Infected with W32.Virut

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
This topic is locked

Infected with W32.Virut Formatted all drives, am I okay now?

#1 Akai Kishi

New Member

Group: Members
Posts: 2
Joined: 07-December 09

Posted 08 December 2009 - 12:00 AM

As the title suggests, I came under attack from a virut virus. As soon as Mcafee saw the virus, Mcafee started quarantining everything while a few porn links popped up on my desktop. It was then that I pulled the network connection and hard shut down the computer (power button held down).
I used UBCD with the western digital tool to perform a low level format on my two WD drives, and as for my seagate drive I deleted the mbr and partitions and performed a format on it; Seatools wouldn't work, nor did Killdisk nor Dban for whatever reason.
I've then reinstalled XP, ran the UBCD with Dr Web Cureit as well as the other AntiVirus programs on the CD. They all came up clean. Mcafee, updated with latest definitions, in the new XP install also says 'clean'.
I have now run all the logs after installing a few things, still no signs of the virut so It doesn't seem to show any signs of the virus rising from the dead (rootkit), but I NEED to be as certain as possible!
I feel so violated, as if my house was broken into; I just still don't feel safe. I hope someone here can help me sleep at night!

DDS (Ver_09-12-01.01) - NTFSx86
Run by AkaiKishi at 23:43:34.15 on Mon 12/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2567 [GMT -5:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
D:\Program Files\McAfee\Common Framework\UdaterUI.exe
D:\Program Files\ITE\Smart Guardian\ITESMART.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Creative\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\RivaTuner v2.24\RivaTuner.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
svchost.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
D:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AkaiKishi\Desktop\RootRepeal.exe
C:\Documents and Settings\AkaiKishi\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://google.com/
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - d:\program files\mcafee\virusscan enterprise\Scriptcl.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ShStatEXE] "d:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "d:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SmartGuardian] d:\program files\ite\smart guardian\ITESMART.exe
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTDVDDET] "d:\program files\creative\dvdaudio\CTDVDDET.EXE"
mRun: [RivaTunerStartupDaemon] "d:\program files\rivatuner v2.24\RivaTuner.exe" /S
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\akaiki~1\startm~1\programs\startup\rivatu~1.lnk - d:\program files\rivatuner v2.24\RivaTuner.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSMMyDocs = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMMyDocs = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15110/CTPID.cab
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\akaiki~1\applic~1\mozilla\firefox\profiles\s3atc122.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\akaikishi\application data\mozilla\firefox\profiles\s3atc122.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\windows media player\npdrmv2.dll
FF - plugin: c:\program files\windows media player\npdsplay.dll
FF - plugin: c:\program files\windows media player\npwmsdrm.dll

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 McAfeeFramework;McAfee Framework Service;d:\program files\mcafee\common framework\FrameworkService.exe [2009-12-7 104000]
R2 McShield;McAfee McShield;d:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-1-27 144704]
R2 McTaskManager;McAfee Task Manager;d:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-1-27 54608]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-12-7 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-12-7 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2009-12-7 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-12-7 566360]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-12-7 73512]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-12-7 34408]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-12-7 177864]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-12-7 99416]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files\common files\creative labs shared\service\DDLLicensing.exe [2009-12-7 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-12-7 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-12-7 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-12-7 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-12-7 566360]

=============== Created Last 30 ================

2009-12-08 03:10:54 1080 ----a-w- c:\windows\system32\settingsbkup.sfm
2009-12-08 03:10:54 1080 ----a-w- c:\windows\system32\settings.sfm
2009-12-08 03:02:50 0 d-----w- c:\docume~1\akaiki~1\applic~1\GarageGames
2009-12-08 02:42:09 0 d-----w- d:\program files\RivaTuner v2.24
2009-12-08 02:19:12 218624 ----a-w- c:\windows\system32\uxtheme.uxtender
2009-12-08 02:06:59 7062 ----a-w- c:\windows\system32\audiopid.vxd
2009-12-08 01:42:36 33552 ----a-w- c:\windows\system32\BMXCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
2009-12-08 01:42:36 33552 ----a-w- c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
2009-12-08 01:42:36 32976 ----a-w- c:\windows\system32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
2009-12-08 01:42:36 32976 ----a-w- c:\windows\system32\BMXState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
2009-12-08 01:42:36 11564 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
2009-12-08 01:42:27 4932846 ------w- c:\windows\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK
2009-12-08 01:39:44 0 d-----w- c:\program files\common files\Creative Labs Shared
2009-12-08 01:39:37 61440 ------w- c:\windows\system32\CTChkAud.dll
2009-12-08 01:39:37 6010 ------w- c:\windows\system32\CTOPT352.cat
2009-12-08 01:39:37 171680 ------w- c:\windows\system32\CTOPT352.dll
2009-12-08 01:37:29 65536 ------w- c:\windows\system32\ctdvda32.dll
2009-12-08 01:37:29 1746360 ------w- c:\windows\system32\CTAA1.DAT
2009-12-08 01:31:47 7572224 ------w- c:\windows\system32\CT8MGM.SF2
2009-12-08 01:31:47 4174814 ------w- c:\windows\system32\CT4MGM.SF2
2009-12-08 01:31:47 0 d-----w- c:\windows\system32\Defaults
2009-12-08 01:31:14 4932846 ----a-w- c:\windows\{00000005-00000000-00000002-00001102-00000004-20021102}.CDF
2009-12-08 01:31:07 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-08 01:31:07 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-08 01:30:46 0 d-----w- d:\program files\Creative
2009-12-08 01:30:46 0 d-----w- c:\windows\system32\Data
2009-12-08 01:28:35 6400 -c--a-w- c:\windows\system32\dllcache\enum1394.sys
2009-12-08 01:28:35 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2009-12-08 01:28:20 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2009-12-08 01:28:20 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2009-12-08 01:28:19 53376 -c--a-w- c:\windows\system32\dllcache\1394bus.sys
2009-12-08 01:28:19 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2009-12-08 01:14:56 60800 -c--a-w- c:\windows\system32\dllcache\sysaudio.sys
2009-12-08 00:30:17 189528 ----a-w- c:\windows\system32\drivers\haP17v2k.sys
2009-12-07 22:46:36 0 d-----w- d:\program files\Spybot - Search & Destroy
2009-12-07 22:46:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-07 18:34:00 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-12-07 18:34:00 7167 ----a-w- c:\windows\system32\atifglpf.xml
2009-12-07 18:34:00 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-12-07 18:33:59 18618 ----a-w- c:\windows\atiogl.xml
2009-12-07 18:33:58 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-12-07 18:33:58 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-12-07 18:33:58 195855 ----a-w- c:\windows\system32\atiicdxx.dat
2009-12-07 18:33:33 0 d-----w- d:\program files\ATI Technologies
2009-12-07 18:29:29 0 d-sh--w- c:\documents and settings\akaikishi\PrivacIE
2009-12-07 18:26:49 0 d-sh--w- c:\documents and settings\akaikishi\IETldCache
2009-12-07 18:24:53 0 d-----w- c:\windows\ie8updates
2009-12-07 18:24:50 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-07 18:24:50 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-07 18:24:50 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-07 18:24:50 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-07 18:24:50 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-07 18:24:50 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-07 18:23:57 0 dc-h--w- c:\windows\ie8
2009-12-07 12:15:14 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-07 12:15:14 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-07 12:02:23 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-07 11:59:25 0 d-----w- d:\program files\Seagate
2009-12-07 11:59:17 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-07 11:59:17 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-07 11:59:16 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-07 11:57:05 0 d-sh--w- c:\documents and settings\akaikishi\UserData
2009-12-07 11:56:06 0 d-----w- d:\program files\ATI
2009-12-07 11:55:52 14048 ------w- c:\windows\system32\spmsg2.dll
2009-12-07 11:54:50 0 d-----w- c:\windows\system32\PreInstall
2009-12-07 11:54:49 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-07 11:54:48 0 d--h--w- c:\windows\$hf_mig$
2009-12-07 11:54:35 0 d-----w- C:\ATI
2009-12-07 11:50:51 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-12-07 11:45:46 280 ----a-w- c:\windows\system32\epoPGPsdk.dll.sig
2009-12-07 11:45:33 73512 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-12-07 11:45:33 65000 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-12-07 11:45:33 52168 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-12-07 11:45:33 34408 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-12-07 11:45:33 177864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-12-07 11:45:28 0 d-----w- d:\program files\McAfee
2009-12-07 11:45:28 0 d-----w- c:\program files\common files\McAfee
2009-12-07 11:43:03 0 d-----w- c:\windows\system32\appmgmt
2009-12-07 11:39:44 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-07 11:39:44 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-07 11:39:44 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll
2009-12-07 11:39:44 0 d-----w- c:\program files\common files\Cisco Systems
2009-12-07 11:34:08 0 d-----w- d:\program files\windows nt
2009-12-07 11:34:08 0 d-----w- d:\program files\msn gaming zone
2009-12-07 11:33:12 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-12-07 11:32:57 118784 ----a-r- c:\windows\system32\Msstdfmt.dll
2009-12-07 11:32:57 1066176 ----a-w- c:\windows\system32\Mscomctl.ocx
2009-12-07 11:32:56 6080 ----a-w- c:\windows\system32\drivers\zntport.sys
2009-12-07 11:32:56 46080 ----a-r- c:\windows\system32\itevio.dll
2009-12-07 11:32:56 112 ----a-w- c:\windows\system32\drivers\a.bat
2009-12-07 11:32:56 102912 ----a-r- c:\windows\system32\Ntport.dll
2009-12-07 11:32:56 0 d-----w- d:\program files\ITE
2009-12-07 11:32:56 0 d-----w- c:\windows\SysWow64
2009-12-07 11:32:19 0 d-----w- d:\program files\Marvell
2009-12-07 11:32:11 0 d-----w- c:\program files\common files\InstallShield
2009-12-07 11:30:47 0 d-----w- c:\windows\system32\ReinstallBackups
2009-12-07 11:30:27 0 d-----w- C:\Intel
2009-12-07 11:16:57 0 d-----w- c:\windows\system32\NtmsData
2009-12-07 05:24:24 0 d-sh--w- c:\documents and settings\all users\DRM
2009-12-07 05:23:46 0 d-----w- c:\program files\common files\MSSoap
2009-12-07 00:18:10 0 d-----w- c:\program files\common files\ODBC
2009-12-07 00:18:08 0 d-----w- c:\program files\common files\SpeechEngines
2009-12-07 00:16:54 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-12-08 02:19:12 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-12-07 05:22:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-04 16:15:30 4423168 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-04 15:44:14 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-04 15:29:44 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-04 15:29:28 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-04 15:29:16 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 15:29:08 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-04 15:28:54 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-04 15:27:40 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 15:26:18 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-04 15:18:50 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:17:48 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-04 15:05:10 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 14:51:08 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-04 14:51:08 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47:16 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:46:58 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-04 14:46:44 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-04 14:45:30 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-04 14:45:08 3526656 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-04 14:45:04 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-04 14:44:48 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-04 14:44:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-04 14:39:26 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-10-02 21:19:30 623962 ----a-w- c:\windows\system32\UDAAIM32.exe
2009-09-23 21:19:34 43520 ----a-w- c:\windows\system32\CTBurst.dll
2009-09-23 21:19:16 11776 ----a-w- c:\windows\system32\inres.dll
2009-09-23 21:19:16 11776 ----a-w- c:\windows\INRES.DLL
2009-09-23 21:19:12 86528 ----a-w- c:\windows\system32\ctcoinst.dll
2009-09-23 21:19:12 182272 ----a-w- c:\windows\system32\ctdvinst.dll
2009-09-23 21:18:08 10752 ----a-w- c:\windows\system32\a3d.dll
2009-09-23 21:06:36 51787 ----a-w- c:\windows\system32\ctdlang.dat
2009-09-23 21:06:36 386852 ----a-w- c:\windows\system32\ctdnlstr.dat
2009-09-23 21:06:00 196096 ----a-w- c:\windows\system32\ctemupia.dll
2009-09-23 21:03:28 176128 ----a-w- c:\windows\system32\ct_oal.dll
2009-09-23 21:03:26 46592 ----a-w- c:\windows\system32\ctasio.dll
2009-09-23 21:03:22 49152 ----a-w- c:\windows\system32\ctdproxy.dll
2009-09-23 21:03:04 69632 ----a-w- c:\windows\system32\ctosuser.dll
2009-09-23 21:03:02 6144 ----a-w- c:\windows\system32\sfman32.dll
2009-09-23 21:02:58 125952 ----a-w- c:\windows\system32\sfms32.dll
2009-09-23 21:02:54 13312 ----a-w- c:\windows\system32\regplib.exe
2009-09-23 21:02:52 64512 ----a-w- c:\windows\system32\piaproxy.dll
2009-09-23 21:01:54 149838 ----a-w- c:\windows\system32\ctbas2w.dat
2009-09-23 21:00:24 274587 ----a-w- c:\windows\system32\ctsbas2w.dat
2009-09-23 20:59:38 53932 ----a-w- c:\windows\system32\ctdaught.dat
2009-09-23 20:59:36 313207 ----a-w- c:\windows\system32\ctstatic.dat
2009-09-23 20:59:34 5120 ----a-w- c:\windows\system32\enlocstr.exe
2009-09-23 20:59:30 10240 ----a-w- c:\windows\system32\killapps.exe
2009-09-23 20:59:10 28672 ----a-w- c:\windows\system32\MIDIDEF.EXE
2009-09-23 20:59:08 33792 ----a-w- c:\windows\system32\devreg.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

============= FINISH: 23:43:53.56 ===============

Attached File(s)

Attach.txt (6.69K)
Number of downloads: 0
ark.txt (860bytes)
Number of downloads: 1
hijackthis.log (5.18K)
Number of downloads: 1

#2 suebaby41

W.A.M. (Women Against Malware)

Group: Malware Response Team
Posts: 6,247
Joined: 03-January 05
Location:South Carolina, USA

Posted 20 December 2009 - 06:54 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Please post the contents of log.txt.

Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:

Reply to this thread; do not start another!
Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
Do not run any other tool until instructed to do so!
Let me know if any of the links do not work or if any of the tools do not work.
Tell me about problems or symptoms that occur during the fix.
Do not run any other programs or open any other windows while doing a fix.
Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.

Thanks.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate
Posted Image

Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 Akai Kishi

New Member

Group: Members
Posts: 2
Joined: 07-December 09

Posted 21 December 2009 - 03:26 PM

I guess you don't need the info.txt output.
The log.txt is below.
------------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by AkaiKishi at 2009-12-21 15:11:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (83%) free of 40 GB
Total RAM: 3326 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:28 PM, on 12/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
D:\Program Files\McAfee\Common Framework\UdaterUI.exe
D:\Program Files\ITE\Smart Guardian\ITESMART.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Creative\DVDAudio\CTDVDDET.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\Logitech\SetPoint II\SetpointII.exe
D:\Program Files\RivaTuner v2.24\RivaTuner.exe
D:\Program Files\McAfee\Common Framework\FrameworkService.exe
D:\Program Files\McAfee\Common Framework\McTray.exe
D:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
D:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\AkaiKishi\Desktop\RSIT.exe
D:\Program Files\trend micro\AkaiKishi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - D:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SmartGuardian] D:\Program Files\ITE\Smart Guardian\ITESMART.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "D:\Program Files\Creative\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: RivaTuner.lnk = D:\Program Files\RivaTuner v2.24\RivaTuner.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: SetPointII.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Dolby Digital Live Pack Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - D:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - D:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - D:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

--
End of file - 6270 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - D:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll [2009-01-27 58688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-13 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-13 455168]
"ShStatEXE"=D:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2009-01-27 111952]
"McAfeeUpdaterUI"=D:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"SmartGuardian"=D:\Program Files\ITE\Smart Guardian\ITESMART.exe [2008-01-11 204800]
"StartCCC"=D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-04 98304]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2009-09-23 19456]
"CTDVDDET"=D:\Program Files\Creative\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]
"RivaTunerStartupDaemon"=D:\Program Files\RivaTuner v2.24\RivaTuner.exe [2009-08-22 2781184]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe
SetPointII.lnk - D:\Program Files\Logitech\SetPoint II\SetpointII.exe

C:\Documents and Settings\AkaiKishi\Start Menu\Programs\Startup
RivaTuner.lnk - D:\Program Files\RivaTuner v2.24\RivaTuner.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-11-04 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"NoSMMyDocs"=1
"NoSMMyPictures"=1
"NoSMHelp"=1
"NoSMConfigurePrograms"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\McAfee\Common Framework\FrameworkService.exe"="D:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"D:\Games\Steam\Steam.exe"="D:\Games\Steam\Steam.exe:*:Enabled:Steam"
"D:\Games\Steam\steamapps\akaikishi\team fortress 2\hl2.exe"="D:\Games\Steam\steamapps\akaikishi\team fortress 2\hl2.exe:*:Enabled:hl2"
"D:\Program Files\uTorrent\uTorrent.exe"="D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"D:\Games\Steam\steamapps\common\left 4 dead\left4dead.exe"="D:\Games\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"D:\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe"="D:\Games\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a6b2e8e-ed77-11de-a409-000129a407a6}]
shell\AutoRun\command - G:\AllwaySync'n'Go.exe -autorun

======List of files/folders created in the last 1 months======

2009-12-21 15:11:20 ----D---- D:\Program Files\trend micro
2009-12-21 15:11:20 ----D---- C:\rsit
2009-12-18 22:52:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-16 17:44:09 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\vlc
2009-12-16 17:43:29 ----D---- D:\Program Files\VideoLAN
2009-12-14 20:54:32 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-12-13 23:10:34 ----D---- C:\WINDOWS\RegisteredPackages
2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-12-13 23:10:09 ----N---- C:\WINDOWS\system32\px.dll
2009-12-13 23:10:06 ----D---- D:\Program Files\Winamp
2009-12-13 23:10:06 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Winamp
2009-12-13 23:00:40 ----D---- D:\Program Files\uTorrent
2009-12-13 22:59:58 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\uTorrent
2009-12-13 21:58:06 ----D---- D:\Program Files\PeerGuardian2
2009-12-13 21:28:06 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Amazon
2009-12-13 21:16:09 ----D---- D:\Program Files\Amazon
2009-12-08 23:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-08 23:17:23 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-08 23:17:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-12-08 23:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-08 23:16:55 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-08 23:16:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-08 17:20:51 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-12-08 17:20:35 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-12-08 17:20:28 ----D---- D:\Program Files\Adobe
2009-12-08 17:20:28 ----D---- C:\Program Files\Common Files\Adobe
2009-12-08 06:59:29 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Logitech
2009-12-08 06:57:14 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Leadertech
2009-12-08 06:57:08 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2009-12-08 06:56:10 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2009-12-08 06:55:44 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2009-12-08 06:55:42 ----A---- C:\WINDOWS\system32\KemXML.dll
2009-12-08 06:55:42 ----A---- C:\WINDOWS\system32\KemWnd.dll
2009-12-08 06:55:42 ----A---- C:\WINDOWS\system32\KemUtil.dll
2009-12-08 06:55:42 ----A---- C:\WINDOWS\system32\kemutb.dll
2009-12-08 06:55:30 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-12-08 06:55:26 ----D---- C:\Program Files\Common Files\Logishrd
2009-12-08 06:55:25 ----D---- D:\Program Files\Logitech
2009-12-07 23:44:55 ----A---- C:\RootRepeal report 12-07-09 (23-44-55).txt
2009-12-07 22:02:50 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\GarageGames
2009-12-07 21:42:09 ----D---- D:\Program Files\RivaTuner v2.24
2009-12-07 21:38:35 ----D---- D:\Program Files\Microsoft Silverlight
2009-12-07 21:36:59 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Macromedia
2009-12-07 21:36:59 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Adobe
2009-12-07 21:34:51 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-12-07 21:07:01 ----A---- C:\CTSUFile.txt
2009-12-07 20:42:27 ----A---- C:\WINDOWS\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK
2009-12-07 20:39:53 ----D---- C:\Documents and Settings\All Users\Application Data\Creative
2009-12-07 20:39:44 ----D---- C:\Program Files\Common Files\Creative Labs Shared
2009-12-07 20:39:37 ----N---- C:\WINDOWS\system32\CTOPT352.dll
2009-12-07 20:39:37 ----N---- C:\WINDOWS\system32\CTChkAud.dll
2009-12-07 20:37:29 ----N---- C:\WINDOWS\system32\ctdvda32.dll
2009-12-07 20:31:47 ----D---- C:\WINDOWS\system32\Defaults
2009-12-07 20:31:07 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-12-07 20:31:07 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-12-07 20:31:06 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Creative
2009-12-07 20:30:46 ----D---- D:\Program Files\Creative
2009-12-07 20:30:46 ----D---- C:\WINDOWS\system32\Data
2009-12-07 20:14:32 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-12-07 20:10:50 ----D---- D:\Program Files\7-Zip
2009-12-07 19:30:15 ----A---- C:\WINDOWS\system32\UDAWRP32.dll
2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\udapld32.dll
2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\UDAAPO32.dll
2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\sfms32.dll
2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\piaproxy.dll
2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\inres.dll
2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\eaxac3.dll
2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\devreg.dll
2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\ctthxcal.dll
2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\ctspkhlp.dll
2009-12-07 19:30:14 ----A---- C:\WINDOWS\system32\ct_oal.dll
2009-12-07 19:30:14 ----A---- C:\WINDOWS\INRES.DLL
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctsfinst.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctscal.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctpres.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\CTpcmcia.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctosuser.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctmmep.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctmmactl.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctemupia.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctdvinst.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctdproxy.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctdcres.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctdcifce.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\system32\ctdc0001.dll
2009-12-07 19:30:13 ----A---- C:\WINDOWS\CTPRES.DLL
2009-12-07 19:30:13 ----A---- C:\WINDOWS\CTDCRES.DLL
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\UDAAIM32.exe
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\regplib.exe
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\readreg.exe
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\psconv.exe
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\OALInst.exe
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\MIDIDEF.EXE
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\killapps.exe
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\enlocstr.exe
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\DKDrvHlp.exe
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\ctdc0000.dll
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\ctcoinst.dll
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\CTBurst.dll
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\ctasio.dll
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\ctagent.dll
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\ac3api.dll
2009-12-07 19:30:12 ----A---- C:\WINDOWS\system32\a3d.dll
2009-12-07 19:30:11 ----N---- C:\WINDOWS\system32\AddCat.exe
2009-12-07 19:30:11 ----A---- C:\WINDOWS\system32\ctpxst32.exe
2009-12-07 19:30:11 ----A---- C:\WINDOWS\system32\CtHelper.exe
2009-12-07 19:30:10 ----A---- C:\WINDOWS\system32\kill.ini
2009-12-07 19:30:10 ----A---- C:\WINDOWS\system32\instwdm.ini
2009-12-07 19:30:10 ----A---- C:\WINDOWS\system32\ctzapxx.ini
2009-12-07 17:46:36 ----D---- D:\Program Files\Spybot - Search & Destroy
2009-12-07 17:46:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-07 17:41:10 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Mozilla
2009-12-07 17:37:51 ----A---- C:\Win-Files.txt
2009-12-07 17:23:51 ----D---- D:\Program Files\Mozilla Firefox
2009-12-07 17:21:28 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-12-07 17:21:28 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\ATI
2009-12-07 13:34:00 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-12-07 13:33:58 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-12-07 13:33:33 ----D---- D:\Program Files\ATI Technologies
2009-12-07 13:25:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-07 13:25:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-07 13:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-07 13:25:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-07 13:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-07 13:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-07 13:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-07 13:25:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-07 13:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-07 13:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-07 13:25:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-07 13:24:53 ----D---- C:\WINDOWS\ie8updates
2009-12-07 13:24:42 ----D---- C:\WINDOWS\WBEM
2009-12-07 13:23:57 ----HDC---- C:\WINDOWS\ie8
2009-12-07 13:23:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-07 13:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-07 13:22:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-07 13:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-07 13:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-07 13:22:33 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-07 13:22:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-07 13:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-07 13:22:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-07 13:22:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-07 13:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-07 13:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-07 13:22:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-07 13:22:04 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-07 13:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-07 13:21:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-07 13:21:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-07 13:21:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-07 13:21:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-07 13:21:29 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-12-07 13:21:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-07 13:21:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-07 13:21:07 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-07 13:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-07 13:20:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-12-07 13:20:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-07 13:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-12-07 13:20:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-12-07 13:20:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-07 13:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-07 13:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-07 13:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-07 13:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-07 13:20:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-07 13:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-07 13:20:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-07 13:20:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-07 13:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-07 13:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-07 13:20:05 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-07 13:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-07 06:59:25 ----D---- D:\Program Files\Seagate
2009-12-07 06:56:58 ----SHD---- C:\RECYCLER
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\atioglxx.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ATIODCLI.exe
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\atimpc32.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\aticalrt.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\aticaldd.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\aticalcl.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\atibtmon.exe
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-12-07 06:56:23 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2009-12-07 06:56:22 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-12-07 06:56:22 ----A---- C:\WINDOWS\system32\ATIODE.exe
2009-12-07 06:56:22 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-12-07 06:56:22 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2009-12-07 06:56:11 ----D---- D:\Program Files\MSBuild
2009-12-07 06:56:09 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-07 06:56:06 ----D---- D:\Program Files\Reference Assemblies
2009-12-07 06:56:06 ----D---- D:\Program Files\ATI
2009-12-07 06:55:52 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-12-07 06:55:27 ----RSD---- C:\WINDOWS\assembly
2009-12-07 06:55:14 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-07 06:54:50 ----D---- C:\WINDOWS\system32\PreInstall
2009-12-07 06:54:49 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-12-07 06:54:49 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-12-07 06:54:48 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-12-07 06:54:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-07 06:54:35 ----D---- C:\ATI
2009-12-07 06:50:51 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-12-07 06:45:46 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-12-07 06:45:46 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll.sig
2009-12-07 06:45:28 ----D---- D:\Program Files\McAfee
2009-12-07 06:45:28 ----D---- C:\Program Files\Common Files\McAfee
2009-12-07 06:43:03 ----D---- C:\WINDOWS\system32\appmgmt
2009-12-07 06:39:44 ----D---- C:\Program Files\Common Files\Cisco Systems
2009-12-07 06:39:44 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-12-07 06:39:44 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-12-07 06:39:44 ----A---- C:\WINDOWS\system32\epoPGPsdk.dll
2009-12-07 06:34:09 ----D---- D:\Program Files\xerox
2009-12-07 06:34:09 ----D---- D:\Program Files\outlook express
2009-12-07 06:34:09 ----D---- D:\Program Files\movie maker
2009-12-07 06:34:08 ----D---- D:\Program Files\windows nt
2009-12-07 06:34:08 ----D---- D:\Program Files\windows media player
2009-12-07 06:34:08 ----D---- D:\Program Files\netmeeting
2009-12-07 06:34:08 ----D---- D:\Program Files\msn gaming zone
2009-12-07 06:34:08 ----D---- D:\Program Files\microsoft frontpage
2009-12-07 06:34:08 ----D---- D:\Program Files\internet explorer
2009-12-07 06:33:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-12-07 06:32:57 ----RA---- C:\WINDOWS\system32\Msstdfmt.dll
2009-12-07 06:32:56 ----RA---- C:\WINDOWS\system32\Ntport.dll
2009-12-07 06:32:56 ----RA---- C:\WINDOWS\system32\itevio.dll
2009-12-07 06:32:56 ----HD---- D:\Program Files\InstallShield Installation Information
2009-12-07 06:32:56 ----D---- D:\Program Files\ITE
2009-12-07 06:32:56 ----D---- C:\WINDOWS\SysWow64
2009-12-07 06:32:43 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\InstallShield
2009-12-07 06:32:19 ----D---- D:\Program Files\Marvell
2009-12-07 06:32:11 ----D---- C:\Program Files\Common Files\InstallShield
2009-12-07 06:30:47 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-07 06:30:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-07 06:30:27 ----D---- C:\Intel
2009-12-07 06:16:57 ----D---- C:\WINDOWS\system32\NtmsData
2009-12-07 00:28:08 ----D---- C:\Documents and Settings\AkaiKishi\Application Data\Identities
2009-12-07 00:28:02 ----SD---- C:\Documents and Settings\AkaiKishi\Application Data\Microsoft
2009-12-07 00:28:02 ----ASH---- C:\Documents and Settings\AkaiKishi\Application Data\desktop.ini
2009-12-07 00:28:01 ----SHD---- C:\WINDOWS\CSC
2009-12-07 00:27:58 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-07 00:27:56 ----D---- C:\WINDOWS\Prefetch
2009-12-07 00:27:55 ----SD---- C:\WINDOWS\system32\Microsoft
2009-12-07 00:27:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-07 00:25:10 ----D---- C:\WINDOWS\system32\xircom
2009-12-07 00:25:00 ----A---- C:\WINDOWS\control.ini
2009-12-07 00:25:00 ----A---- C:\AUTOEXEC.BAT
2009-12-07 00:24:53 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-07 00:24:50 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-12-07 00:24:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-07 00:24:19 ----RD---- C:\WINDOWS\Offline Web Pages
2009-12-07 00:24:19 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-07 00:24:16 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-07 00:24:00 ----D---- C:\WINDOWS\system32\DirectX
2009-12-07 00:23:57 ----A---- C:\WINDOWS\system32\atrace.dll
2009-12-07 00:23:55 ----A---- C:\WINDOWS\system32\desktop.ini
2009-12-07 00:23:55 ----A---- C:\WINDOWS\desktop.ini
2009-12-07 00:23:50 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-12-07 00:23:49 ----D---- C:\Program Files\Common Files\Services
2009-12-07 00:23:49 ----A---- C:\WINDOWS\system32\acctres.dll
2009-12-07 00:23:47 ----SD---- C:\WINDOWS\Tasks
2009-12-07 00:23:47 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-12-07 00:23:46 ----D---- C:\Program Files\Common Files\MSSoap
2009-12-07 00:23:43 ----D---- C:\WINDOWS\system32\Macromed
2009-12-07 00:23:43 ----D---- C:\WINDOWS\srchasst
2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wups.dll
2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-12-07 00:23:41 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-12-07 00:23:40 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-12-07 00:23:40 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-12-07 00:23:40 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-12-07 00:23:40 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-12-07 00:23:40 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-12-07 00:23:40 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-12-07 00:23:27 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-12-07 00:23:27 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-12-07 00:23:27 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-12-07 00:23:27 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-12-07 00:23:25 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-12-07 00:23:25 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-12-07 00:23:24 ----D---- C:\WINDOWS\system32\Restore
2009-12-07 00:23:24 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-12-07 00:23:24 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-12-07 00:23:24 ----A---- C:\WINDOWS\system32\srclient.dll
2009-12-07 00:23:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-12-07 00:23:24 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-12-07 00:23:24 ----A---- C:\WINDOWS\system32\ils.dll
2009-12-07 00:23:23 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-12-07 00:23:23 ----A---- C:\WINDOWS\system32\msconf.dll
2009-12-07 00:23:23 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-12-07 00:23:21 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-12-07 00:23:21 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-12-07 00:23:21 ----A---- C:\WINDOWS\system32\inetres.dll
2009-12-07 00:23:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\mstask.dll
2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\isign32.dll
2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-12-07 00:23:19 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-12-07 00:23:15 ----D---- C:\Program Files\Common Files\System
2009-12-07 00:22:48 ----A---- C:\WINDOWS\vbaddin.ini
2009-12-07 00:22:48 ----A---- C:\WINDOWS\vb.ini
2009-12-07 00:22:45 ----D---- C:\WINDOWS\Registration
2009-12-07 00:22:32 ----A---- C:\WINDOWS\system32\write.exe
2009-12-07 00:22:26 ----A---- C:\WINDOWS\system32\winchat.exe
2009-12-07 00:22:26 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-12-07 00:22:26 ----A---- C:\WINDOWS\system32\hticons.dll
2009-12-07 00:22:26 ----A---- C:\WINDOWS\system32\avwav.dll
2009-12-07 00:22:26 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-12-07 00:22:26 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-12-07 00:22:21 ----A---- C:\WINDOWS\system32\winmine.exe
2009-12-07 00:22:21 ----A---- C:\WINDOWS\system32\sol.exe
2009-12-07 00:22:21 ----A---- C:\WINDOWS\system32\getuname.dll
2009-12-07 00:22:21 ----A---- C:\WINDOWS\system32\charmap.exe
2009-12-07 00:22:21 ----A---- C:\WINDOWS\system32\calc.exe
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\tskill.exe
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\tscon.exe
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\shadow.exe
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\reset.exe
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\regini.exe
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-12-07 00:22:20 ----A---- C:\WINDOWS\system32\freecell.exe
2009-12-07 00:22:19 ----A---- C:\WINDOWS\system32\msg.exe
2009-12-07 00:22:19 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-12-07 00:22:19 ----A---- C:\WINDOWS\system32\logoff.exe
2009-12-07 00:22:19 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-12-07 00:22:14 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-12-07 00:22:07 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-12-07 00:22:07 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-12-07 00:22:07 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-12-07 00:22:07 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-12-07 00:22:06 ----A---- C:\WINDOWS\system32\spider.exe
2009-12-07 00:22:06 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-12-07 00:22:06 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-12-07 00:22:05 ----D---- C:\WINDOWS\system32\en-US
2009-12-07 00:22:05 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-12-07 00:22:05 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-12-07 00:22:05 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-12-07 00:22:05 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-12-07 00:22:04 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-12-07 00:22:03 ----D---- C:\WINDOWS\system32\MsDtc
2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-12-07 00:22:03 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-12-07 00:22:02 ----D---- C:\WINDOWS\system32\Com
2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-12-07 00:22:02 ----A---- C:\WINDOWS\system32\colbact.dll
2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\stclient.dll
2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-12-07 00:22:01 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-12-07 00:22:00 ----A---- C:\WINDOWS\system32\comuid.dll
2009-12-07 00:22:00 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-12-07 00:22:00 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-12-07 00:21:56 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-12-07 00:21:56 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-12-07 00:21:56 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-12-07 00:21:56 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-12-06 19:21:15 ----A---- C:\WINDOWS\system32\h323log.txt
2009-12-06 19:20:54 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-12-06 19:18:49 ----A---- C:\WINDOWS\system32\usbui.dll
2009-12-06 19:18:12 ----A---- C:\WINDOWS\imsins.BAK
2009-12-06 19:18:10 ----SHD---- C:\WINDOWS\Installer
2009-12-06 19:18:10 ----D---- C:\Program Files\Common Files\ODBC
2009-12-06 19:18:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-06 19:18:10 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-06 19:18:08 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-12-06 19:18:07 ----RD---- C:\Program Files
2009-12-06 19:18:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-06 19:18:04 ----A---- C:\WINDOWS\system32\uniime.dll
2009-12-06 19:17:57 ----A---- C:\WINDOWS\system32\c_g18030.dll
2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\kbdax2.dll
2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\kbd106n.dll
2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\kbd101.dll
2009-12-06 19:17:56 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2009-12-06 19:17:55 ----A---- C:\WINDOWS\system32\imjp81k.dll
2009-12-06 19:17:51 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2009-12-06 19:17:50 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2009-12-06 19:17:50 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2009-12-06 19:17:49 ----A---- C:\WINDOWS\system32\msir3jp.dll
2009-12-06 19:17:36 ----A---- C:\WINDOWS\system32\kbd101a.dll
2009-12-06 19:17:29 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2009-12-06 19:17:29 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2009-12-06 19:17:29 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2009-12-06 19:17:14 ----A---- C:\WINDOWS\system32\c_is2022.dll
2009-12-06 19:17:13 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-12-06 19:17:13 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-12-06 19:17:13 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-12-06 19:17:13 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-12-06 19:17:13 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-12-06 19:17:13 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-12-06 19:17:11 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-12-06 19:17:11 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-12-06 19:17:11 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-12-06 19:17:10 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-12-06 19:17:09 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-12-06 19:17:08 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-12-06 19:17:08 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-12-06 19:17:08 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-12-06 19:17:07 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-12-06 19:17:07 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-12-06 19:17:06 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-12-06 19:17:03 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-06 19:17:03 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-06 19:17:03 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-12-06 19:17:03 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-12-06 19:17:03 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-12-06 19:17:01 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-12-06 19:17:01 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-12-06 19:17:01 ----A---- C:\WINDOWS\system32\batt.dll
2009-12-06 19:17:01 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-12-06 19:17:00 ----A---- C:\WINDOWS\system32\storprop.dll
2009-12-06 19:16:54 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-12-06 19:16:52 ----RA---- C:\WINDOWS\SET8.tmp
2009-12-06 19:16:51 ----RA---- C:\WINDOWS\SET4.tmp
2009-12-06 19:16:49 ----RA---- C:\WINDOWS\SET3.tmp
2009-12-06 19:16:45 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-06 19:16:45 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-06 19:16:40 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-06 19:16:24 ----A---- C:\WINDOWS\setuplog.txt
2009-12-06 19:16:21 ----SHD---- C:\System Volume Information
2009-12-06 19:16:21 ----D---- C:\Documents and Settings
2009-12-06 19:14:28 ----ASH---- C:\boot.ini
2009-12-06 19:12:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-06 19:12:09 ----RSD---- C:\WINDOWS\Fonts
2009-12-06 19:12:09 ----RD---- C:\WINDOWS\Web
2009-12-06 19:12:09 ----HD---- C:\WINDOWS\inf
2009-12-06 19:12:09 ----D---- C:\WINDOWS\WinSxS
2009-12-06 19:12:09 ----D---- C:\WINDOWS\twain_32
2009-12-06 19:12:09 ----D---- C:\WINDOWS\Temp
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\wins
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\wbem
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\usmt
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\spool
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\ShellExt
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\Setup
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\scripting
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\ras
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\oobe
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\npp
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\mui
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\inetsrv
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\IME
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\icsxml
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\ias
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\export
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\en
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\drivers
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\dhcp
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\config
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\3com_dmi
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\3076
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\2052
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1054
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1042
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1041
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1037
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1033
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1031
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1028
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32\1025
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system32
2009-12-06 19:12:09 ----D---- C:\WINDOWS\system
2009-12-06 19:12:09 ----D---- C:\WINDOWS\security
2009-12-06 19:12:09 ----D---- C:\WINDOWS\Resources
2009-12-06 19:12:09 ----D---- C:\WINDOWS\repair
2009-12-06 19:12:09 ----D---- C:\WINDOWS\Provisioning
2009-12-06 19:12:09 ----D---- C:\WINDOWS\PeerNet
2009-12-06 19:12:09 ----D---- C:\WINDOWS\pchealth
2009-12-06 19:12:09 ----D---- C:\WINDOWS\Network Diagnostic
2009-12-06 19:12:09 ----D---- C:\WINDOWS\mui
2009-12-06 19:12:09 ----D---- C:\WINDOWS\msapps
2009-12-06 19:12:09 ----D---- C:\WINDOWS\msagent
2009-12-06 19:12:09 ----D---- C:\WINDOWS\Media
2009-12-06 19:12:09 ----D---- C:\WINDOWS\L2Schemas
2009-12-06 19:12:09 ----D---- C:\WINDOWS\java
2009-12-06 19:12:09 ----D---- C:\WINDOWS\ime
2009-12-06 19:12:09 ----D---- C:\WINDOWS\Help
2009-12-06 19:12:09 ----D---- C:\WINDOWS\ehome
2009-12-06 19:12:09 ----D---- C:\WINDOWS\Driver Cache
2009-12-06 19:12:09 ----D---- C:\WINDOWS\Debug
2009-12-06 19:12:09 ----D---- C:\WINDOWS\Cursors
2009-12-06 19:12:09 ----D---- C:\WINDOWS\Connection Wizard
2009-12-06 19:12:09 ----D---- C:\WINDOWS\Config
2009-12-06 19:12:09 ----D---- C:\WINDOWS\AppPatch
2009-12-06 19:12:09 ----D---- C:\WINDOWS\addins
2009-12-06 19:12:09 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-12-07 21:19:12 ----A---- C:\WINDOWS\system32\uxtheme.dll
2009-12-07 00:25:00 ----A---- C:\WINDOWS\win.ini
2009-12-06 19:18:07 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 mferkdk;VSCore mferkdk; \??\D:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-01-27 52168]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]
R2 zntport;NTPort Library Driver; C:\WINDOWS\System32\drivers\zntport.sys [2001-01-22 6080]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-04 4423168]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2009-09-23 99416]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2009-09-23 511064]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2009-09-23 528472]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2009-09-23 555096]
R3 ctgame;Game Port; C:\WINDOWS\system32\DRIVERS\ctgame.sys [2009-09-23 18904]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2009-09-23 14424]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2009-09-23 566360]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2009-09-23 157272]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2009-09-23 92760]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2009-09-23 798808]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2009-09-23 162904]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2009-01-27 65000]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-01-27 73512]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-01-27 34408]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-01-27 177864]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2009-09-23 127576]
R3 RivaTuner32;RivaTuner32; \??\D:\Program Files\RivaTuner v2.24\RivaTuner32.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-02 250496]
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2009-09-23 99416]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2009-09-23 555096]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2009-09-23 347144]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2009-09-23 100952]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2009-09-23 100952]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2009-09-23 566360]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2009-09-23 189528]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-04 602112]
R2 CTAudSvcService;Creative Audio Service; D:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-12-29 307200]
R2 McAfeeFramework;McAfee Framework Service; D:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; D:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2009-01-27 144704]
R2 McTaskManager;McAfee Task Manager; D:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2009-01-27 54608]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2009-12-07 79360]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 suebaby41

W.A.M. (Women Against Malware)

Group: Malware Response Team
Posts: 6,247
Joined: 03-January 05
Location:South Carolina, USA

Posted 21 December 2009 - 03:53 PM

This is the warning I give for Virut. Please check that you followed these precautions when reloading your files.

Virut is a Polymorphic File Infector which is a virus that changes its virus signature (i.e., its binary pattern) every time it replicates and infects a new file in order to keep from being detected by an antivirus program. Virut infects .EXE and .SCR files. It opens a Backdoor by connecting to a predefined IRC Server and waits for commands from the remote attacker - for example to download/run more malware on the compromised computer. Emails may be harvested as well. This latest variant may also search for htm, html, asp and php files on the drives and modifies them by inserting an iframe that points to a malicious website. Virut is capable of infecting all the machine's executable files (.exe) and screensaver files (.scr). However, the problem is that the virus has a number of bugs in its code, and as a result, the files are corrupted beyond repair.

Miekiemoes regarding Virut:

Quote

This one is being spread via illegal sites (cracksites/keygens etc) and P2P Software (limewire, shareaza).
The P2P software makes sense, because many people are infected with this virus. So, since this virus infects legitimate files, the files being shared via P2P software such as limewire are also infected. So I'm pretty sure that more than 50% of the files being shared through P2P nowadays is infected with Virut unfortunately.

Although some programs such as Malwarebytes will clean the reader_s.exe from your computer, the damage has already been done.

Security experts suggest that a format and clean install or destructive recovery, if you have an OEM recovery partition, is the best way to clean the infection. It is the best and safest way to return the machine to its normal working state. DO NOT do a repair install.

Backup all your documents and important items (personal data, work documents, etc) only.

DO NOT backup any executable files (softwares) and screensavers (*.scr). Avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too. Files with these extensions SHOULD NOT BE BACKED UP:
.exe
.scr
.htm
.html
.xml
.zip
.rar
It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Important: Do not back up to another machine as it may become compromised. Burn to DVD/CD or to an external drive which has nothing else on it so that you can format it if it happens to become infected from the backups.

#5 suebaby41

W.A.M. (Women Against Malware)

Group: Malware Response Team
Posts: 6,247
Joined: 03-January 05
Location:South Carolina, USA

Posted 02 January 2010 - 03:49 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.