Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo (i Think)


  • This topic is locked This topic is locked
4 replies to this topic

#1 MzUnique

MzUnique

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 04 September 2008 - 05:19 PM

My pc was infected and I bought a laptop. I needed to save some files from my comp to the laptop n believe it infected my laptop.


here is my HJT log please help ASAP!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:57 PM, on 9/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\conime.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mmlucj] C:\WINDOWS\system32\severe.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [avipit] C:\WINDOWS\system32\mmlucj.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: PC Health.lnk = C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: getPlusŪ Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4117 bytes





Also I cant access msconfig

Edited by MzUnique, 04 September 2008 - 06:58 PM.


BC AdBot (Login to Remove)

 


m

#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 AM

Posted 04 September 2008 - 07:04 PM

Hello. I'm Extremeboy and I will be helping you with your log.

I will need some time to look over your computer's log(s). You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, to track your topic. The topics you are tracking can be found here.

Please take note of a few guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both
    log.txt (<<will be maximized)
    info.txt (<<will be minimized)

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

Thanks :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 MzUnique

MzUnique
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:04 AM

Posted 05 September 2008 - 11:10 AM

Logfile of random's system information tool (written by random/random)
Run by home at 2008-09-05 11:04:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (53%) free of 19 GB
Total RAM: 751 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:47 AM, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\home\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\home.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\conime.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mmlucj] C:\WINDOWS\system32\severe.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [avipit] C:\WINDOWS\system32\mmlucj.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: PC Health.lnk = C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 4343 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"mmlucj"=C:\WINDOWS\system32\severe.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2008-04-24 259392]
"avipit"=C:\WINDOWS\system32\mmlucj.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2007-09-29 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
C:\WINDOWS\system32\00THotkey.exe [2002-08-20 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2002-07-16 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe [2002-05-30 163840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
C:\WINDOWS\system32\TFNF5.exe [2001-08-03 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THKem]
C:\WINDOWS\system32\THKem.exe [2002-09-24 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosRotation]
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe [2002-09-27 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2002-07-31 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tpwrtray]
C:\WINDOWS\system32\TPWRTRAY.EXE [2002-09-11 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trirot]
C:\WINDOWS\system32\Trirot.exe [2002-09-16 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
PC Health.lnk - C:\Program Files\Toshiba\TOSHIBA Management Console\TOSHealthLocalS.vbs

C:\Documents and Settings\home\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{00b46521-77d7-11dd-919f-00022db84a93}]
shell\Auto\command - D:\OSO.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0eb8f872-7566-11dd-9191-806d6172696f}]
shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{52348ff6-764b-11dd-9198-00022db84a93}]
shell\Auto\command - D:\OSO.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77ff1660-76e3-11dd-919e-00022db84a93}]
shell\Auto\command - D:\OSO.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe


List of files/folders created in the last three months

2008-09-05 10:58:21 ----D---- C:\rsit
2008-09-04 17:12:18 ----D---- C:\Program Files\Trend Micro
2008-09-03 13:47:21 ----D---- C:\WINDOWS\CSC
2008-09-03 13:47:06 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-02 16:11:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-02 16:10:33 ----D---- C:\WINDOWS\ie7updates
2008-09-02 14:59:14 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2008-09-02 14:53:56 ----D---- C:\Program Files\UnHackMe
2008-09-02 14:23:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 14:23:23 ----D---- C:\Program Files\ThreatFire
2008-09-02 14:23:23 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-09-02 14:06:01 ----D---- C:\WINDOWS\Prefetch
2008-09-02 13:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-02 13:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-02 13:18:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-02 13:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-02 13:18:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-02 13:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-02 13:17:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-02 13:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-02 13:17:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-02 13:08:20 ----D---- C:\WINDOWS\system32\scripting
2008-09-02 13:08:19 ----D---- C:\WINDOWS\l2schemas
2008-09-02 13:08:18 ----D---- C:\WINDOWS\system32\en
2008-09-02 13:08:18 ----D---- C:\WINDOWS\system32\bits
2008-09-02 13:04:59 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-02 13:02:41 ----D---- C:\WINDOWS\network diagnostic
2008-09-02 12:56:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-02 12:42:08 ----D---- C:\WINDOWS\WBEM
2008-09-02 12:42:06 ----D---- C:\WINDOWS\system32\en-US
2008-09-02 12:40:13 ----HDC---- C:\WINDOWS\ie7
2008-09-02 12:39:55 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-09-02 12:39:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-09-02 12:38:55 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-09-02 12:38:45 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-09-01 13:08:32 ----D---- C:\Program Files\Respondus LockDown Browser
2008-09-01 13:08:32 ----A---- C:\WINDOWS\system32\fpimage.dll
2008-09-01 13:08:22 ----D---- C:\Documents and Settings\home\Application Data\InstallShield
2008-09-01 08:36:37 ----D---- C:\Documents and Settings\home\Application Data\acccore
2008-09-01 08:34:20 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-01 08:34:19 ----D---- C:\Program Files\Viewpoint
2008-09-01 08:34:11 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-09-01 08:34:11 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-09-01 08:33:45 ----D---- C:\Program Files\Common Files\AOL
2008-09-01 08:33:38 ----D---- C:\Program Files\AIM6
2008-09-01 07:29:38 ----D---- C:\ca6d11e2cf04026004da57
2008-09-01 07:28:13 ----A---- C:\WINDOWS\system32\MRT.exe
2008-09-01 00:46:38 ----D---- C:\Documents and Settings\home\Application Data\Syntrillium
2008-09-01 00:46:22 ----A---- C:\WINDOWS\system32\wmvdmoe.dll
2008-09-01 00:46:22 ----A---- C:\WINDOWS\system32\wmvcore2.dll
2008-09-01 00:46:22 ----A---- C:\WINDOWS\system32\wmv8dmoe.dll
2008-09-01 00:46:22 ----A---- C:\WINDOWS\system32\wmv8dmod.dll
2008-08-30 03:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-30 00:52:10 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-08-30 00:52:07 ----D---- C:\Documents and Settings\home\Application Data\Adobe
2008-08-30 00:50:42 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-30 00:50:22 ----D---- C:\Program Files\Common Files\Adobe
2008-08-30 00:50:22 ----D---- C:\Program Files\Adobe
2008-08-30 00:44:24 ----D---- C:\Program Files\NOS
2008-08-30 00:44:24 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-08-30 00:38:45 ----A---- C:\WINDOWS\system32\hx1.bat
2008-08-30 00:38:43 ----N---- C:\WINDOWS\system32\mmlucj.dll
2008-08-30 00:28:11 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-08-30 00:24:05 ----D---- C:\Program Files\MSBuild
2008-08-30 00:23:08 ----D---- C:\Program Files\Microsoft Visual Studio
2008-08-30 00:16:05 ----D---- C:\WINDOWS\SHELLNEW
2008-08-30 00:08:18 ----D---- C:\Program Files\Microsoft Works
2008-08-30 00:07:40 ----D---- C:\Program Files\Common Files\DESIGNER
2008-08-30 00:06:35 ----A---- C:\WINDOWS\ODBC.INI
2008-08-30 00:03:49 ----D---- C:\Program Files\Microsoft Office
2008-08-30 00:03:47 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-30 00:02:59 ----RHD---- C:\MSOCache
2008-08-29 23:56:38 ----D---- C:\Documents and Settings\home\Application Data\WinRAR
2008-08-29 23:56:18 ----D---- C:\Program Files\WinRAR
2008-08-29 23:52:32 ----D---- C:\Program Files\Undisker
2008-08-29 23:34:46 ----D---- C:\Documents and Settings\home\Application Data\Mozilla
2008-08-29 23:34:35 ----D---- C:\Program Files\Mozilla Firefox
2008-08-29 23:22:56 ----D---- C:\Program Files\7-Zip
2008-08-29 23:18:16 ----SHD---- C:\RECYCLER
2008-08-29 23:11:04 ----A---- C:\WINDOWS\system32\efcATNEX.dll
2008-08-29 23:10:40 ----D---- C:\WINDOWS\privacy_danger
2008-08-29 19:05:55 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-29 19:05:50 ----D---- C:\Documents and Settings\home\Application Data\Azureus
2008-08-29 19:05:45 ----D---- C:\Program Files\AskSBar
2008-08-29 19:05:02 ----D---- C:\Program Files\Vuze(2)
2008-08-29 18:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-08-29 18:14:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-29 18:13:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-29 18:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-29 18:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-08-29 18:13:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-08-29 18:13:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-29 18:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-29 18:13:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-29 18:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-29 18:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-08-29 18:12:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-08-29 18:11:48 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-08-29 17:47:04 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-29 17:46:58 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-29 17:46:55 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-29 17:46:55 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-29 17:46:51 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-08-29 17:46:44 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-29 17:46:44 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-29 17:46:30 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-08-29 17:46:27 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-08-29 17:46:26 ----N---- C:\WINDOWS\system32\slserv.exe
2008-08-29 17:46:26 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-08-29 17:46:26 ----N---- C:\WINDOWS\system32\slgen.dll
2008-08-29 17:46:26 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-08-29 17:46:26 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-08-29 17:46:26 ----N---- C:\WINDOWS\slrundll.exe
2008-08-29 17:46:21 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-29 17:46:18 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-08-29 17:46:16 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-29 17:46:14 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-29 17:46:13 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-29 17:46:11 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-29 17:46:11 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-29 17:46:10 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-29 17:46:08 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-29 17:46:03 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-29 17:45:58 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-08-29 17:45:46 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-29 17:45:46 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-29 17:45:46 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-29 17:45:45 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-08-29 17:45:44 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-08-29 17:45:44 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-08-29 17:45:41 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-29 17:45:41 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-29 17:45:13 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-29 17:45:13 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-29 17:45:12 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-29 17:45:12 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-29 17:45:08 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-08-29 17:44:49 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-29 17:44:48 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-29 17:44:48 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-29 17:44:48 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-29 17:44:48 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-29 17:44:48 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-29 17:44:34 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-08-29 17:44:34 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-08-29 17:44:29 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-08-29 17:44:26 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-08-29 17:44:20 ----A---- C:\WINDOWS\002892_.tmp
2008-08-29 17:44:19 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-08-29 17:44:18 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-29 17:44:18 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-29 17:44:18 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-29 17:44:18 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-29 17:44:18 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-29 17:44:18 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-29 17:44:18 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-29 17:44:18 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-29 17:44:16 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-29 17:44:16 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-29 17:44:16 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-29 17:44:16 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-29 17:44:16 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-29 17:44:16 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-29 17:44:16 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-29 17:44:14 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-29 17:44:14 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-29 17:44:13 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-29 17:44:12 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-29 17:44:06 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-29 17:44:06 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-29 17:44:06 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-08-29 17:44:06 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-08-29 17:44:05 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-08-29 17:44:04 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-08-29 17:44:03 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-08-29 17:44:03 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-08-29 17:44:03 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-08-29 17:44:00 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-29 13:06:44 ----D---- C:\Documents and Settings\home\Application Data\Macromedia
2008-08-29 04:19:18 ----D---- C:\WINDOWS\system32\PreInstall
2008-08-29 04:19:17 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-08-29 04:19:17 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-08-29 04:19:15 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-08-29 04:19:15 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-29 04:05:38 ----D---- C:\WINDOWS\pss
2008-08-29 04:02:00 ----A---- C:\WINDOWS\system32\SDTOPCIA.dll
2008-08-29 04:02:00 ----A---- C:\WINDOWS\system32\SDDEVMGR.dll
2008-08-29 04:01:27 ----D---- C:\NetworkSwitch.temp
2008-08-29 03:59:06 ----A---- C:\WINDOWS\system32\tutildel.exe
2008-08-29 03:58:58 ----D---- C:\Utilities.temp
2008-08-29 03:58:14 ----D---- C:\Touched.temp
2008-08-29 03:57:45 ----N---- C:\WINDOWS\agrsmdel.exe
2008-08-29 03:57:45 ----D---- C:\Program Files\ltmoh
2008-08-29 03:57:45 ----A---- C:\WINDOWS\system32\tosmreg.ini
2008-08-29 03:57:45 ----A---- C:\WINDOWS\system32\tosmreg.exe
2008-08-29 03:57:45 ----A---- C:\WINDOWS\system32\cseltbl.ini
2008-08-29 03:57:45 ----A---- C:\WINDOWS\system32\csellang.ini
2008-08-29 03:57:45 ----A---- C:\WINDOWS\system32\csellang.dll
2008-08-29 03:57:45 ----A---- C:\WINDOWS\system32\cselect.exe
2008-08-29 03:57:30 ----D---- C:\WINDOWS\Options
2008-08-29 03:57:25 ----D---- C:\Modem.temp
2008-08-29 03:56:46 ----A---- C:\WINDOWS\system32\TOSSTDInf.dll
2008-08-29 03:56:46 ----A---- C:\WINDOWS\system32\TOSPartsInf.dll
2008-08-29 03:56:46 ----A---- C:\WINDOWS\system32\TOSOwnerInf.dll
2008-08-29 03:56:46 ----A---- C:\WINDOWS\system32\TOSMgmtInf.dll
2008-08-29 03:56:46 ----A---- C:\WINDOWS\system32\TOSMgmt.dll
2008-08-29 03:56:46 ----A---- C:\WINDOWS\system32\tosloginf.dll
2008-08-29 03:56:46 ----A---- C:\WINDOWS\system32\TOSExport.dll
2008-08-29 03:56:35 ----D---- C:\Managementconsole.temp
2008-08-29 03:55:20 ----D---- C:\Program Files\Apoint2K
2008-08-29 03:55:20 ----A---- C:\WINDOWS\system32\Vxdif.dll
2008-08-29 03:54:50 ----D---- C:\Touchpad.temp
2008-08-29 03:48:45 ----N---- C:\WINDOWS\system32\UnAudio.exe
2008-08-29 03:48:45 ----N---- C:\WINDOWS\system32\rmaudio.exe
2008-08-29 03:48:45 ----A---- C:\WINDOWS\system32\ALiSndMg.exe
2008-08-29 03:47:27 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-08-29 03:47:24 ----A---- C:\WINDOWS\system32\wdags48b.dll
2008-08-29 03:47:24 ----A---- C:\WINDOWS\system32\wcags48b.exe
2008-08-29 03:47:24 ----A---- C:\WINDOWS\system32\waags48b.dll
2008-08-29 03:46:42 ----A---- C:\WINDOWS\system32\TRot.dll
2008-08-29 03:46:42 ----A---- C:\WINDOWS\system32\SetRot.exe
2008-08-29 03:46:06 ----D---- C:\WINDOWS\TPE2
2008-08-29 03:46:06 ----A---- C:\WINDOWS\system32\TPWRTRAY.EXE
2008-08-29 03:46:06 ----A---- C:\WINDOWS\system32\TPWRTAB.DLL
2008-08-29 03:46:06 ----A---- C:\WINDOWS\system32\TPWRREG.DLL
2008-08-29 03:46:06 ----A---- C:\WINDOWS\system32\TPWRDEL.exe
2008-08-29 03:46:06 ----A---- C:\WINDOWS\system32\TPWRADAPT.DLL
2008-08-29 03:46:06 ----A---- C:\WINDOWS\system32\TPSICON.dll
2008-08-29 03:46:06 ----A---- C:\WINDOWS\system32\TDEVDETECT.DLL
2008-08-29 03:46:06 ----A---- C:\WINDOWS\system32\tcleanup.exe
2008-08-29 03:46:06 ----A---- C:\WINDOWS\system32\getnode.dll
2008-08-29 03:45:19 ----HD---- C:\Program Files\InstallShield Installation Information
2008-08-29 03:45:07 ----D---- C:\Program Files\Common Files\InstallShield
2008-08-29 03:44:22 ----A---- C:\WINDOWS\system32\Prounstl.exe
2008-08-29 03:44:22 ----A---- C:\WINDOWS\system32\IntelNic.dll
2008-08-29 03:43:41 ----D---- C:\Program Files\Toshiba
2008-08-29 03:43:41 ----A---- C:\WINDOWS\system32\TWarnMsg.exe
2008-08-29 03:43:41 ----A---- C:\WINDOWS\system32\Tsci.dll
2008-08-29 03:43:41 ----A---- C:\WINDOWS\system32\Thkemrun.exe
2008-08-29 03:43:41 ----A---- C:\WINDOWS\system32\Thkem.exe
2008-08-29 03:43:41 ----A---- C:\WINDOWS\system32\Thci.dll
2008-08-29 03:43:41 ----A---- C:\WINDOWS\system32\BrigthDL.dll
2008-08-29 03:43:41 ----A---- C:\WINDOWS\system32\00THotkey.exe
2008-08-29 03:43:41 ----A---- C:\WINDOWS\system32\000StTHK.exe
2008-08-29 03:43:35 ----A---- C:\WINDOWS\IsUninst.exe
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\videoico.exe
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\tvicon.exe
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\TVCtrl.dll
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\trirot.exe
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\tridxp.dll
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\tridicdf.dll
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\tdisplus.dll
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\tdispkor.dll
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\tdispjpn.dll
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\tdispita.dll
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\tdispfra.dll
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\tdispesp.dll
2008-08-29 03:35:48 ----A---- C:\WINDOWS\system32\tdispdeu.dll
2008-08-29 03:35:47 ----A---- C:\WINDOWS\system32\tdispchs.dll
2008-08-29 03:35:47 ----A---- C:\WINDOWS\system32\Rotation.dll
2008-08-29 03:35:47 ----A---- C:\WINDOWS\system32\RegServe.exe
2008-08-29 03:35:47 ----A---- C:\WINDOWS\system32\Multview.dll
2008-08-29 03:35:47 ----A---- C:\WINDOWS\system32\LCDCtrl.dll
2008-08-29 03:35:47 ----A---- C:\WINDOWS\system32\GenCtrl.dll
2008-08-29 03:35:47 ----A---- C:\WINDOWS\system32\CRTCtrl.dll
2008-08-29 03:35:47 ----A---- C:\WINDOWS\system32\ColorCtr.dll
2008-08-29 03:32:43 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-08-29 01:28:51 ----D---- C:\Documents and Settings\home\Application Data\Identities
2008-08-29 01:28:49 ----HD---- C:\Program Files\Uninstall Information
2008-08-29 01:28:43 ----ASH---- C:\Documents and Settings\home\Application Data\desktop.ini
2008-08-29 01:28:42 ----SD---- C:\Documents and Settings\home\Application Data\Microsoft
2008-08-29 01:27:09 ----D---- C:\WINDOWS\SoftwareDistribution
2008-08-29 01:27:03 ----SD---- C:\WINDOWS\system32\Microsoft
2008-08-29 01:27:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-08-29 01:20:58 ----D---- C:\WINDOWS\system32\xircom
2008-08-29 01:20:58 ----D---- C:\Program Files\xerox
2008-08-29 01:20:58 ----D---- C:\Program Files\microsoft frontpage
2008-08-29 01:20:10 ----A---- C:\WINDOWS\control.ini
2008-08-29 01:20:10 ----A---- C:\AUTOEXEC.BAT
2008-08-29 01:19:50 ----A---- C:\WINDOWS\OEWABLog.txt
2008-08-29 01:19:42 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-08-29 01:18:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-08-29 01:18:00 ----RD---- C:\WINDOWS\Offline Web Pages
2008-08-29 01:18:00 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-29 01:17:48 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-08-29 01:17:39 ----HD---- C:\Program Files\WindowsUpdate
2008-08-29 01:17:02 ----D---- C:\WINDOWS\system32\DirectX
2008-08-29 01:16:36 ----A---- C:\WINDOWS\system32\atrace.dll
2008-08-29 01:16:33 ----A---- C:\WINDOWS\system32\desktop.ini
2008-08-29 01:16:33 ----A---- C:\WINDOWS\desktop.ini
2008-08-29 01:16:25 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-08-29 01:16:24 ----A---- C:\WINDOWS\system32\acctres.dll
2008-08-29 01:16:23 ----D---- C:\Program Files\Common Files\Services
2008-08-29 01:16:19 ----SD---- C:\WINDOWS\Tasks
2008-08-29 01:16:19 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-08-29 01:16:18 ----D---- C:\Program Files\Common Files\MSSoap
2008-08-29 01:16:14 ----D---- C:\WINDOWS\srchasst
2008-08-29 01:16:13 ----D---- C:\WINDOWS\system32\Macromed
2008-08-29 01:16:10 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-08-29 01:16:10 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-08-29 01:16:10 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-08-29 01:16:10 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-08-29 01:16:09 ----A---- C:\WINDOWS\system32\wups.dll
2008-08-29 01:16:09 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-08-29 01:16:09 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-08-29 01:16:09 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-08-29 01:16:09 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-08-29 01:16:09 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-08-29 01:16:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-08-29 01:16:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-08-29 01:16:08 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-08-29 01:16:05 ----D---- C:\Program Files\Movie Maker
2008-08-29 01:16:00 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-08-29 01:16:00 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-08-29 01:16:00 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-08-29 01:15:59 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-08-29 01:15:56 ----D---- C:\WINDOWS\system32\Restore
2008-08-29 01:15:56 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-08-29 01:15:56 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-08-29 01:15:56 ----A---- C:\WINDOWS\system32\srclient.dll
2008-08-29 01:15:56 ----A---- C:\WINDOWS\system32\fltmc.exe
2008-08-29 01:15:56 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-08-29 01:15:55 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-08-29 01:15:55 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-08-29 01:15:55 ----A---- C:\WINDOWS\system32\ils.dll
2008-08-29 01:15:54 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-08-29 01:15:54 ----A---- C:\WINDOWS\system32\msconf.dll
2008-08-29 01:15:54 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-08-29 01:15:51 ----D---- C:\Program Files\NetMeeting
2008-08-29 01:15:51 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-08-29 01:15:51 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-08-29 01:15:50 ----A---- C:\WINDOWS\system32\inetres.dll
2008-08-29 01:15:50 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-08-29 01:15:48 ----D---- C:\Program Files\Outlook Express
2008-08-29 01:15:48 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-08-29 01:15:47 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-08-29 01:15:47 ----A---- C:\WINDOWS\system32\mstask.dll
2008-08-29 01:15:47 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-08-29 01:15:46 ----A---- C:\WINDOWS\system32\isign32.dll
2008-08-29 01:15:46 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-08-29 01:15:46 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-08-29 01:15:39 ----D---- C:\Program Files\Common Files\System
2008-08-29 01:15:35 ----D---- C:\Program Files\Internet Explorer
2008-08-29 01:14:34 ----D---- C:\Program Files\ComPlus Applications
2008-08-29 01:14:30 ----A---- C:\WINDOWS\vbaddin.ini
2008-08-29 01:14:30 ----A---- C:\WINDOWS\vb.ini
2008-08-29 01:14:21 ----D---- C:\WINDOWS\Registration
2008-08-29 01:14:08 ----D---- C:\Program Files\Windows Media Player
2008-08-29 01:14:08 ----D---- C:\Program Files\Online Services
2008-08-29 01:13:57 ----D---- C:\Program Files\Messenger
2008-08-29 01:13:53 ----D---- C:\Program Files\MSN Gaming Zone
2008-08-29 01:13:53 ----A---- C:\WINDOWS\system32\write.exe
2008-08-29 01:13:38 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-08-29 01:13:38 ----A---- C:\WINDOWS\system32\hticons.dll
2008-08-29 01:13:38 ----A---- C:\WINDOWS\system32\avwav.dll
2008-08-29 01:13:38 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-08-29 01:13:38 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-08-29 01:13:37 ----A---- C:\WINDOWS\system32\winchat.exe
2008-08-29 01:13:27 ----A---- C:\WINDOWS\system32\getuname.dll
2008-08-29 01:13:27 ----A---- C:\WINDOWS\system32\charmap.exe
2008-08-29 01:13:27 ----A---- C:\WINDOWS\system32\calc.exe
2008-08-29 01:13:26 ----A---- C:\WINDOWS\system32\winmine.exe
2008-08-29 01:13:26 ----A---- C:\WINDOWS\system32\sol.exe
2008-08-29 01:13:26 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-08-29 01:13:25 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-08-29 01:13:25 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-08-29 01:13:25 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-08-29 01:13:25 ----A---- C:\WINDOWS\system32\tskill.exe
2008-08-29 01:13:25 ----A---- C:\WINDOWS\system32\reset.exe
2008-08-29 01:13:25 ----A---- C:\WINDOWS\system32\freecell.exe
2008-08-29 01:13:24 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-08-29 01:13:24 ----A---- C:\WINDOWS\system32\tscon.exe
2008-08-29 01:13:24 ----A---- C:\WINDOWS\system32\shadow.exe
2008-08-29 01:13:24 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-08-29 01:13:24 ----A---- C:\WINDOWS\system32\regini.exe
2008-08-29 01:13:24 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-08-29 01:13:24 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-08-29 01:13:24 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-08-29 01:13:24 ----A---- C:\WINDOWS\system32\msg.exe
2008-08-29 01:13:23 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-08-29 01:13:23 ----A---- C:\WINDOWS\system32\logoff.exe
2008-08-29 01:13:23 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-08-29 01:13:22 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-08-29 01:13:22 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-08-29 01:13:22 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-08-29 01:13:22 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-08-29 01:13:22 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-08-29 01:13:22 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-08-29 01:13:21 ----A---- C:\WINDOWS\system32\stclient.dll
2008-08-29 01:13:21 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-08-29 01:13:13 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-08-29 01:13:06 ----D---- C:\Program Files\MSN
2008-08-29 01:13:05 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-08-29 01:13:05 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-08-29 01:13:05 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-08-29 01:13:04 ----D---- C:\Program Files\Windows NT
2008-08-29 01:13:04 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-08-29 01:13:04 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-08-29 01:13:04 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-08-29 01:13:03 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-08-29 01:13:03 ----A---- C:\WINDOWS\system32\spider.exe
2008-08-29 01:13:02 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-08-29 01:13:02 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-08-29 01:13:02 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-08-29 01:13:02 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-08-29 01:13:02 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-08-29 01:13:02 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-08-29 01:13:02 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-08-29 01:13:01 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-08-29 01:13:01 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-08-29 01:13:01 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-08-29 01:13:01 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-08-29 01:13:01 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-08-29 01:13:01 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-08-29 01:13:01 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-08-29 01:13:01 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-08-29 01:13:00 ----D---- C:\WINDOWS\system32\MsDtc
2008-08-29 01:13:00 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-08-29 01:13:00 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-08-29 01:13:00 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-08-29 01:13:00 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-08-29 01:13:00 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-08-29 01:12:59 ----D---- C:\WINDOWS\system32\Com
2008-08-29 01:12:59 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-08-29 01:12:59 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-08-29 01:12:59 ----A---- C:\WINDOWS\system32\colbact.dll
2008-08-29 01:12:58 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-08-29 01:12:58 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-08-29 01:12:58 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-08-29 01:12:58 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-08-29 01:12:58 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-08-29 01:12:57 ----A---- C:\WINDOWS\system32\comuid.dll
2008-08-29 01:12:57 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-08-29 01:12:48 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-08-29 01:12:48 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-08-29 01:12:48 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-08-29 01:12:47 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-08-28 20:10:45 ----A---- C:\WINDOWS\system32\h323log.txt
2008-08-28 20:06:42 ----A---- C:\WINDOWS\system32\irmon.dll
2008-08-28 20:06:41 ----A---- C:\WINDOWS\system32\wshirda.dll
2008-08-28 20:06:41 ----A---- C:\WINDOWS\system32\irftp.exe
2008-08-28 20:06:18 ----A---- C:\WINDOWS\system32\usbui.dll
2008-08-28 20:06:02 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-08-28 20:03:50 ----A---- C:\WINDOWS\imsins.BAK
2008-08-28 20:03:45 ----SHD---- C:\WINDOWS\Installer
2008-08-28 20:03:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-28 20:03:43 ----D---- C:\Program Files\Common Files\ODBC
2008-08-28 20:03:43 ----A---- C:\WINDOWS\ODBCINST.INI
2008-08-28 20:03:39 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-08-28 20:03:38 ----RD---- C:\Program Files
2008-08-28 20:03:38 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-08-28 20:03:38 ----D---- C:\Program Files\Common Files
2008-08-28 20:03:35 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-08-28 20:03:34 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-08-28 20:03:34 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-08-28 20:03:32 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-08-28 20:03:32 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-08-28 20:03:32 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-08-28 20:03:32 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-08-28 20:03:32 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-08-28 20:03:32 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-08-28 20:03:32 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-08-28 20:03:31 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-08-28 20:03:31 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-08-28 20:03:31 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-08-28 20:03:31 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-08-28 20:03:31 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-08-28 20:03:29 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-08-28 20:03:29 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-08-28 20:03:29 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-08-28 20:03:29 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-08-28 20:03:29 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-08-28 20:03:28 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-08-28 20:03:28 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-08-28 20:03:26 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-08-28 20:03:26 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-08-28 20:03:26 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-08-28 20:03:26 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-08-28 20:03:26 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-08-28 20:03:24 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-08-28 20:03:24 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-08-28 20:03:24 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-08-28 20:03:24 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-08-28 20:03:24 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-08-28 20:03:24 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-08-28 20:03:23 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-08-28 20:03:23 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-08-28 20:03:23 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-08-28 20:03:23 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-08-28 20:03:23 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-08-28 20:03:23 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-08-28 20:03:23 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-08-28 20:03:20 ----A---- C:\WINDOWS\system32\irclass.dll
2008-08-28 20:03:19 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-08-28 20:03:19 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-08-28 20:03:19 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-08-28 20:03:19 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-08-28 20:03:16 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-08-28 20:03:16 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-08-28 20:03:16 ----A---- C:\WINDOWS\system32\batt.dll
2008-08-28 20:03:15 ----A---- C:\WINDOWS\notepad.exe
2008-08-28 20:03:14 ----A---- C:\WINDOWS\system32\storprop.dll
2008-08-28 20:02:59----ASH----C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-08-28 20:02:52 ----RA---- C:\WINDOWS\SET8.tmp
2008-08-28 20:02:48 ----RA---- C:\WINDOWS\SET4.tmp
2008-08-28 20:02:46 ----RA---- C:\WINDOWS\SET3.tmp
2008-08-28 20:02:39 ----D---- C:\WINDOWS\system32\CatRoot2
2008-08-28 20:02:39 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-28 20:02:33 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-08-28 20:02:10 ----A---- C:\WINDOWS\setuplog.txt
2008-08-28 20:02:03 ----SHD---- C:\System Volume Information
2008-08-28 20:02:03 ----D---- C:\Documents and Settings
2008-08-28 19:59:07 ----SH---- C:\boot.ini
2008-08-28 19:51:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-08-28 19:51:20 ----RSD---- C:\WINDOWS\Fonts
2008-08-28 19:51:20 ----RD---- C:\WINDOWS\Web
2008-08-28 19:51:20 ----HD---- C:\WINDOWS\inf
2008-08-28 19:51:20 ----D---- C:\WINDOWS\WinSxS
2008-08-28 19:51:20 ----D---- C:\WINDOWS\twain_32
2008-08-28 19:51:20 ----D---- C:\WINDOWS\Temp
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\wins
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\wbem
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\usmt
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\spool
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\ShellExt
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\Setup
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\ras
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\oobe
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\npp
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\mui
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\inetsrv
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\IME
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\icsxml
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\ias
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\export
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\drivers
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\dhcp
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\config
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\3com_dmi
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\3076
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\2052
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\1054
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\1042
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\1041
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\1037
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\1033
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\1031
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\1028
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32\1025
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system32
2008-08-28 19:51:20 ----D---- C:\WINDOWS\system
2008-08-28 19:51:20 ----D---- C:\WINDOWS\security
2008-08-28 19:51:20 ----D---- C:\WINDOWS\Resources
2008-08-28 19:51:20 ----D---- C:\WINDOWS\repair
2008-08-28 19:51:20 ----D---- C:\WINDOWS\Provisioning
2008-08-28 19:51:20 ----D---- C:\WINDOWS\PeerNet
2008-08-28 19:51:20 ----D---- C:\WINDOWS\pchealth
2008-08-28 19:51:20 ----D---- C:\WINDOWS\mui
2008-08-28 19:51:20 ----D---- C:\WINDOWS\msapps
2008-08-28 19:51:20 ----D---- C:\WINDOWS\msagent
2008-08-28 19:51:20 ----D---- C:\WINDOWS\Media
2008-08-28 19:51:20 ----D---- C:\WINDOWS\java
2008-08-28 19:51:20 ----D---- C:\WINDOWS\ime
2008-08-28 19:51:20 ----D---- C:\WINDOWS\Help
2008-08-28 19:51:20 ----D---- C:\WINDOWS\ehome
2008-08-28 19:51:20 ----D---- C:\WINDOWS\Driver Cache
2008-08-28 19:51:20 ----D---- C:\WINDOWS\Debug
2008-08-28 19:51:20 ----D---- C:\WINDOWS\Cursors
2008-08-28 19:51:20 ----D---- C:\WINDOWS\Connection Wizard
2008-08-28 19:51:20 ----D---- C:\WINDOWS\Config
2008-08-28 19:51:20 ----D---- C:\WINDOWS\AppPatch
2008-08-28 19:51:20 ----D---- C:\WINDOWS\addins
2008-08-28 19:51:20 ----D---- C:\WINDOWS
2008-07-14 06:09:18 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-07-03 04:14:02 ----N---- C:\WINDOWS\system32\xpsp3res.dll

List of drivers

R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2002-06-21 1133440]
R3 ALiADWDM;ALi Audio Accelerator WDM Driver; C:\WINDOWS\system32\drivers\aliadwdm.sys [2002-09-08 273664]
R3 ALiIRDA;ALi Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\aliirda.sys [2001-12-17 26112]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2002-05-17 63501]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-08-16 139776]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 tridxp;tridxp; C:\WINDOWS\system32\DRIVERS\tridxpm.sys [2002-09-24 238464]
R3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\system32\DRIVERS\tsdhd.sys [2002-04-04 23392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\system32\DRIVERS\wacompen.sys [2008-04-13 14208]
R3 wlags48b;Wireless LAN PCCard Driver; C:\WINDOWS\system32\DRIVERS\wlags48b.sys [2002-06-28 156672]
S3 NPF;Netgroup Packet Filter; C:\WINDOWS\system32\drivers\npf.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\Drivers\Tbiosdrv.sys []
S3 TOSHIBASoftModem;Toshiba Soft Modem; C:\WINDOWS\system32\DRIVERS\LTSMT.sys [2001-08-17 797500]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\system32\DRIVERS\wlluc48.sys [2004-08-03 154624]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

List of services

R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2008-04-24 66880]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 getPlus® Helper;getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 31592]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------






















info.txt logfile of random's system information tool 2008-09-05 11:04:52

Uninstall list

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
ALi Audio Accelerator WDM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1DE3B55-D506-4291-BFDF-2DCBBAE277A3}\Setup.exe"
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
getPlus®-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Network Device Switch 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{364F2A4B-C161-4E2C-8627-1440BC2E8030}\Setup.exe"
Respondus LockDown Browser-->C:\Program Files\InstallShield Installation Information\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}\setup.exe -runfromtemp -l0x0009 -removeonly
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
ThreatFire 3.5-->"C:\Program Files\ThreatFire\unins000.exe"
TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9
Toshiba Hotkey Utility Emulator for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5EM.inf,DefaultUninstall,5
Toshiba Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Management Console Version 2.0 (2.0.5) Beta1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TOSHIBA Management Console\Uninst.isu" -c"C:\Program Files\TOSHIBA\TOSHIBA Management Console\ttinst.dll"
TOSHIBA Power Saver-->TPWRDEL.EXE
TOSHIBA Rotation Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53554FA3-F658-40F4-A7C6-4CD6F776A8F0}\setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
Toshiba Tbiosdrv Driver-->C:\PROGRA~1\Toshiba\TOSHIB~4\UNWISE.EXE C:\PROGRA~1\Toshiba\TOSHIB~4\INSTALL.LOG
TOSHIBA TouchPad On/Off Utility V2.04.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities-->tutildel.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Hosts File

127.0.0.1 mmsk.cn
127.0.0.1 ikaka.com
127.0.0.1 safe.qq.com
127.0.0.1 360safe.com
127.0.0.1 www.mmsk.cn
127.0.0.1 www.ikaka.com
127.0.0.1 tool.ikaka.com
127.0.0.1 www.360safe.com
127.0.0.1 zs.kingsoft.com
127.0.0.1 forum.ikaka.com

Security center information

AV: ThreatFire

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0b04
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 AM

Posted 11 September 2008 - 06:59 AM

Hi MzUnique and Welcome to BleepingComputer :thumbsup: Sorry for the delay in response we have over a hundred logs that needs to be answered.

My pc was infected and I bought a laptop. I needed to save some files from my comp to the laptop n believe it infected my laptop.

That is why when a computer is heavily infected we try not to save files on to another computer because it may infect the other one.

Posted ImageBackdoor Threat
Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

View Point Program and Peer-to-Peer Programs Warning

Viewpoint Manager and Viewpoint Media Player is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case Vuze/Azureus). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Thanks :)

Download and Run HostsXpert

Some infections will put malicious lines into your hosts files. We will reset your hosts file with HostsXpert.
  • Please down load HostsXpert.zip to your desktop and unzip the contents.
  • A folder named HostsXpert will be created. Open it and run HostsXpert.exe by double clicking it.
  • Click on the botton Make Writeable? .
  • Click Restore Microsoft's Hosts File.
  • Close out of the window.
If you have added modifications to your hosts file, they will need to be re-added later

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

Fix Hijackthis lines

Run HijackThis (select Do a system scan only) and put a checkmark next to the following lines:


F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\drivers\conime.exe
O4 - HKLM\..\Run: [mmlucj] C:\WINDOWS\system32\severe.exe
O4 - HKLM\..\Run: [avipit] C:\WINDOWS\system32\mmlucj.exe
  • Close all open windows except HijackThis.
  • Click Posted Image and OK at the prompt.
  • The screen will clear itself.
  • Close out of HijackThis.

Download and Run OTMoveIT
  • Please download OTMoveIt2 by OldTimerto your desktop.
  • Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quotebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    C:\WINDOWS\system32\drivers\conime.exe
    C:\WINDOWS\system32\severe.exe
    C:\WINDOWS\system32\mmlucj.exe
    C:\ca6d11e2cf04026004da57

  • Return to OTMoveIt2, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Click the red Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

After that is all completed, please provide the following in the next reply:
  • OtMoveit Log
  • New RSIT log( both log.txt and info.txt)<-Run RSIT after everything else.
  • How Is your Computer running now??
Thanks :)

With Reagards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:01:04 PM

Posted 17 September 2008 - 08:42 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users