe D:\Program Files\RivaTuner v2.24\RivaTuner.exe D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe svchost.exe D:\Program Files\McAfee\Common Framework\FrameworkService.exe D:\Program Files\McAfee\Common Framework\McTray.exe D:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe D:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\AkaiKishi\Desktop\RootRepeal.exe C:\Documents and Settings\AkaiKishi\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://google.com/ BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\mcafee\virusscan enterprise\Scriptcl.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [ShStatEXE] "d:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [McAfeeUpdaterUI] "d:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [SmartGuardian] d:\program files\ite\smart guardian\ITESMART.exe mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [CTHelper] CTHELPER.EXE mRun: [CTDVDDET] "d:\program files\creative\dvdaudio\CTDVDDET.EXE" mRun: [RivaTunerStartupDaemon] "d:\program files\rivatuner v2.24\RivaTuner.exe" /S dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\akaiki~1\startm~1\programs\startup\rivatu~1.lnk - d:\program files\rivatuner v2.24\RivaTuner.exe uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) uPolicies-explorer: NoSMMyDocs = 1 (0x1) uPolicies-explorer: NoSMMyPictures = 1 (0x1) uPolicies-explorer: NoSMHelp = 1 (0x1) uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) mPolicies-system: DisableCAD = 1 (0x1) dPolicies-explorer: ForceClassicControlPanel = 1 (0x1) dPolicies-explorer: NoSMMyDocs = 1 (0x1) dPolicies-explorer: NoSMMyPictures = 1 (0x1) dPolicies-explorer: NoSMHelp = 1 (0x1) dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15110/CTPID.cab Notify: AtiExtEvent - Ati2evxx.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\akaiki~1\applic~1\mozilla\firefox\profiles\s3atc122.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\documents and settings\akaikishi\application data\mozilla\firefox\profiles\s3atc122.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll FF - plugin: c:\program files\windows media player\npdrmv2.dll FF - plugin: c:\program files\windows media player\npdsplay.dll FF - plugin: c:\program files\windows media player\npwmsdrm.dll ---- FIREFOX POLICIES ---- d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R2 McAfeeFramework;McAfee Framework Service;d:\program files\mcafee\common framework\FrameworkService.exe [2009-12-7 104000] R2 McShield;McAfee McShield;d:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-1-27 144704] R2 McTaskManager;McAfee Task Manager;d:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-1-27 54608] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-12-7 99416] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-12-7 555096] R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2009-12-7 18904] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-12-7 566360] R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-12-7 73512] R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-12-7 34408] R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-12-7 177864] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-12-7 99416] S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files\common files\creative labs shared\service\DDLLicensing.exe [2009-12-7 79360] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-12-7 555096] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-12-7 100952] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-12-7 100952] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-12-7 566360] =============== Created Last 30 ================ 2009-12-08 03:10:54 1080 ----a-w- c:\windows\system32\settingsbkup.sfm 2009-12-08 03:10:54 1080 ----a-w- c:\windows\system32\settings.sfm 2009-12-08 03:02:50 0 d-----w- c:\docume~1\akaiki~1\applic~1\GarageGames 2009-12-08 02:42:09 0 d-----w- d:\program files\RivaTuner v2.24 2009-12-08 02:19:12 218624 ----a-w- c:\windows\system32\uxtheme.uxtender 2009-12-08 02:06:59 7062 ----a-w- c:\windows\system32\audiopid.vxd 2009-12-08 01:42:36 33552 ----a-w- c:\windows\system32\BMXCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx 2009-12-08 01:42:36 33552 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx 2009-12-08 01:42:36 32976 ----a-w- c:\windows\system32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx 2009-12-08 01:42:36 32976 ----a-w- c:\windows\system32\BMXState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx 2009-12-08 01:42:36 11564 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx 2009-12-08 01:42:27 4932846 ------w- c:\windows\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK 2009-12-08 01:39:44 0 d-----w- c:\program files\common files\Creative Labs Shared 2009-12-08 01:39:37 61440 ------w- c:\windows\system32\CTChkAud.dll 2009-12-08 01:39:37 6010 ------w- c:\windows\system32\CTOPT352.cat 2009-12-08 01:39:37 171680 ------w- c:\windows\system32\CTOPT352.dll 2009-12-08 01:37:29 65536 ------w- c:\windows\system32\ctdvda32.dll 2009-12-08 01:37:29 1746360 ------w- c:\windows\system32\CTAA1.DAT 2009-12-08 01:31:47 7572224 ------w- c:\windows\system32\CT8MGM.SF2 2009-12-08 01:31:47 4174814 ------w- c:\windows\system32\CT4MGM.SF2 2009-12-08 01:31:47 0 d-----w- c:\windows\system32\Defaults 2009-12-08 01:31:14 4932846 ----a-w- c:\windows\{00000005-00000000-00000002-00001102-00000004-20021102}.CDF 2009-12-08 01:31:07 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2009-12-08 01:31:07 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2009-12-08 01:30:46 0 d-----w- d:\program files\Creative 2009-12-08 01:30:46 0 d-----w- c:\windows\system32\Data 2009-12-08 01:28:35 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys 2009-12-08 01:28:35 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys 2009-12-08 01:28:20 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys 2009-12-08 01:28:20 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys 2009-12-08 01:28:19 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys 2009-12-08 01:28:19 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys 2009-12-08 01:14:56 60800 -c--a-w- c:\windows\system32\dllcache\sysaudio.sys 2009-12-08 00:30:17 189528 ----a-w- c:\windows\system32\drivers\haP17v2k.sys 2009-12-07 22:46:36 0 d-----w- d:\program files\Spybot - Search & Destroy 2009-12-07 22:46:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-12-07 18:34:00 887724 ----a-w- c:\windows\system32\ativva6x.dat 2009-12-07 18:34:00 7167 ----a-w- c:\windows\system32\atifglpf.xml 2009-12-07 18:34:00 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll 2009-12-07 18:33:59 18618 ----a-w- c:\windows\atiogl.xml 2009-12-07 18:33:58 311296 ----a-w- c:\windows\system32\atiiiexx.dll 2009-12-07 18:33:58 3 ----a-w- c:\windows\system32\ativva5x.dat 2009-12-07 18:33:58 195855 ----a-w- c:\windows\system32\atiicdxx.dat 2009-12-07 18:33:33 0 d-----w- d:\program files\ATI Technologies 2009-12-07 18:29:29 0 d-sh--w- c:\documents and settings\akaikishi\PrivacIE 2009-12-07 18:26:49 0 d-sh--w- c:\documents and settings\akaikishi\IETldCache 2009-12-07 18:24:53 0 d-----w- c:\windows\ie8updates 2009-12-07 18:24:50 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2009-12-07 18:24:50 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2009-12-07 18:24:50 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-12-07 18:24:50 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-12-07 18:24:50 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-12-07 18:24:50 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-12-07 18:23:57 0 dc-h--w- c:\windows\ie8 2009-12-07 12:15:14 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2009-12-07 12:15:14 272128 ------w- c:\windows\system32\drivers\bthport.sys 2009-12-07 12:02:23 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2009-12-07 11:59:25 0 d-----w- d:\program files\Seagate 2009-12-07 11:59:17 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-12-07 11:59:17 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2009-12-07 11:59:16 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-12-07 11:57:05 0 d-sh--w- c:\documents and settings\akaikishi\UserData 2009-12-07 11:56:06 0 d-----w- d:\program files\ATI 2009-12-07 11:55:52 14048 ------w- c:\windows\system32\spmsg2.dll 2009-12-07 11:54:50 0 d-----w- c:\windows\system32\PreInstall 2009-12-07 11:54:49 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-12-07 11:54:48 0 d--h--w- c:\windows\$hf_mig$ 2009-12-07 11:54:35 0 d-----w- C:\ATI 2009-12-07 11:50:51 0 d-----w- c:\windows\system32\SoftwareDistribution 2009-12-07 11:45:46 280 ----a-w- c:\windows\system32\epoPGPsdk.dll.sig 2009-12-07 11:45:33 73512 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-12-07 11:45:33 65000 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2009-12-07 11:45:33 52168 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2009-12-07 11:45:33 34408 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-12-07 11:45:33 177864 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-12-07 11:45:28 0 d-----w- d:\program files\McAfee 2009-12-07 11:45:28 0 d-----w- c:\program files\common files\McAfee 2009-12-07 11:43:03 0 d-----w- c:\windows\system32\appmgmt 2009-12-07 11:39:44 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-12-07 11:39:44 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-12-07 11:39:44 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll 2009-12-07 11:39:44 0 d-----w- c:\program files\common files\Cisco Systems 2009-12-07 11:34:08 0 d-----w- d:\program files\windows nt 2009-12-07 11:34:08 0 d-----w- d:\program files\msn gaming zone 2009-12-07 11:33:12 0 d-----w- c:\program files\common files\Wise Installation Wizard 2009-12-07 11:32:57 118784 ----a-r- c:\windows\system32\Msstdfmt.dll 2009-12-07 11:32:57 1066176 ----a-w- c:\windows\system32\Mscomctl.ocx 2009-12-07 11:32:56 6080 ----a-w- c:\windows\system32\drivers\zntport.sys 2009-12-07 11:32:56 46080 ----a-r- c:\windows\system32\itevio.dll 2009-12-07 11:32:56 112 ----a-w- c:\windows\system32\drivers\a.bat 2009-12-07 11:32:56 102912 ----a-r- c:\windows\system32\Ntport.dll 2009-12-07 11:32:56 0 d-----w- d:\program files\ITE 2009-12-07 11:32:56 0 d-----w- c:\windows\SysWow64 2009-12-07 11:32:19 0 d-----w- d:\program files\Marvell 2009-12-07 11:32:11 0 d-----w- c:\program files\common files\InstallShield 2009-12-07 11:30:47 0 d-----w- c:\windows\system32\ReinstallBackups 2009-12-07 11:30:27 0 d-----w- C:\Intel 2009-12-07 11:16:57 0 d-----w- c:\windows\system32\NtmsData 2009-12-07 05:24:24 0 d-sh--w- c:\documents and settings\all users\DRM 2009-12-07 05:23:46 0 d-----w- c:\program files\common files\MSSoap 2009-12-07 00:18:10 0 d-----w- c:\program files\common files\ODBC 2009-12-07 00:18:08 0 d-----w- c:\program files\common files\SpeechEngines 2009-12-07 00:16:54 0 d-----r- c:\documents and settings\all users\Documents ==================== Find3M ==================== 2009-12-08 02:19:12 218624 ----a-w- c:\windows\system32\uxtheme.dll 2009-12-07 05:22:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-04 16:15:30 4423168 ----a-w- c:\windows\system32\drivers\ati2mtag.sys 2009-11-04 15:44:14 300032 ----a-w- c:\windows\system32\ati2dvag.dll 2009-11-04 15:29:44 204800 ----a-w- c:\windows\system32\atipdlxx.dll 2009-11-04 15:29:28 155648 ----a-w- c:\windows\system32\Oemdspif.dll 2009-11-04 15:29:16 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe 2009-11-04 15:29:08 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2009-11-04 15:28:54 155648 ----a-w- c:\windows\system32\ati2evxx.dll 2009-11-04 15:27:40 602112 ----a-w- c:\windows\system32\ati2evxx.exe 2009-11-04 15:26:18 53248 ----a-w- c:\windows\system32\ATIDDC.DLL 2009-11-04 15:18:50 3518304 ----a-w- c:\windows\system32\ati3duag.dll 2009-11-04 15:17:48 13000704 ----a-w- c:\windows\system32\atioglxx.dll 2009-11-04 15:05:10 2135680 ----a-w- c:\windows\system32\ativvaxx.dll 2009-11-04 14:51:08 65024 ----a-w- c:\windows\system32\atimpc32.dll 2009-11-04 14:51:08 65024 ----a-w- c:\windows\system32\amdpcom32.dll 2009-11-04 14:47:16 565248 ----a-w- c:\windows\system32\atikvmag.dll 2009-11-04 14:46:58 45056 ----a-w- c:\windows\system32\aticalrt.dll 2009-11-04 14:46:44 45056 ----a-w- c:\windows\system32\aticalcl.dll 2009-11-04 14:45:30 172032 ----a-w- c:\windows\system32\atiadlxx.dll 2009-11-04 14:45:08 3526656 ----a-w- c:\windows\system32\aticaldd.dll 2009-11-04 14:45:04 17408 ----a-w- c:\windows\system32\atitvo32.dll 2009-11-04 14:44:48 397312 ----a-w- c:\windows\system32\atiok3x2.dll 2009-11-04 14:44:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2009-11-04 14:39:26 638976 ----a-w- c:\windows\system32\ati2cqag.dll 2009-10-02 21:19:30 623962 ----a-w- c:\windows\system32\UDAAIM32.exe 2009-09-23 21:19:34 43520 ----a-w- c:\windows\system32\CTBurst.dll 2009-09-23 21:19:16 11776 ----a-w- c:\windows\system32\inres.dll 2009-09-23 21:19:16 11776 ----a-w- c:\windows\INRES.DLL 2009-09-23 21:19:12 86528 ----a-w- c:\windows\system32\ctcoinst.dll 2009-09-23 21:19:12 182272 ----a-w- c:\windows\system32\ctdvinst.dll 2009-09-23 21:18:08 10752 ----a-w- c:\windows\system32\a3d.dll 2009-09-23 21:06:36 51787 ----a-w- c:\windows\system32\ctdlang.dat 2009-09-23 21:06:36 386852 ----a-w- c:\windows\system32\ctdnlstr.dat 2009-09-23 21:06:00 196096 ----a-w- c:\windows\system32\ctemupia.dll 2009-09-23 21:03:28 176128 ----a-w- c:\windows\system32\ct_oal.dll 2009-09-23 21:03:26 46592 ----a-w- c:\windows\system32\ctasio.dll 2009-09-23 21:03:22 49152 ----a-w- c:\windows\system32\ctdproxy.dll 2009-09-23 21:03:04 69632 ----a-w- c:\windows\system32\ctosuser.dll 2009-09-23 21:03:02 6144 ----a-w- c:\windows\system32\sfman32.dll 2009-09-23 21:02:58 125952 ----a-w- c:\windows\system32\sfms32.dll 2009-09-23 21:02:54 13312 ----a-w- c:\windows\system32\regplib.exe 2009-09-23 21:02:52 64512 ----a-w- c:\windows\system32\piaproxy.dll 2009-09-23 21:01:54 149838 ----a-w- c:\windows\system32\ctbas2w.dat 2009-09-23 21:00:24 274587 ----a-w- c:\windows\system32\ctsbas2w.dat 2009-09-23 20:59:38 53932 ----a-w- c:\windows\system32\ctdaught.dat 2009-09-23 20:59:36 313207 ----a-w- c:\windows\system32\ctstatic.dat 2009-09-23 20:59:34 5120 ----a-w- c:\windows\system32\enlocstr.exe 2009-09-23 20:59:30 10240 ----a-w- c:\windows\system32\killapps.exe 2009-09-23 20:59:10 28672 ----a-w- c:\windows\system32\MIDIDEF.EXE 2009-09-23 20:59:08 33792 ----a-w- c:\windows\system32\devreg.dll 2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll ============= FINISH: 23:43:53.56 ===============
Attached File(s)
Attach.txt ( 6.69k )
Number of downloads: 0
ark.txt ( 860bytes )
Number of downloads: 1
hijackthis.log ( 5.18k )
Number of downloads: 0 |
 |
 
|
|
Dec 20 2009, 06:54 PM
Post
#2
|
|
 W.A.M. (Women Against Malware) Group: Malware Response Team Posts: 5,430 Joined: 3-January 05 From: South Carolina, USA Member No.: 8,530 |
Welcome to the BleepingComputer Forums.
Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please:
-------------------- You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators) Malware Removal University Masters Graduate  Join The Fight Against Malware No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed. |
|
|
|
|
Dec 21 2009, 03:26 PM
Post
#3
|
|
|
New Member Group: Members Posts: 2 Joined: 7-December 09 Member No.: 413,624 |
I guess you don't need the info.txt output.
The log.txt is below. ------------------------------ Logfile of random's system information tool 1.06 (written by random/random) Run by AkaiKishi at 2009-12-21 15:11:20 Microsoft Windows XP Professional Service Pack 3 System drive C: has 33 GB (83%) free of 40 GB Total RAM: 3326 MB (82% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:11:28 PM, on 12/21/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\WINDOWS\Explorer.EXE D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE D:\Program Files\McAfee\Common Framework\UdaterUI.exe D:\Program Files\ITE\Smart Guardian\ITESMART.exe C:\WINDOWS\system32\CTHELPER.EXE D:\Program Files\Creative\DVDAudio\CTDVDDET.EXE D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\Logitech\SetPoint\SetPoint.exe D:\Program Files\Logitech\SetPoint II\SetpointII.exe D:\Program Files\RivaTuner v2.24\RivaTuner.exe D:\Program Files\McAfee\Common Framework\FrameworkService.exe D:\Program Files\McAfee\Common Framework\McTray.exe D:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE D:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\AkaiKishi\Desktop\RSIT.exe D:\Program Files\trend micro\AkaiKishi.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/ O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [SmartGuardian] D:\Program Files\ITE\Smart Guardian\ITESMART.exe O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTDVDDET] "D:\Program Files\Creative\DVDAudio\CTDVDDET.EXE" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: RivaTuner.lnk = D:\Program Files\RivaTuner v2.24\RivaTuner.exe O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: SetPointII.lnk = ? O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - D:\Program Files\Creative\Shared Files\CTAudSvc.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- End of file - 6270 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - D:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll [2009-01-27 58688] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168] "ShStatEXE"=D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2009-01-27 111952] "McAfeeUpdaterUI"=D:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768] "SmartGuardian"=D:\Program Files\ITE\Smart Guardian\ITESMART.exe [2008-01-11 204800] "StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-04 98304] "CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2009-09-23 19456] "CTDVDDET"=D:\Program Files\Creative\DVDAudio\CTDVDDET.EXE [2003-06-18 45056] "RivaTunerStartupDaemon"=D:\Program Files\RivaTuner v2.24\RivaTuner.exe [2009-08-22 2781184] "Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824] "Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe SetPointII.lnk - D:\Program Files\Logitech\SetPoint II\SetpointII.exe C:\Documents and Settings\AkaiKishi\Start Menu\Programs\Startup RivaTuner.lnk - D:\Program Files\RivaTuner v2.24\RivaTuner.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2009-11-04 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableCAD"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "ForceClassicControlPanel"=1 "NoSMMyDocs"=1 "NoSMMyPictures"=1 "NoSMHelp"=1 "NoSMConfigurePrograms"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\Program Files\McAfee\Common Framework\FrameworkService.exe"="D:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "D:\Games\Steam\Steam.exe"="D:\Games\Steam\Steam.exe:*:Enabled:Steam" "D:\Games\Steam\steamapps\akaikishi\team fortress 2\hl2.exe"="D:\Games\Steam\steamapps\akaikishi\team fortress 2\hl2.exe:*:Enabled:hl2" "D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "D:\Games\Steam\steamapps\common\left 4 dead\left4dead.exe"="D:\Games\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead" "D:\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="D:\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a6b2e8e-ed77-11de-a409-000129a407a6}] shell\AutoRun\command - G:\AllwaySync'n'Go.exe -autorun ======List of files/folders created in the last 1 months====== 2009-12-21 15:11:20 ----D---- D:\Program Files\trend micro 2009-12-21 15:11:20 ----D---- C:\rsit 2009-12-18 22:52:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2009-12-16 17:44:09 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\vlc 2009-12-16 17:43:29 ----D---- D:\Program Files\VideoLAN 2009-12-14 20:54:32 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2009-12-13 23:10:34 ----D---- C:\WINDOWS\RegisteredPackages 2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\px.dll 2009-12-13 23:10:06 ----D---- D:\Program Files\Winamp 2009-12-13 23:10:06 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Winamp 2009-12-13 23:00:40 ----D---- D:\Program Files\uTorrent 2009-12-13 22:59:58 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\uTorrent 2009-12-13 21:58:06 ----D---- D:\Program Files\PeerGuardian2 2009-12-13 21:28:06 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Amazon 2009-12-13 21:16:09 ----D---- D:\Program Files\Amazon 2009-12-08 23:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-08 23:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-08 23:17:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-12-08 23:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-08 23:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-08 23:16:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ 2009-12-08 17:20:51 ----D---- C:\Program Files\Common Files\Adobe AIR 2009-12-08 17:20:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-12-08 17:20:28 ----D---- D:\Program Files\Adobe 2009-12-08 17:20:28 ----D---- C:\Program Files\Common Files\Adobe 2009-12-08 06:59:29 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Logitech 2009-12-08 06:57:14 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Leadertech 2009-12-08 06:57:08 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd 2009-12-08 06:56:10 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$ 2009-12-08 06:55:44 ----A---- C:\WINDOWS\system32\BtCoreIf.dll 2009-12-08 06:55:42 ----A---- C:\WINDOWS\system32\KemXML.dll 2009-12-08 06:55:42 ----A---- C:\WINDOWS\system32\KemWnd.dll 2009-12-08 06:55:42 ----A---- C:\WINDOWS\system32\KemUtil.dll 2009-12-08 06:55:42 ----A---- C:\WINDOWS\system32\kemutb.dll 2009-12-08 06:55:30 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech 2009-12-08 06:55:26 ----D---- C:\Program Files\Common Files\Logishrd 2009-12-08 06:55:25 ----D---- D:\Program Files\Logitech 2009-12-07 23:44:55 ----A---- C:\RootRepeal report 12-07-09 (23-44-55).txt 2009-12-07 22:02:50 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\GarageGames 2009-12-07 21:42:09 ----D---- D:\Program Files\RivaTuner v2.24 2009-12-07 21:38:35 ----D---- D:\Program Files\Microsoft Silverlight 2009-12-07 21:36:59 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Macromedia 2009-12-07 21:36:59 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Adobe 2009-12-07 21:34:51 ----D---- C:\Documents and Settings\All Users\Application Data\NOS 2009-12-07 21:07:01 ----A---- C:\CTSUFile.txt 2009-12-07 20:42:27 ----A---- C:\WINDOWS\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK 2009-12-07 20:39:53 ----D---- C:\Documents and Settings\All Users\Application Data\Creative 2009-12-07 20:39:44 ----D---- C:\Program Files\Common Files\Creative Labs Shared 2009-12-07 20:39:37 ----N---- C:\WINDOWS\system32\CTOPT352.dll 2009-12-07 20:39:37 ----N---- C:\WINDOWS\system32\CTChkAud.dll 2009-12-07 20:37:29 ----N---- C:\WINDOWS\system32\ctdvda32.dll 2009-12-07 20:31:47 ----D---- C:\WINDOWS\system32\Defaults 2009-12-07 20:31:07 ----A---- C:\WINDOWS\system32\wrap_oal.dll 2009-12-07 20:31:07 ----A---- C:\WINDOWS\system32\OpenAL32.dll 2009-12-07 20:31:06 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Creative 2009-12-07 20:30:46 ----D---- D:\Program Files\Creative 2009-12-07 20:30:46 ----D---- C:\WINDOWS\system32\Data 2009-12-07 20:14:32 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-12-07 20:10:50 ----D---- D:\Program Files\7-Zip 2009-12-07 19:30:15 ----A---- C:\WINDOWS\system32\UDAWRP32.dll 2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\udapld32.dll 2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\UDAAPO32.dll 2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\sfms32.dll 2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\sfman32.dll 2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\piaproxy.dll 2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\inres.dll 2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\eaxac3.dll 2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\devreg.dll 2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\ctthxcal.dll 2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\ctspkhlp.dll 2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\ct_oal.dll 2009-12-07 19:30:14 ----A---- C:\WINDOWS\INRES.DLL 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctsfinst.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctscal.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctpres.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\CTpcmcia.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctosuser.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctmmep.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctmmactl.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctemupia.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctdvinst.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctdproxy.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctdcres.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctdcifce.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctdc0001.dll 2009-12-07 19:30:13 ----A---- C:\WINDOWS\CTPRES.DLL 2009-12-07 19:30:13 ----A---- C:\WINDOWS\CTDCRES.DLL 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\UDAAIM32.exe 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\regplib.exe 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\readreg.exe 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\psconv.exe 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\OALInst.exe 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\MIDIDEF.EXE 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\killapps.exe 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\enlocstr.exe 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\DKDrvHlp.exe 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\ctdc0000.dll 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\ctcoinst.dll 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\CTBurst.dll 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\ctasio.dll 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\ctagent.dll 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\ac3api.dll 2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\a3d.dll 2009-12-07 19:30:11 ----N---- C:\WINDOWS\system32\AddCat.exe 2009-12-07 19:30:11 ----A---- C:\WINDOWS\system32\ctpxst32.exe 2009-12-07 19:30:11 ----A---- C:\WINDOWS\system32\CtHelper.exe 2009-12-07 19:30:10 ----A---- C:\WINDOWS\system32\kill.ini 2009-12-07 19:30:10 ----A---- C:\WINDOWS\system32\instwdm.ini 2009-12-07 19:30:10 ----A---- C:\WINDOWS\system32\ctzapxx.ini 2009-12-07 17:46:36 ----D---- D:\Program Files\Spybot - Search & Destroy 2009-12-07 17:46:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-12-07 17:41:10 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Mozilla 2009-12-07 17:37:51 ----A---- C:\Win-Files.txt 2009-12-07 17:23:51 ----D---- D:\Program Files\Mozilla Firefox 2009-12-07 17:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\ATI 2009-12-07 17:21:28 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\ATI 2009-12-07 13:34:00 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll 2009-12-07 13:33:58 ----A---- C:\WINDOWS\system32\atiiiexx.dll 2009-12-07 13:33:33 ----D---- D:\Program Files\ATI Technologies 2009-12-07 13:25:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-12-07 13:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-12-07 13:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-12-07 13:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-12-07 13:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-12-07 13:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2009-12-07 13:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$ 2009-12-07 13:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2009-12-07 13:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2009-12-07 13:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-12-07 13:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$ 2009-12-07 13:24:53 ----D---- C:\WINDOWS\ie8updates 2009-12-07 13:24:42 ----D---- C:\WINDOWS\WBEM 2009-12-07 13:23:57 ----HDC---- C:\WINDOWS\ie8 2009-12-07 13:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-12-07 13:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-12-07 13:22:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-12-07 13:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2009-12-07 13:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-12-07 13:22:33 ----A---- C:\WINDOWS\system32\MRT.exe 2009-12-07 13:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-12-07 13:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2009-12-07 13:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-12-07 13:22:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-12-07 13:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-12-07 13:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-12-07 13:22:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-12-07 13:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2009-12-07 13:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-12-07 13:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2009-12-07 13:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-12-07 13:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$ 2009-12-07 13:21:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-12-07 13:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2009-12-07 13:21:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-12-07 13:21:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-12-07 13:21:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-12-07 13:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-12-07 13:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-12-07 13:20:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-12-07 13:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-12-07 13:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-12-07 13:20:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-12-07 13:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-12-07 13:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$ 2009-12-07 13:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-12-07 13:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-12-07 13:20:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$ 2009-12-07 13:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-12-07 13:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-12-07 13:20:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-12-07 13:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ 2009-12-07 13:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2009-12-07 13:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-12-07 13:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$ 2009-12-07 06:59:25 ----D---- D:\Program Files\Seagate 2009-12-07 06:56:58 ----SHD---- C:\RECYCLER 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\Oemdspif.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ativvaxx.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ativcoxx.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\atitvo32.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\atiok3x2.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\atioglxx.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ATIODCLI.exe 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\atimpc32.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ATIDDC.DLL 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\aticalrt.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\aticaldd.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\aticalcl.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\atibtmon.exe 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ati3duag.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ati2evxx.exe 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ati2evxx.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ati2edxx.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ati2dvag.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ati2cqag.dll 2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\amdpcom32.dll 2009-12-07 06:56:22 ----A---- C:\WINDOWS\system32\atipdlxx.dll 2009-12-07 06:56:22 ----A---- C:\WINDOWS\system32\ATIODE.exe 2009-12-07 06:56:22 ----A---- C:\WINDOWS\system32\atikvmag.dll 2009-12-07 06:56:22 ----A---- C:\WINDOWS\system32\atiadlxx.dll 2009-12-07 06:56:11 ----D---- D:\Program Files\MSBuild 2009-12-07 06:56:09 ----D---- C:\WINDOWS\system32\XPSViewer 2009-12-07 06:56:06 ----D---- D:\Program Files\Reference Assemblies 2009-12-07 06:56:06 ----D---- D:\Program Files\ATI 2009-12-07 06:55:52 ----N---- C:\WINDOWS\system32\spmsg2.dll 2009-12-07 06:55:27 ----RSD---- C:\WINDOWS\assembly 2009-12-07 06:55:14 ----D---- C:\WINDOWS\Microsoft.NET 2009-12-07 06:54:50 ----D---- C:\WINDOWS\system32\PreInstall 2009-12-07 06:54:49 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-12-07 06:54:49 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-12-07 06:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2009-12-07 06:54:48 ----HD---- C:\WINDOWS\$hf_mig$ 2009-12-07 06:54:35 ----D---- C:\ATI 2009-12-07 06:50:51 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-12-07 06:45:46 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee 2009-12-07 06:45:46 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll.sig 2009-12-07 06:45:28 ----D---- D:\Program Files\McAfee 2009-12-07 06:45:28 ----D---- C:\Program Files\Common Files\McAfee 2009-12-07 06:43:03 ----D---- C:\WINDOWS\system32\appmgmt 2009-12-07 06:39:44 ----D---- C:\Program Files\Common Files\Cisco Systems 2009-12-07 06:39:44 ----A---- C:\WINDOWS\system32\msvcr71.dll 2009-12-07 06:39:44 ----A---- C:\WINDOWS\system32\msvcp71.dll 2009-12-07 06:39:44 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll 2009-12-07 06:34:09 ----D---- D:\Program Files\xerox 2009-12-07 06:34:09 ----D---- D:\Program Files\outlook express 2009-12-07 06:34:09 ----D---- D:\Program Files\movie maker 2009-12-07 06:34:08 ----D---- D:\Program Files\windows nt 2009-12-07 06:34:08 ----D---- D:\Program Files\windows media player 2009-12-07 06:34:08 ----D---- D:\Program Files\netmeeting 2009-12-07 06:34:08 ----D---- D:\Program Files\msn gaming zone 2009-12-07 06:34:08 ----D---- D:\Program Files\microsoft frontpage 2009-12-07 06:34:08 ----D---- D:\Program Files\internet explorer 2009-12-07 06:33:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-12-07 06:32:57 ----RA---- C:\WINDOWS\system32\Msstdfmt.dll 2009-12-07 06:32:56 ----RA---- C:\WINDOWS\system32\Ntport.dll 2009-12-07 06:32:56 ----RA---- C:\WINDOWS\system32\itevio.dll 2009-12-07 06:32:56 ----HD---- D:\Program Files\InstallShield Installation Information 2009-12-07 06:32:56 ----D---- D:\Program Files\ITE 2009-12-07 06:32:56 ----D---- C:\WINDOWS\SysWow64 2009-12-07 06:32:43 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\InstallShield 2009-12-07 06:32:19 ----D---- D:\Program Files\Marvell 2009-12-07 06:32:11 ----D---- C:\Program Files\Common Files\InstallShield 2009-12-07 06:30:47 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-12-07 06:30:46 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-12-07 06:30:27 ----D---- C:\Intel 2009-12-07 06:16:57 ----D---- C:\WINDOWS\system32\NtmsData 2009-12-07 00:28:08 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Identities 2009-12-07 00:28:02 ----SD---- C:\Documents and Settings\AkaiKishi\Application Data\Microsoft 2009-12-07 00:28:02 ----ASH---- C:\Documents and Settings\AkaiKishi\Application Data\desktop.ini 2009-12-07 00:28:01 ----SHD---- C:\WINDOWS\CSC 2009-12-07 00:27:58 ----D---- C:\WINDOWS\SoftwareDistribution 2009-12-07 00:27:56 ----D---- C:\WINDOWS\Prefetch 2009-12-07 00:27:55 ----SD---- C:\WINDOWS\system32\Microsoft 2009-12-07 00:27:55 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-12-07 00:25:10 ----D---- C:\WINDOWS\system32\xircom 2009-12-07 00:25:00 ----A---- C:\WINDOWS\control.ini 2009-12-07 00:25:00 ----A---- C:\AUTOEXEC.BAT 2009-12-07 00:24:53 ----A---- C:\WINDOWS\OEWABLog.txt 2009-12-07 00:24:50 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-12-07 00:24:19 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-12-07 00:24:19 ----RD---- C:\WINDOWS\Offline Web Pages 2009-12-07 00:24:19 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-12-07 00:24:16 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-12-07 00:24:00 ----D---- C:\WINDOWS\system32\DirectX 2009-12-07 00:23:57 ----A---- C:\WINDOWS\system32\atrace.dll 2009-12-07 00:23:55 ----A---- C:\WINDOWS\system32\desktop.ini 2009-12-07 00:23:55 ----A---- C:\WINDOWS\desktop.ini 2009-12-07 00:23:50 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2009-12-07 00:23:49 ----D---- C:\Program Files\Common Files\Services 2009-12-07 00:23:49 ----A---- C:\WINDOWS\system32\acctres.dll 2009-12-07 00:23:47 ----SD---- C:\WINDOWS\Tasks 2009-12-07 00:23:47 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2009-12-07 00:23:46 ----D---- C:\Program Files\Common Files\MSSoap 2009-12-07 00:23:43 ----D---- C:\WINDOWS\system32\Macromed 2009-12-07 00:23:43 ----D---- C:\WINDOWS\srchasst 2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wups.dll 2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-12-07 00:23:40 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-12-07 00:23:40 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-12-07 00:23:40 ----A---- C:\WINDOWS\system32\qmgr.dll 2009-12-07 00:23:40 ----A---- C:\WINDOWS\system32\bitsprx4.dll 2009-12-07 00:23:40 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-12-07 00:23:40 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-12-07 00:23:27 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-12-07 00:23:27 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-12-07 00:23:27 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-12-07 00:23:27 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-12-07 00:23:25 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-12-07 00:23:25 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-12-07 00:23:24 ----D---- C:\WINDOWS\system32\Restore 2009-12-07 00:23:24 ----A---- C:\WINDOWS\system32\srsvc.dll 2009-12-07 00:23:24 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-12-07 00:23:24 ----A---- C:\WINDOWS\system32\srclient.dll 2009-12-07 00:23:24 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-12-07 00:23:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-12-07 00:23:24 ----A---- C:\WINDOWS\system32\ils.dll 2009-12-07 00:23:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-12-07 00:23:23 ----A---- C:\WINDOWS\system32\msconf.dll 2009-12-07 00:23:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-12-07 00:23:21 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-12-07 00:23:21 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-12-07 00:23:21 ----A---- C:\WINDOWS\system32\inetres.dll 2009-12-07 00:23:20 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\schedsvc.dll 2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\mstask.dll 2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\isign32.dll 2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-12-07 00:23:15 ----D---- C:\Program Files\Common Files\System 2009-12-07 00:22:48 ----A---- C:\WINDOWS\vbaddin.ini 2009-12-07 00:22:48 ----A---- C:\WINDOWS\vb.ini 2009-12-07 00:22:45 ----D---- C:\WINDOWS\Registration 2009-12-07 00:22:32 ----A---- C:\WINDOWS\system32\write.exe 2009-12-07 00:22:26 ----A---- C:\WINDOWS\system32\winchat.exe 2009-12-07 00:22:26 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-12-07 00:22:26 ----A---- C:\WINDOWS\system32\hticons.dll 2009-12-07 00:22:26 ----A---- C:\WINDOWS\system32\avwav.dll 2009-12-07 00:22:26 ----A---- C:\WINDOWS\system32\avtapi.dll 2009-12-07 00:22:26 ----A---- C:\WINDOWS\system32\avmeter.dll 2009-12-07 00:22:21 ----A---- C:\WINDOWS\system32\winmine.exe 2009-12-07 00:22:21 ----A---- C:\WINDOWS\system32\sol.exe 2009-12-07 00:22:21 ----A---- C:\WINDOWS\system32\getuname.dll 2009-12-07 00:22:21 ----A---- C:\WINDOWS\system32\charmap.exe 2009-12-07 00:22:21 ----A---- C:\WINDOWS\system32\calc.exe 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\tskill.exe 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\tscon.exe 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\shadow.exe 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\reset.exe 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\regini.exe 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\freecell.exe 2009-12-07 00:22:19 ----A---- C:\WINDOWS\system32\msg.exe 2009-12-07 00:22:19 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-12-07 00:22:19 ----A---- C:\WINDOWS\system32\logoff.exe 2009-12-07 00:22:19 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-12-07 00:22:14 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-12-07 00:22:07 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-12-07 00:22:07 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-12-07 00:22:07 ----A---- C:\WINDOWS\system32\hypertrm.dll 2009-12-07 00:22:07 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-12-07 00:22:06 ----A---- C:\WINDOWS\system32\spider.exe 2009-12-07 00:22:06 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-12-07 00:22:06 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-12-07 00:22:05 ----D---- C:\WINDOWS\system32\en-US 2009-12-07 00:22:05 ----A---- C:\WINDOWS\system32\tsgqec.dll 2009-12-07 00:22:05 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-12-07 00:22:05 ----A---- C:\WINDOWS\system32\rhttpaa.dll 2009-12-07 00:22:05 ----A---- C:\WINDOWS\system32\aaclient.dll 2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\termsrv.dll 2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-12-07 00:22:03 ----D---- C:\WINDOWS\system32\MsDtc 2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-12-07 00:22:02 ----D---- C:\WINDOWS\system32\Com 2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\colbact.dll 2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\stclient.dll 2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-12-07 00:22:00 ----A---- C:\WINDOWS\system32\comuid.dll 2009-12-07 00:22:00 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-12-07 00:22:00 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-12-07 00:21:56 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-12-07 00:21:56 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-12-07 00:21:56 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-12-07 00:21:56 ----A---- C:\WINDOWS\system32\cmprops.dll 2009-12-06 19:21:15 ----A---- C:\WINDOWS\system32\h323log.txt 2009-12-06 19:20:54 ----A---- C:\WINDOWS\system32\hidserv.dll 2009-12-06 19:18:49 ----A---- C:\WINDOWS\system32\usbui.dll 2009-12-06 19:18:12 ----A---- C:\WINDOWS\imsins.BAK 2009-12-06 19:18:10 ----SHD---- C:\WINDOWS\Installer 2009-12-06 19:18:10 ----D---- C:\Program Files\Common Files\ODBC 2009-12-06 19:18:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-06 19:18:10 ----A---- C:\WINDOWS\ODBCINST.INI 2009-12-06 19:18:08 ----D---- C:\Program Files\Common Files\SpeechEngines 2009-12-06 19:18:07 ----RD---- C:\Program Files 2009-12-06 19:18:07 ----D---- C:\Program Files\Common Files\Microsoft Shared 2009-12-06 19:18:04 ----A---- C:\WINDOWS\system32\uniime.dll 2009-12-06 19:17:57 ----A---- C:\WINDOWS\system32\c_g18030.dll 2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\kbdlk41j.dll 2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\kbdlk41a.dll 2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\kbdibm02.dll 2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\kbdax2.dll 2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\kbd106n.dll 2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\kbd101.dll 2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\f3ahvoas.dll 2009-12-06 19:17:55 ----A---- C:\WINDOWS\system32\imjp81k.dll 2009-12-06 19:17:51 ----A---- C:\WINDOWS\system32\chsbrkr.dll 2009-12-06 19:17:50 ----A---- C:\WINDOWS\system32\korwbrkr.dll 2009-12-06 19:17:50 ----A---- C:\WINDOWS\system32\chtbrkr.dll 2009-12-06 19:17:49 ----A---- C:\WINDOWS\system32\msir3jp.dll 2009-12-06 19:17:36 ----A---- C:\WINDOWS\system32\kbd101a.dll 2009-12-06 19:17:29 ----A---- C:\WINDOWS\system32\kbdnecNT.dll 2009-12-06 19:17:29 ----A---- C:\WINDOWS\system32\kbdnecAT.dll 2009-12-06 19:17:29 ----A---- C:\WINDOWS\system32\kbdnec95.dll 2009-12-06 19:17:14 ----A---- C:\WINDOWS\system32\c_is2022.dll 2009-12-06 19:17:13 ----A---- C:\WINDOWS\system32\kbdkor.dll 2009-12-06 19:17:13 ----A---- C:\WINDOWS\system32\kbdjpn.dll 2009-12-06 19:17:13 ----A---- C:\WINDOWS\system32\kbd106.dll 2009-12-06 19:17:13 ----A---- C:\WINDOWS\system32\kbd103.dll 2009-12-06 19:17:13 ----A---- C:\WINDOWS\system32\kbd101c.dll 2009-12-06 19:17:13 ----A---- C:\WINDOWS\system32\kbd101b.dll 2009-12-06 19:17:11 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2009-12-06 19:17:11 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2009-12-06 19:17:11 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdur.dll 2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdru.dll 2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2009-12-06 19:17:08 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2009-12-06 19:17:08 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2009-12-06 19:17:08 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2009-12-06 19:17:07 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2009-12-06 19:17:07 ----RA---- C:\WINDOWS\system32\kbdest.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdycl.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdsl1.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdsl.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdro.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdpl1.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdpl.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdhu1.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdhu.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdcz2.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdcz1.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdcz.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdcr.dll 2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\KBDAL.DLL 2009-12-06 19:17:03 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-12-06 19:17:03 ----A---- C:\WINDOWS\system32\irclass.dll 2009-12-06 19:17:03 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-12-06 19:17:03 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-12-06 19:17:03 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-12-06 19:17:01 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2009-12-06 19:17:01 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-12-06 19:17:01 ----A---- C:\WINDOWS\system32\batt.dll 2009-12-06 19:17:01 ----A---- C:\WINDOWS\NOTEPAD.EXE 2009-12-06 19:17:00 ----A---- C:\WINDOWS\system32\storprop.dll 2009-12-06 19:16:54 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2009-12-06 19:16:52 ----RA---- C:\WINDOWS\SET8.tmp 2009-12-06 19:16:51 ----RA---- C:\WINDOWS\SET4.tmp 2009-12-06 19:16:49 ----RA---- C:\WINDOWS\SET3.tmp 2009-12-06 19:16:45 ----D---- C:\WINDOWS\system32\CatRoot2 2009-12-06 19:16:45 ----D---- C:\WINDOWS\system32\CatRoot 2009-12-06 19:16:40 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-12-06 19:16:24 ----A---- C:\WINDOWS\setuplog.txt 2009-12-06 19:16:21 ----SHD---- C:\System Volume Information 2009-12-06 19:16:21 ----D---- C:\Documents and Settings 2009-12-06 19:14:28 ----ASH---- C:\boot.ini 2009-12-06 19:12:09 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-12-06 19:12:09 ----RSD---- C:\WINDOWS\Fonts 2009-12-06 19:12:09 ----RD---- C:\WINDOWS\Web 2009-12-06 19:12:09 ----HD---- C:\WINDOWS\inf 2009-12-06 19:12:09 ----D---- C:\WINDOWS\WinSxS 2009-12-06 19:12:09 ----D---- C:\WINDOWS\twain_32 2009-12-06 19:12:09 ----D---- C:\WINDOWS\Temp 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\wins 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\wbem 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\usmt 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\spool 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\ShellExt 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\Setup 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\scripting 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\ras 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\oobe 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\npp 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\mui 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\inetsrv 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\IME 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\icsxml 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\ias 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\export 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\en 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\drivers 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\dhcp 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\config 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\3com_dmi 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\3076 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\2052 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1054 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1042 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1041 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1037 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1033 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1031 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1028 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1025 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32 2009-12-06 19:12:09 ----D---- C:\WINDOWS\system 2009-12-06 19:12:09 ----D---- C:\WINDOWS\security 2009-12-06 19:12:09 ----D---- C:\WINDOWS\Resources 2009-12-06 19:12:09 ----D---- C:\WINDOWS\repair 2009-12-06 19:12:09 ----D---- C:\WINDOWS\Provisioning 2009-12-06 19:12:09 ----D---- C:\WINDOWS\PeerNet 2009-12-06 19:12:09 ----D---- C:\WINDOWS\pchealth 2009-12-06 19:12:09 ----D---- C:\WINDOWS\Network Diagnostic 2009-12-06 19:12:09 ----D---- C:\WINDOWS\mui 2009-12-06 19:12:09 ----D---- C:\WINDOWS\msapps 2009-12-06 19:12:09 ----D---- C:\WINDOWS\msagent 2009-12-06 19:12:09 ----D---- C:\WINDOWS\Media 2009-12-06 19:12:09 ----D---- C:\WINDOWS\L2Schemas 2009-12-06 19:12:09 ----D---- C:\WINDOWS\java 2009-12-06 19:12:09 ----D---- C:\WINDOWS\ime 2009-12-06 19:12:09 ----D---- C:\WINDOWS\Help 2009-12-06 19:12:09 ----D---- C:\WINDOWS\ehome 2009-12-06 19:12:09 ----D---- C:\WINDOWS\Driver Cache 2009-12-06 19:12:09 ----D---- C:\WINDOWS\Debug 2009-12-06 19:12:09 ----D---- C:\WINDOWS\Cursors 2009-12-06 19:12:09 ----D---- C:\WINDOWS\Connection Wizard 2009-12-06 19:12:09 ----D---- C:\WINDOWS\Config 2009-12-06 19:12:09 ----D---- C:\WINDOWS\AppPatch 2009-12-06 19:12:09 ----D---- C:\WINDOWS\addins 2009-12-06 19:12:09 ----D---- C:\WINDOWS ======List of files/folders modified in the last 1 months====== 2009-12-07 21:19:12 ----A---- C:\WINDOWS\system32\uxtheme.dll 2009-12-07 00:25:00 ----A---- C:\WINDOWS\win.ini 2009-12-06 19:18:07 ----A---- C:\WINDOWS\system.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592] R1 mferkdk;VSCore mferkdk; \??\D:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [] R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-01-27 52168] R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384] R2 zntport;NTPort Library Driver; C:\WINDOWS\System32\drivers\zntport.sys [2001-01-22 6080] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-04 4423168] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992] R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2009-09-23 99416] R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2009-09-23 511064] R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2009-09-23 528472] R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2009-09-23 555096] R3 ctgame;Game Port; C:\WINDOWS\system32\DRIVERS\ctgame.sys [2009-09-23 18904] R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2009-09-23 14424] R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2009-09-23 566360] R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2009-09-23 157272] R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2009-09-23 92760] R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2009-09-23 798808] R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2009-09-23 162904] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392] R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560] R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2009-01-27 65000] R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-01-27 73512] R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-01-27 34408] R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-01-27 177864] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2009-09-23 127576] R3 RivaTuner32;RivaTuner32; \??\D:\Program Files\RivaTuner v2.24\RivaTuner32.sys [] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-02 250496] S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2009-09-23 99416] S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2009-09-23 555096] S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2009-09-23 347144] S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2009-09-23 100952] S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2009-09-23 100952] S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2009-09-23 566360] S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2009-09-23 189528] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-04 602112] R2 CTAudSvcService;Creative Audio Service; D:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-12-29 307200] R2 McAfeeFramework;McAfee Framework Service; D:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000] R2 McShield;McAfee McShield; D:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2009-01-27 144704] R2 McTaskManager;McAfee Task Manager; D:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2009-01-27 54608] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2009-12-07 79360] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
|
|
|
|
Dec 21 2009, 03:53 PM
Post
#4
|
|
|
W.A.M. (Women Against Malware) Group: Malware Response Team Posts: 5,430 Joined: 3-January 05 From: South Carolina, USA Member No.: 8,530 |
This is the warning I give for Virut. Please check that you followed these precautions when reloading your files.
Virut is a Polymorphic File Infector which is a virus that changes its virus signature (i.e., its binary pattern) every time it replicates and infects a new file in order to keep from being detected by an antivirus program. Virut infects .EXE and .SCR files. It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker - for example to download/run more malware on the compromised computer. Emails may be harvested as well. This latest variant may also search for htm, html, asp and php files on the drives and modifies them by inserting an iframe that points to a malicious website. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, the files are corrupted beyond repair. Miekiemoes regarding Virut: QUOTE This one is being spread via illegal sites (cracksites/keygens etc) and P2P Software (limewire, shareaza). The P2P software makes sense, because many people are infected with this virus. So, since this virus infects legitimate files, the files being shared via P2P software such as limewire are also infected. So I'm pretty sure that more than 50% of the files being shared through P2P nowadays is infected with Virut unfortunately. Although some programs such as Malwarebytes will clean the reader_s.exe from your computer, the damage has already been done. Security experts suggest that a format and clean install or destructive recovery, if you have an OEM recovery partition, is the best way to clean the infection. It is the best and safest way to return the machine to its normal working state. DO NOT do a repair install. Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). Avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too. Files with these extensions SHOULD NOT BE BACKED UP:
Important: Do not back up to another machine as it may become compromised. Burn to DVD/CD or to an external drive which has nothing else on it so that you can format it if it happens to become infected from the backups. -------------------- You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators) Malware Removal University Masters Graduate Join The Fight Against Malware No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed. |
|
|
|
|
Jan 2 2010, 03:49 PM
Post
#5
|
|
|
W.A.M. (Women Against Malware) Group: Malware Response Team Posts: 5,430 Joined: 3-January 05 From: South Carolina, USA Member No.: 8,530 |
This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
-------------------- You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators) Malware Removal University Masters Graduate Join The Fight Against Malware No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 14th March 2010 - 09:32 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.