Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Link Redirection/ Toseeka trojan?


  • This topic is locked This topic is locked
16 replies to this topic

#1 armennen

armennen

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 31 March 2009 - 03:30 PM

Hello,
In the last couple of days I have been redirected every time I click on a google link and now my firefox (my primary browser) is getting very slow, though the internet explorer seems still be normal speed-though with the redirections. I have been reading this forums for a bit and I have run some of the programs, most specifically, super antispyware, malwarebytes, and hijack this among others. Of course I can't really read the hijack this, so I don't do anything with that. The malwarebytes (as well as the antispyware) I have updated and scanned several times to no avail.

Thank you in advance!

here is my DDS scan:
DDS (Ver_09-03-16.01) - NTFSx86
Run by Joe Klein at 16:17:50.37 on Tue 03/31/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.121 [GMT -4:00]


============== Running Processes ===============

C:\WINDOW1\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOW1\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOW1\system32\spoolsv.exe
C:\WINDOW1\System32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOW1\stsystra.exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe
C:\WINDOW1\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOW1\system32\notepad.exe
C:\WINDOW1\explorer.exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\gmer\gmer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Local Settings\Temporary Internet Files\Content.IE5\HPW64TIO\dds[1].scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [uTorrent] "c:\documents and settings\joe klein.mortalreminder\desktop\utorrent.exe"
uRun: [ctfmon.exe] c:\window1\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [igfxtray] c:\window1\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\window1\system32\hkcmd.exe
mRun: [igfxpers] c:\window1\system32\igfxpers.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\window1\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\window1\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238007617937
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238009414062
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\joekle~1.mor\applic~1\mozilla\firefox\profiles\rsiht1vy.default\
FF - prefs.js: browser.startup.homepage - hxxp://michigan.rivals.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-11-17 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-11-17 7408]

=============== Created Last 30 ================

2009-03-31 15:18 161,792 a------- c:\window1\SWREG.exe
2009-03-31 15:18 98,816 a------- c:\window1\sed.exe
2009-03-31 08:05 <DIR> --d----- c:\program files\Sagasoft
2009-03-31 00:07 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-03-30 14:01 <DIR> --d----- c:\program files\CCleaner
2009-03-30 14:01 <DIR> --d----- c:\docume~1\joekle~1.mor\applic~1\Malwarebytes
2009-03-30 14:00 15,504 a------- c:\window1\system32\drivers\mbam.sys
2009-03-30 14:00 38,496 a------- c:\window1\system32\drivers\mbamswissarmy.sys
2009-03-30 14:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 14:00 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-03-30 11:23 <DIR> --d----- c:\window1\system32\scripting
2009-03-30 11:23 <DIR> --d----- c:\window1\l2schemas
2009-03-30 11:23 <DIR> --d----- c:\window1\system32\en
2009-03-26 09:56 <DIR> --d----- c:\window1\network diagnostic
2009-03-26 09:56 33,792 ac------ c:\window1\system32\dllcache\custsat.dll
2009-03-25 22:01 50,688 -------- c:\window1\system32\tspkg.dll
2009-03-25 22:00 144,384 -------- c:\window1\system32\onex.dll
2009-03-25 21:59 221,184 -c------ c:\window1\system32\dllcache\msadds32.ax
2009-03-25 21:58 19,569 a------- c:\window1\004997_.tmp
2009-03-25 21:57 159,232 -c------ c:\window1\system32\dllcache\cewmdm.dll
2009-03-25 21:57 286,720 -c------ c:\window1\system32\dllcache\blackbox.dll
2009-03-25 21:57 999 -c------ c:\window1\system32\dllcache\bktrh.gif
2009-03-25 21:57 7,168 -------- c:\window1\system32\bitsprx4.dll
2009-03-25 21:57 233,472 -------- c:\window1\system32\azroles.dll
2009-03-25 21:57 8,192 -c------ c:\window1\system32\dllcache\asferror.dll
2009-03-25 21:56 136,192 -------- c:\window1\system32\aaclient.dll
2009-03-25 20:58 6,272 a------- c:\window1\system32\drivers\splitter.sys
2009-03-25 20:57 83,072 a------- c:\window1\system32\drivers\wdmaud.sys
2009-03-25 20:57 52,864 a------- c:\window1\system32\drivers\dmusic.sys
2009-03-25 20:57 56,576 a------- c:\window1\system32\drivers\swmidi.sys
2009-03-25 20:57 142,592 a------- c:\window1\system32\drivers\aec.sys
2009-03-25 20:57 172,416 a------- c:\window1\system32\drivers\kmixer.sys
2009-03-25 20:57 2,944 a------- c:\window1\system32\drivers\drmkaud.sys
2009-03-25 20:57 60,800 a------- c:\window1\system32\drivers\sysaudio.sys
2009-03-25 20:55 339,968 a------- c:\window1\stsystra.exe
2009-03-25 20:55 159,825 a------- c:\window1\system32\stac97.cpl
2009-03-25 20:55 60,160 a------- c:\window1\system32\drivers\drmk.sys
2009-03-25 20:55 112,128 a------- c:\window1\system32\staco.dll
2009-03-25 20:52 1,047,816 a------- c:\window1\system32\drivers\sthda.sys
2009-03-25 20:52 172,032 a------- c:\window1\system32\stacapi.dll
2009-03-25 20:52 <DIR> --d----- c:\program files\SigmaTel
2009-03-25 20:30 107,368 a------- c:\window1\system32\GEARAspi.dll
2009-03-25 20:30 23,848 a------- c:\window1\system32\drivers\GEARAspiWDM.sys
2009-03-25 20:29 <DIR> --d----- c:\program files\iTunes
2009-03-25 20:29 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 20:29 <DIR> --d----- c:\program files\Bonjour
2009-03-25 20:26 272,128 -c------ c:\window1\system32\dllcache\bthport.sys
2009-03-25 20:22 2,145,280 -c------ c:\window1\system32\dllcache\ntkrnlmp.exe
2009-03-25 20:22 2,189,184 -c------ c:\window1\system32\dllcache\ntoskrnl.exe
2009-03-25 20:22 2,023,936 -c------ c:\window1\system32\dllcache\ntkrpamp.exe
2009-03-25 20:22 2,066,048 -c------ c:\window1\system32\dllcache\ntkrnlpa.exe
2009-03-25 20:22 3,594,752 -c------ c:\window1\system32\dllcache\mshtml.dll
2009-03-25 20:20 203,136 -c------ c:\window1\system32\dllcache\rmcast.sys
2009-03-25 20:20 455,296 -c------ c:\window1\system32\dllcache\mrxsmb.sys
2009-03-25 20:20 331,776 -c------ c:\window1\system32\dllcache\msadce.dll
2009-03-25 20:20 333,952 -c------ c:\window1\system32\dllcache\srv.sys
2009-03-25 20:19 691,712 -c------ c:\window1\system32\dllcache\inetcomm.dll
2009-03-25 20:19 247,326 -c------ c:\window1\system32\dllcache\strmdll.dll
2009-03-25 20:19 337,408 -c------ c:\window1\system32\dllcache\netapi32.dll
2009-03-25 20:19 1,106,944 -c------ c:\window1\system32\dllcache\msxml3.dll
2009-03-25 20:18 46,352 a------- c:\window1\setdebug.exe
2009-03-25 20:18 7,315 a------- c:\window1\system32\javasup.vxd
2009-03-25 20:18 139,536 a------- c:\window1\system32\javaee.dll
2009-03-25 20:18 6,550 a------- c:\window1\jautoexp.dat
2009-03-25 20:18 113 a------- c:\window1\system32\zonedon.reg
2009-03-25 20:18 113 a------- c:\window1\system32\zonedoff.reg
2009-03-25 20:13 56,532 a---h--- c:\window1\system32\mlfcache.dat
2009-03-25 20:07 32,592 a------- c:\window1\system32\msonpmon.dll
2009-03-25 19:58 <DIR> --d----- c:\window1\SHELLNEW
2009-03-25 17:41 <DIR> --d----- c:\docume~1\joekle~1.mor\applic~1\New Tier
2009-03-25 17:41 <DIR> --d----- c:\docume~1\joekle~1.mor\applic~1\Propellerhead Software
2009-03-25 17:35 <DIR> --d----- c:\docume~1\joekle~1.mor\applic~1\SiteAdvisor
2009-03-25 17:35 <DIR> --d----- c:\docume~1\joekle~1.mor\applic~1\SUPERAntiSpyware.com
2009-03-25 17:35 47,360 a------- c:\docume~1\joekle~1.mor\applic~1\pcouffin.sys
2009-03-25 17:35 <DIR> --d----- c:\docume~1\joekle~1.mor\applic~1\XnView
2009-03-25 17:35 <DIR> --d----- c:\docume~1\joekle~1.mor\applic~1\Windows Search
2009-03-25 17:35 <DIR> --d----- c:\docume~1\joekle~1.mor\applic~1\Windows Desktop Search
2009-03-25 17:35 81,920 a------- c:\docume~1\joekle~1.mor\applic~1\ezpinst.exe
2009-03-25 17:18 316,640 a------- c:\window1\WMSysPr9.prx
2009-03-25 17:11 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Citrix
2009-03-25 17:11 <DIR> --d----- c:\program files\Citrix
2009-03-25 17:10 <DIR> --d----- c:\window1\peernet
2009-03-25 17:10 <DIR> --d----- c:\window1\provisioning
2009-03-25 17:08 1,902 -------- c:\window1\system32\SetupBD.din
2009-03-25 17:08 155,648 a------- c:\window1\system32\drivers\e100b325.sys
2009-03-25 17:08 126,976 a------- c:\window1\system32\Prounstl.exe
2009-03-25 17:08 19,456 a------- c:\window1\system32\IntelNic.dll
2009-03-25 17:08 5,110 a------- c:\window1\system32\e100b325.din
2009-03-25 17:08 <DIR> --d----- C:\drvrtmp
2009-03-25 17:04 <DIR> --d----- c:\window1\ServicePackFiles
2009-03-25 16:52 <DIR> --d----- c:\window1\EHome
2009-03-25 16:44 11,264 -------- c:\window1\system32\spnpinst.exe
2009-03-25 16:44 67,866 -------- c:\window1\system32\drivers\netwlan5.img
2009-03-25 16:44 7,208 -------- c:\window1\system32\secupd.sig
2009-03-25 16:44 4,569 -------- c:\window1\system32\secupd.dat
2009-03-25 15:31 268,648 a------- c:\window1\system32\mucltui.dll
2009-03-25 15:31 27,496 a------- c:\window1\system32\mucltui.dll.mui
2009-03-25 15:04 <DIR> --d----- c:\window1\system32\PreInstall
2009-03-25 15:04 26,488 a------- c:\window1\system32\spupdsvc.exe
2009-03-25 15:04 <DIR> --d-h--- c:\window1\$hf_mig$
2009-03-25 15:03 <DIR> --d----- c:\program files\uTorrent
2009-03-25 15:03 <DIR> --d----- c:\docume~1\joekle~1.mor\applic~1\uTorrent
2009-03-25 15:03 <DIR> --d----- c:\window1\system32\bits
2009-03-25 15:03 354,304 a------- c:\window1\system32\winhttp.dll
2009-03-25 15:03 18,944 a------- c:\window1\system32\qmgrprxy.dll
2009-03-25 15:03 438,784 -------- c:\window1\system32\xpob2res.dll
2009-03-25 15:03 8,192 -------- c:\window1\system32\bitsprx2.dll
2009-03-25 15:03 7,168 -------- c:\window1\system32\bitsprx3.dll
2009-03-25 15:02 213,528 a------- c:\window1\system32\wuaucpl.cpl
2009-03-25 15:02 31,768 a------- c:\window1\system32\wucltui.dll.mui
2009-03-25 15:02 23,576 a------- c:\window1\system32\wuaucpl.cpl.mui
2009-03-25 15:02 23,576 a------- c:\window1\system32\wuapi.dll.mui
2009-03-25 15:02 18,456 a------- c:\window1\system32\wuaueng.dll.mui
2009-03-25 15:00 <DIR> --ds---- c:\documents and settings\joe klein.mortalreminder\UserData
2009-03-25 14:27 139,264 a------- c:\window1\system32\igfxres.dll
2009-03-25 14:23 <DIR> --d----- C:\WUTemp
2009-03-25 14:23 191,488 a------- c:\window1\system32\iuengine.dll
2009-03-25 14:19 7,552 a------- c:\window1\system32\drivers\mskssrv.sys
2009-03-25 14:19 5,376 a------- c:\window1\system32\drivers\mspclock.sys
2009-03-25 14:19 4,992 a------- c:\window1\system32\drivers\mspqm.sys
2009-03-25 14:19 16,128 ac------ c:\window1\system32\dllcache\modemcsa.sys
2009-03-25 14:19 129,536 a------- c:\window1\system32\ksproxy.ax
2009-03-25 14:19 16,128 a------- c:\window1\system32\drivers\MODEMCSA.sys
2009-03-25 14:19 4,096 a------- c:\window1\system32\ksuser.dll
2009-03-25 14:18 1,339,776 a------- c:\window1\system32\drivers\IntelC51.sys
2009-03-25 14:18 618,880 a------- c:\window1\system32\drivers\IntelC52.sys
2009-03-25 14:18 172,032 a------- c:\window1\system32\intelmoh.dll
2009-03-25 14:18 49,152 a------- c:\window1\system32\mhwt.dll
2009-03-25 14:18 47,360 a------- c:\window1\system32\drivers\IntelC53.sys
2009-03-25 14:18 36,880 a------- c:\window1\system32\drivers\mohfilt.sys
2009-03-25 14:18 33,792 a------- c:\window1\system32\IntelCci.dll
2009-03-25 14:15 74,240 a------- c:\window1\system32\usbui.dll
2009-03-25 14:15 143,872 a------- c:\window1\system32\drivers\usbport.sys
2009-03-25 14:15 59,520 a------- c:\window1\system32\drivers\usbhub.sys
2009-03-25 14:15 30,208 a------- c:\window1\system32\drivers\usbehci.sys
2009-03-25 14:15 20,608 a------- c:\window1\system32\drivers\usbuhci.sys
2009-03-25 14:15 3,328 ac------ c:\window1\system32\dllcache\pciide.sys
2009-03-25 14:15 96,512 a------- c:\window1\system32\drivers\atapi.sys
2009-03-25 14:15 24,960 a------- c:\window1\system32\drivers\pciidex.sys
2009-03-25 14:15 3,328 a------- c:\window1\system32\drivers\pciide.sys
2009-03-25 14:15 68,224 a------- c:\window1\system32\drivers\pci.sys
2009-03-25 14:15 37,248 a------- c:\window1\system32\drivers\isapnp.sys
2009-03-25 14:15 <DIR> --d----- c:\window1\system32\ReinstallBackups
2009-03-25 05:38 <DIR> --ds---- c:\window1\system32\Microsoft
2009-03-25 05:29 <DIR> --dsh--- c:\window1\Installer
2009-03-25 05:29 <DIR> --d----- c:\documents and settings\Joe Klein.MORTALREMINDER
2009-03-25 05:28 12,160 a------- c:\window1\system32\drivers\mouhid.sys
2009-03-25 05:28 8,192 a------- c:\window1\REGLOCS.OLD
2009-03-25 05:25 92,416 ac------ c:\window1\system32\dllcache\mga.sys
2009-03-25 05:24 2,134,528 ac------ c:\window1\system32\dllcache\EXCH_smtpsnap.dll
2009-03-25 05:24 175,104 ac------ c:\window1\system32\dllcache\EXCH_smtpadm.dll
2009-03-25 05:24 <DIR> --d----- c:\window1\system32\xircom
2009-03-25 05:24 2,577 a------- c:\window1\system32\CONFIG.NT
2009-03-25 05:24 0 a------- c:\window1\control.ini
2009-03-25 05:24 25,065 a------- c:\window1\system32\wmpscheme.xml
2009-03-25 05:24 23,392 a------- c:\window1\system32\nscompat.tlb
2009-03-25 05:24 16,832 a------- c:\window1\system32\amcompat.tlb
2009-03-25 05:24 299,552 a------- c:\window1\WMSysPrx.prx
2009-03-25 05:23 <DIR> --dsh--- c:\documents and settings\all users.window1\DRM
2009-03-25 05:23 488 a---hr-- c:\window1\system32\WindowsLogon.manifest
2009-03-25 05:23 488 a---hr-- c:\window1\system32\logonui.exe.manifest
2009-03-25 05:23 <DIR> --ds---- c:\window1\Downloaded Program Files
2009-03-25 05:23 <DIR> --d--r-- c:\window1\Offline Web Pages
2009-03-25 05:23 749 a---hr-- c:\window1\WindowsShell.Manifest
2009-03-25 05:23 749 a---hr-- c:\window1\system32\wuaucpl.cpl.manifest
2009-03-25 05:23 749 a---hr-- c:\window1\system32\sapi.cpl.manifest
2009-03-25 05:23 749 a---hr-- c:\window1\system32\nwc.cpl.manifest
2009-03-25 05:23 749 a---hr-- c:\window1\system32\ncpa.cpl.manifest
2009-03-25 05:23 749 a---hr-- c:\window1\system32\cdplayer.exe.manifest
2009-03-25 05:23 4,399,505 ac------ c:\window1\system32\dllcache\nls302en.lex
2009-03-25 05:23 <DIR> --d----- c:\window1\system32\DirectX
2009-03-24 21:16 <DIR> --d--r-- c:\documents and settings\all users.window1\Documents
2009-03-13 13:48 <DIR> --d----- c:\temp\atmp8

==================== Find3M ====================

2009-03-30 11:28 77,423 a------- c:\window1\pchealth\helpctr\offlinecache\index.dat
2009-03-25 20:18 2,678 a------- c:\window1\java\packages\data\TRRJZBZD.DAT
2009-03-25 20:18 2,678 a------- c:\window1\java\packages\data\A3T7NTNR.DAT
2009-03-25 20:18 2,678 a------- c:\window1\java\packages\data\OXZ739F5.DAT
2009-03-25 20:18 2,678 a------- c:\window1\java\packages\data\G9N1ZDBV.DAT
2009-03-25 20:18 2,678 a------- c:\window1\java\packages\data\A2F7XFLN.DAT
2009-03-25 17:11 61,224 a------- c:\window1\java\GoToAssistDownloadHelper.exe
2009-03-25 05:24 558,142 a------- c:\window1\java\packages\DFXNTFTF.ZIP
2009-03-25 05:24 155,995 a------- c:\window1\java\packages\A0QO9JZF.ZIP
2009-03-25 05:22 21,640 a------- c:\window1\system32\emptyregdb.dat
2009-03-15 06:25 56,268 a------- c:\window1\system32\drivers\scdemu.sys
2009-02-09 07:13 1,846,784 a------- c:\window1\system32\win32k.sys

============= FINISH: 16:18:36.00 ===============

thanks again, any help is appreciated.

Attached Files



BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:32 PM

Posted 08 April 2009 - 04:09 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 armennen

armennen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 13 April 2009 - 09:30 PM

Hello suebaby,
Sorry about the tardiness of my reply, hopefully the topic won't be closed on account of my delinquency. Anyways, thanks for the help and here's the log you requested.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Joe Klein at 2009-04-13 22:27:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 13 GB (9%) free of 148 GB
Total RAM: 502 MB (6% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:36 PM, on 4/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOW1\System32\smss.exe
C:\WINDOW1\system32\winlogon.exe
C:\WINDOW1\system32\services.exe
C:\WINDOW1\system32\lsass.exe
C:\WINDOW1\system32\svchost.exe
C:\WINDOW1\System32\svchost.exe
C:\WINDOW1\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOW1\System32\svchost.exe
C:\WINDOW1\system32\SearchIndexer.exe
C:\WINDOW1\Explorer.EXE
C:\WINDOW1\System32\hkcmd.exe
C:\WINDOW1\System32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOW1\stsystra.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe
C:\WINDOW1\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOW1\System32\svchost.exe
C:\WINDOW1\system32\NOTEPAD.EXE
C:\WINDOW1\system32\SearchProtocolHost.exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Local Settings\Temporary Internet Files\Content.IE5\OFXAHP4W\RSIT[1].exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\FIX\Joe Klein.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOW1\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOW1\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOW1\System32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOW1\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW1\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238007617937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238009414062
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5376 bytes

======Scheduled tasks folder======

C:\WINDOW1\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOW1\System32\igfxtray.exe [2006-03-24 94208]
"igfxhkcmd"=C:\WINDOW1\System32\hkcmd.exe [2006-03-24 77824]
"igfxpers"=C:\WINDOW1\System32\igfxpers.exe [2006-03-24 118784]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SigmatelSysTrayApp"=C:\WINDOW1\stsystra.exe [2005-03-22 339968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe [2009-03-25 270128]
"ctfmon.exe"=C:\WINDOW1\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]

C:\Documents and Settings\All Users.WINDOW1\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-01-09 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOW1\system32\igfxdev.dll [2006-03-24 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe"="C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2009-04-13 22:27:26 ----D---- C:\rsit
2009-04-11 17:38:33 ----A---- C:\WINDOW1\system32\ptpusb.dll
2009-04-11 17:38:23 ----A---- C:\WINDOW1\system32\ptpusd.dll
2009-04-09 19:47:08 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\vsosdk
2009-04-09 09:49:15 ----A---- C:\WINDOW1\BRWMARK.INI
2009-04-09 09:46:51 ----A---- C:\WINDOW1\BRVIDEO.INI
2009-04-09 09:46:51 ----A---- C:\WINDOW1\brmx2001.ini
2009-04-09 09:46:51 ----A---- C:\WINDOW1\BRDIAG.INI
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRVPDNTA.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRVPD95A.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRGSRC32.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRGSRC16.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\Brdiag2.exe
2009-04-09 09:46:50 ----N---- C:\WINDOW1\system32\BRRBTOOL.EXE
2009-04-09 09:46:50 ----D---- C:\Program Files\Brownie
2009-04-09 09:46:50 ----A---- C:\WINDOW1\HL-2040.INI
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\BROSNMP.DLL
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\brlmw03a.ini
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\brlmw03a.dll
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\brlm03a.dll
2009-04-09 09:46:06 ----D---- C:\Program Files\Brother
2009-04-09 09:46:06 -------- C:\WINDOW1\system32\Pdrvinst.dll
2009-04-09 09:45:55 ----A---- C:\WINDOW1\Brownie.ini
2009-04-08 16:02:05 ----D---- C:\Program Files\iTunes
2009-04-08 16:02:05 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 08:35:08 ----A---- C:\WINDOW1\system32\lfgif13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltkrn13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltimg13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltfil13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltefx13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltdis13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\lfcmp13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\lfbmp13n.dll
2009-03-31 17:34:45 ----HDC---- C:\WINDOW1\$NtUninstallKB961118$
2009-03-31 17:05:48 ----D---- C:\WINDOW1\system32\XPSViewer
2009-03-31 17:05:32 ----D---- C:\Program Files\Reference Assemblies
2009-03-31 17:04:48 ----N---- C:\WINDOW1\system32\prntvpt.dll
2009-03-31 17:04:47 ----N---- C:\WINDOW1\system32\xpssvcs.dll
2009-03-31 17:04:47 ----N---- C:\WINDOW1\system32\xpsshhdr.dll
2009-03-31 17:04:47 ----D---- C:\7f1c3085bd5d3f754b65d96f36e5b9f8
2009-03-31 16:56:32 ----D---- C:\WINDOW1\system32\GroupPolicy
2009-03-31 16:56:20 ----HDC---- C:\WINDOW1\$NtUninstallKB940157$
2009-03-31 16:56:11 ----HDC---- C:\WINDOW1\$NtUninstallKB915800-v4$
2009-03-31 16:53:38 ----RSD---- C:\WINDOW1\assembly
2009-03-31 16:53:38 ----D---- C:\WINDOW1\Microsoft.NET
2009-03-31 16:53:36 ----D---- C:\WINDOW1\system32\URTTemp
2009-03-31 15:26:52 ----SHD---- C:\RECYCLER
2009-03-31 15:25:12 ----D---- C:\WINDOW1\temp
2009-03-31 15:25:11 ----A---- C:\ComboFix.txt
2009-03-31 15:18:27 ----A---- C:\WINDOW1\zip.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\VFIND.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\SWXCACLS.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\SWSC.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\SWREG.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\sed.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\NIRCMD.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\grep.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\fdsv.exe
2009-03-31 10:02:07 ----A---- C:\WINDOW1\system32\tmp.txt
2009-03-31 10:02:03 ----A---- C:\rapport.txt
2009-03-31 08:05:06 ----D---- C:\Program Files\Sagasoft
2009-03-31 00:50:56 ----HDC---- C:\WINDOW1\$NtUninstallKB951978$
2009-03-31 00:50:48 ----HDC---- C:\WINDOW1\$NtUninstallKB954459$
2009-03-31 00:07:27 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\SUPERAntiSpyware.com
2009-03-30 19:46:35 ----HDC---- C:\WINDOW1\$NtUninstallKB946648$
2009-03-30 17:27:45 ----D---- C:\WINDOW1\Prefetch
2009-03-30 14:01:39 ----D---- C:\WINDOW1\ERDNT
2009-03-30 14:01:17 ----D---- C:\Program Files\CCleaner
2009-03-30 14:01:00 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Malwarebytes
2009-03-30 14:00:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-30 14:00:54 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Malwarebytes
2009-03-30 11:33:05 ----HDC---- C:\WINDOW1\$NtUninstallKB967715$
2009-03-30 11:32:55 ----HDC---- C:\WINDOW1\$NtUninstallKB960225$
2009-03-30 11:32:48 ----HDC---- C:\WINDOW1\$NtUninstallKB958690$
2009-03-30 11:32:40 ----HDC---- C:\WINDOW1\$NtUninstallKB958687$
2009-03-30 11:32:34 ----HDC---- C:\WINDOW1\$NtUninstallKB958644$
2009-03-30 11:32:26 ----HDC---- C:\WINDOW1\$NtUninstallKB957097$
2009-03-30 11:32:17 ----HDC---- C:\WINDOW1\$NtUninstallKB956841$
2009-03-30 11:32:10 ----HDC---- C:\WINDOW1\$NtUninstallKB956803$
2009-03-30 11:32:01 ----HDC---- C:\WINDOW1\$NtUninstallKB956802$
2009-03-30 11:31:53 ----HDC---- C:\WINDOW1\$NtUninstallKB955069$
2009-03-30 11:31:46 ----HDC---- C:\WINDOW1\$NtUninstallKB954600$
2009-03-30 11:31:40 ----HDC---- C:\WINDOW1\$NtUninstallKB952954$
2009-03-30 11:31:25 ----HDC---- C:\WINDOW1\$NtUninstallKB952287$
2009-03-30 11:31:17 ----HDC---- C:\WINDOW1\$NtUninstallKB951748$
2009-03-30 11:31:10 ----HDC---- C:\WINDOW1\$NtUninstallKB951698$
2009-03-30 11:31:04 ----HDC---- C:\WINDOW1\$NtUninstallKB951376-v2$
2009-03-30 11:30:55 ----HDC---- C:\WINDOW1\$NtUninstallKB951066$
2009-03-30 11:30:48 ----HDC---- C:\WINDOW1\$NtUninstallKB950974$
2009-03-30 11:30:42 ----HDC---- C:\WINDOW1\$NtUninstallKB950762$
2009-03-30 11:30:32 ----HDC---- C:\WINDOW1\$NtUninstallKB938464-v2$
2009-03-30 11:23:18 ----D---- C:\WINDOW1\system32\scripting
2009-03-30 11:23:17 ----D---- C:\WINDOW1\l2schemas
2009-03-30 11:23:16 ----D---- C:\WINDOW1\system32\en
2009-03-26 13:45:19 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-26 13:44:13 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Adobe
2009-03-26 13:43:08 ----D---- C:\Program Files\Adobe
2009-03-26 13:39:56 ----D---- C:\Program Files\NOS
2009-03-26 13:39:56 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\NOS
2009-03-26 10:00:50 ----D---- C:\WINDOW1\ie7updates
2009-03-26 10:00:04 ----D---- C:\WINDOW1\WBEM
2009-03-26 10:00:03 ----D---- C:\WINDOW1\system32\en-US
2009-03-26 09:58:45 ----HDC---- C:\WINDOW1\ie7
2009-03-26 09:58:31 ----HDC---- C:\WINDOW1\$NtServicePackUninstallIDNMitigationAPIs$
2009-03-26 09:58:13 ----HDC---- C:\WINDOW1\$NtServicePackUninstallNLSDownlevelMapping$
2009-03-26 09:57:48 ----HDC---- C:\WINDOW1\$NtUninstallKB915865$
2009-03-26 09:57:43 ----N---- C:\WINDOW1\system32\xmllite.dll
2009-03-26 09:56:28 ----D---- C:\WINDOW1\network diagnostic
2009-03-26 09:56:26 ----HDC---- C:\WINDOW1\$NtUninstallKB914440$
2009-03-26 09:56:17 ----HDC---- C:\WINDOW1\$NtUninstallKB904942$
2009-03-26 05:30:35 ----HDC---- C:\WINDOW1\$NtUninstallKB951376-v2_0$
2009-03-26 05:30:29 ----HDC---- C:\WINDOW1\$NtUninstallKB952954_0$
2009-03-26 05:30:04 ----HDC---- C:\WINDOW1\$NtUninstallKB956803_0$
2009-03-26 05:29:33 ----HDC---- C:\WINDOW1\$NtUninstallKB955839$
2009-03-26 05:29:17 ----HDC---- C:\WINDOW1\$NtUninstallKB958215$
2009-03-26 05:28:19 ----HDC---- C:\WINDOW1\$NtUninstallKB950974_0$
2009-03-26 05:28:13 ----HDC---- C:\WINDOW1\$NtUninstallKB951698_0$
2009-03-26 05:28:05 ----HDC---- C:\WINDOW1\$NtUninstallKB960225_0$
2009-03-26 05:27:56 ----HDC---- C:\WINDOW1\$NtUninstallKB956841_0$
2009-03-26 05:27:48 ----HDC---- C:\WINDOW1\$NtUninstallKB960714$
2009-03-26 05:26:44 ----HDC---- C:\WINDOW1\$NtUninstallKB938464-v2_0$
2009-03-26 05:26:39 ----HDC---- C:\WINDOW1\$NtUninstallKB952069_WM9$
2009-03-26 05:25:42 ----HDC---- C:\WINDOW1\$NtUninstallKB950762_0$
2009-03-26 05:25:37 ----HDC---- C:\WINDOW1\$NtUninstallKB957097_0$
2009-03-26 05:25:32 ----HDC---- C:\WINDOW1\$NtUninstallKB960715$
2009-03-26 05:25:27 ----HDC---- C:\WINDOW1\$NtUninstallKB958687_0$
2009-03-26 05:25:22 ----HDC---- C:\WINDOW1\$NtUninstallKB952287_0$
2009-03-26 05:25:12 ----HDC---- C:\WINDOW1\$NtUninstallKB967715_0$
2009-03-26 05:25:06 ----HDC---- C:\WINDOW1\$NtUninstallKB950760$
2009-03-26 05:25:01 ----HDC---- C:\WINDOW1\$NtUninstallKB951066_0$
2009-03-26 05:24:52 ----HDC---- C:\WINDOW1\$NtUninstallKB958690_0$
2009-03-26 05:18:13 ----HDC---- C:\WINDOW1\$NtUninstallKB951748_0$
2009-03-26 05:18:07 ----HDC---- C:\WINDOW1\$NtUninstallKB954600_0$
2009-03-26 05:18:02 ----HDC---- C:\WINDOW1\$NtUninstallKB958644_0$
2009-03-26 05:17:56 ----HDC---- C:\WINDOW1\$NtUninstallKB955069_0$
2009-03-26 05:17:37 ----HDC---- C:\WINDOW1\$NtUninstallKB956802_0$
2009-03-26 05:17:31 ----N---- C:\WINDOW1\system32\spmsg.dll
2009-03-26 05:17:29 ----HDC---- C:\WINDOW1\$NtUninstallKB944338-v2$
2009-03-25 22:02:29 ----N---- C:\WINDOW1\system32\wmphoto.dll
2009-03-25 22:02:19 ----N---- C:\WINDOW1\system32\wlanapi.dll
2009-03-25 22:02:14 ----N---- C:\WINDOW1\system32\windowscodecsext.dll
2009-03-25 22:02:14 ----N---- C:\WINDOW1\system32\windowscodecs.dll
2009-03-25 22:02:08 ----N---- C:\WINDOW1\system32\verclsid.exe
2009-03-25 22:01:58 ----N---- C:\WINDOW1\system32\tspkg.dll
2009-03-25 22:01:57 ----N---- C:\WINDOW1\system32\tsgqec.dll
2009-03-25 22:01:28 ----N---- C:\WINDOW1\system32\setupn.exe
2009-03-25 22:01:18 ----N---- C:\WINDOW1\system32\rhttpaa.dll
2009-03-25 22:01:14 ----N---- C:\WINDOW1\system32\rasqec.dll
2009-03-25 22:01:13 ----N---- C:\WINDOW1\system32\qutil.dll
2009-03-25 22:01:10 ----N---- C:\WINDOW1\system32\qcliprov.dll
2009-03-25 22:01:10 ----N---- C:\WINDOW1\system32\qagentrt.dll
2009-03-25 22:01:10 ----N---- C:\WINDOW1\system32\qagent.dll
2009-03-25 22:01:06 ----N---- C:\WINDOW1\system32\photometadatahandler.dll
2009-03-25 22:00:59 ----N---- C:\WINDOW1\system32\onex.dll
2009-03-25 22:00:36 ----N---- C:\WINDOW1\system32\napstat.exe
2009-03-25 22:00:36 ----N---- C:\WINDOW1\system32\napmontr.dll
2009-03-25 22:00:36 ----N---- C:\WINDOW1\system32\napipsec.dll
2009-03-25 22:00:33 ----N---- C:\WINDOW1\system32\msxml6r.dll
2009-03-25 22:00:33 ----N---- C:\WINDOW1\system32\msxml6.dll
2009-03-25 22:00:27 ----N---- C:\WINDOW1\system32\msshavmsg.dll
2009-03-25 22:00:27 ----N---- C:\WINDOW1\system32\mssha.dll
2009-03-25 21:59:52 ----N---- C:\WINDOW1\system32\mmcperf.exe
2009-03-25 21:59:51 ----N---- C:\WINDOW1\system32\mmcfxcommon.dll
2009-03-25 21:59:51 ----N---- C:\WINDOW1\system32\mmcex.dll
2009-03-25 21:59:51 ----N---- C:\WINDOW1\system32\microsoft.managementconsole.dll
2009-03-25 21:59:21 ----N---- C:\WINDOW1\system32\l2gpstore.dll
2009-03-25 21:59:20 ----N---- C:\WINDOW1\system32\kmsvc.dll
2009-03-25 21:59:18 ----N---- C:\WINDOW1\system32\kbdpash.dll
2009-03-25 21:59:18 ----N---- C:\WINDOW1\system32\kbdnepr.dll
2009-03-25 21:59:18 ----N---- C:\WINDOW1\system32\kbdiultn.dll
2009-03-25 21:59:17 ----N---- C:\WINDOW1\system32\kbdbhc.dll
2009-03-25 21:58:48 ----A---- C:\WINDOW1\004997_.tmp
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eapsvc.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eapqec.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eappprxy.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eapphost.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eappgnui.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eappcfg.dll
2009-03-25 21:58:43 ----N---- C:\WINDOW1\system32\eapp3hst.dll
2009-03-25 21:58:43 ----N---- C:\WINDOW1\system32\eapolqec.dll
2009-03-25 21:58:35 ----N---- C:\WINDOW1\system32\dot3ui.dll
2009-03-25 21:58:35 ----N---- C:\WINDOW1\system32\dot3svc.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3msm.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3gpclnt.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3dlg.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3cfg.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3api.dll
2009-03-25 21:58:30 ----N---- C:\WINDOW1\system32\dimsroam.dll
2009-03-25 21:58:30 ----N---- C:\WINDOW1\system32\dimsntfy.dll
2009-03-25 21:58:29 ----N---- C:\WINDOW1\system32\dhcpqec.dll
2009-03-25 21:58:19 ----N---- C:\WINDOW1\system32\credssp.dll
2009-03-25 21:57:45 ----N---- C:\WINDOW1\system32\bitsprx4.dll
2009-03-25 21:57:39 ----N---- C:\WINDOW1\system32\azroles.dll
2009-03-25 21:56:33 ----N---- C:\WINDOW1\system32\aaclient.dll
2009-03-25 20:55:55 ----A---- C:\WINDOW1\stsystra.exe
2009-03-25 20:55:05 ----A---- C:\WINDOW1\system32\staco.dll
2009-03-25 20:52:14 ----HDC---- C:\WINDOW1\$NtUninstallKB835221WXP$
2009-03-25 20:52:01 ----A---- C:\WINDOW1\system32\stacapi.dll
2009-03-25 20:52:00 ----D---- C:\Program Files\SigmaTel
2009-03-25 20:30:19 ----A---- C:\WINDOW1\system32\GEARAspi.dll
2009-03-25 20:29:43 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 20:29:19 ----D---- C:\Program Files\Bonjour
2009-03-25 20:27:47 ----N---- C:\WINDOW1\system32\xpsp3res.dll
2009-03-25 20:26:41 ----DC---- C:\WINDOW1\system32\DRVSTORE
2009-03-25 20:26:41 ----A---- C:\WINDOW1\system32\usbaaplrc.dll
2009-03-25 20:18:53 ----A---- C:\WINDOW1\system32\MRT.exe
2009-03-25 20:18:40 ----A---- C:\WINDOW1\setdebug.exe
2009-03-25 20:18:39 ----A---- C:\WINDOW1\system32\javaee.dll
2009-03-25 20:13:01 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Apple Computer
2009-03-25 20:12:34 ----D---- C:\Program Files\Safari
2009-03-25 20:12:34 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Apple Computer
2009-03-25 20:12:19 ----D---- C:\Program Files\Apple Software Update
2009-03-25 20:12:19 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Apple
2009-03-25 20:07:06 ----A---- C:\WINDOW1\system32\msonpmon.dll
2009-03-25 19:58:29 ----D---- C:\WINDOW1\SHELLNEW
2009-03-25 19:57:38 ----D---- C:\Program Files\Microsoft Office
2009-03-25 19:57:38 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Microsoft Help
2009-03-25 17:41:28 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\New Tier
2009-03-25 17:41:25 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Propellerhead Software
2009-03-25 17:41:25 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\OfficeUpdate12
2009-03-25 17:41:25 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Nikon
2009-03-25 17:41:16 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Real
2009-03-25 17:35:46 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\SiteAdvisor
2009-03-25 17:35:46 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\SecondLife
2009-03-25 17:35:45 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Sonic
2009-03-25 17:35:45 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\SlySoft
2009-03-25 17:35:45 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\skypePM
2009-03-25 17:35:45 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Skype
2009-03-25 17:35:43 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Sun
2009-03-25 17:35:35 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\SUPERAntiSpyware.com
2009-03-25 17:35:34 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Talkback
2009-03-25 17:35:33 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\U3
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Yahoo!
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\XnView
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\WinRAR
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Windows Search
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Windows Desktop Search
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Vso
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Viewpoint
2009-03-25 17:35:31 ----A---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\ezpinst.exe
2009-03-25 17:11:51 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Citrix
2009-03-25 17:11:26 ----D---- C:\Program Files\Citrix
2009-03-25 17:10:08 ----D---- C:\WINDOW1\peernet
2009-03-25 17:10:06 ----D---- C:\WINDOW1\provisioning
2009-03-25 17:08:15 ----D---- C:\drvrtmp
2009-03-25 17:08:15 ----A---- C:\WINDOW1\system32\Prounstl.exe
2009-03-25 17:08:15 ----A---- C:\WINDOW1\system32\IntelNic.dll
2009-03-25 17:04:15 ----D---- C:\WINDOW1\ServicePackFiles
2009-03-25 16:52:36 ----HDC---- C:\WINDOW1\$NtServicePackUninstall$
2009-03-25 16:52:34 ----D---- C:\WINDOW1\EHome
2009-03-25 16:44:46 ----N---- C:\WINDOW1\system32\spnpinst.exe
2009-03-25 16:31:14 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Mozilla
2009-03-25 15:32:31 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Windows Genuine Advantage
2009-03-25 15:31:08 ----A---- C:\WINDOW1\system32\mucltui.dll.mui
2009-03-25 15:31:08 ----A---- C:\WINDOW1\system32\mucltui.dll
2009-03-25 15:07:17 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Macromedia
2009-03-25 15:07:16 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Adobe
2009-03-25 15:04:05 ----D---- C:\WINDOW1\system32\PreInstall
2009-03-25 15:04:04 ----A---- C:\WINDOW1\system32\spupdsvc.exe
2009-03-25 15:04:03 ----HDC---- C:\WINDOW1\$NtUninstallKB898461$
2009-03-25 15:04:03 ----HD---- C:\WINDOW1\$hf_mig$
2009-03-25 15:03:54 ----D---- C:\Program Files\uTorrent
2009-03-25 15:03:49 ----HDC---- C:\WINDOW1\$MSI31Uninstall_KB893803v2$
2009-03-25 15:03:49 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\uTorrent
2009-03-25 15:03:28 ----D---- C:\WINDOW1\system32\bits
2009-03-25 15:03:23 ----HDC---- C:\WINDOW1\$NtUninstallKB842773$
2009-03-25 15:03:09 ----N---- C:\WINDOW1\system32\xpob2res.dll
2009-03-25 15:03:09 ----N---- C:\WINDOW1\system32\bitsprx3.dll
2009-03-25 15:03:09 ----N---- C:\WINDOW1\system32\bitsprx2.dll
2009-03-25 15:03:09 ----A---- C:\WINDOW1\system32\winhttp.dll
2009-03-25 15:03:09 ----A---- C:\WINDOW1\system32\qmgrprxy.dll
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wups2.dll
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wups.dll
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wucltui.dll.mui
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wucltui.dll
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wuaueng.dll.mui
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wuapi.dll.mui
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wuapi.dll
2009-03-25 15:00:20 ----D---- C:\WINDOW1\SoftwareDistribution
2009-03-25 14:27:58 ----A---- C:\WINDOW1\system32\igfxres.dll
2009-03-25 14:23:28 ----D---- C:\WUTemp
2009-03-25 14:23:24 ----A---- C:\WINDOW1\system32\iuengine.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\iglicd32.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igldev32.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxzoom.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxtray.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxsrvc.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxsrvc.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxress.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxpph.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxpers.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxext.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxexps.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\igfxdo.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\igfxdev.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\igfxcfg.exe
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuTRK.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuTHA.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuSVE.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuRUS.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuPTG.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuPTB.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuPLK.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuNOR.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuNLD.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuKOR.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuJPN.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuITA.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuHUN.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuHEB.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuFRC.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuFRA.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuFIN.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuESP.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuENG.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuELL.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmudlg.exe
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuDEU.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuDAN.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuCSY.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuCHT.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuCHS.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuARB.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuARA.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmrnt5.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmrem.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmdnt5.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmdev5.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmdd5.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\iAlmCoIn_v4543.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\hkcmd.exe
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\hccutils.dll
2009-03-25 14:19:23 ----A---- C:\WINDOW1\system32\ksuser.dll
2009-03-25 14:18:34 ----A---- C:\WINDOW1\system32\mhwt.dll
2009-03-25 14:18:34 ----A---- C:\WINDOW1\system32\intelmoh.dll
2009-03-25 14:18:34 ----A---- C:\WINDOW1\system32\IntelCci.dll
2009-03-25 14:15:56 ----A---- C:\WINDOW1\system32\usbui.dll
2009-03-25 14:15:37 ----D---- C:\WINDOW1\system32\ReinstallBackups
2009-03-25 05:39:14 ----A---- C:\WINDOW1\ntbtlog.txt
2009-03-25 05:38:33 ----SD---- C:\WINDOW1\system32\Microsoft
2009-03-25 05:29:50 ----SHD---- C:\WINDOW1\Installer
2009-03-25 05:29:48 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Identities
2009-03-25 05:29:42 ----ASH---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\desktop.ini
2009-03-25 05:29:41 ----SD---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Microsoft
2009-03-25 05:28:59 ----A---- C:\WINDOW1\SchedLgU.Txt
2009-03-25 05:24:44 ----D---- C:\WINDOW1\system32\xircom
2009-03-25 05:24:40 ----A---- C:\WINDOW1\control.ini
2009-03-25 05:24:33 ----A---- C:\WINDOW1\OEWABLog.txt
2009-03-25 05:24:25 ----A---- C:\WINDOW1\system32\mapi32.dll
2009-03-25 05:23:32 ----SD---- C:\WINDOW1\Downloaded Program Files
2009-03-25 05:23:32 ----RD---- C:\WINDOW1\Offline Web Pages
2009-03-25 05:23:32 ----RAH---- C:\WINDOW1\system32\logonui.exe.manifest
2009-03-25 05:23:25 ----RAH---- C:\WINDOW1\system32\cdplayer.exe.manifest
2009-03-25 05:23:04 ----D---- C:\WINDOW1\system32\DirectX
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\safrslv.dll
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\safrdm.dll
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\safrcdlg.dll
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\racpldlg.dll
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\atrace.dll
2009-03-25 05:22:40 ----A---- C:\WINDOW1\system32\desktop.ini
2009-03-25 05:22:40 ----A---- C:\WINDOW1\desktop.ini
2009-03-25 05:22:35 ----A---- C:\WINDOW1\system32\nmevtmsg.dll
2009-03-25 05:22:35 ----A---- C:\WINDOW1\system32\mnmsrvc.exe
2009-03-25 05:22:35 ----A---- C:\WINDOW1\system32\isrdbg32.dll
2009-03-25 05:22:34 ----A---- C:\WINDOW1\system32\inetres.dll
2009-03-25 05:22:34 ----A---- C:\WINDOW1\system32\acctres.dll
2009-03-25 05:22:32 ----SD---- C:\WINDOW1\Tasks
2009-03-25 05:22:32 ----A---- C:\WINDOW1\system32\icwphbk.dll
2009-03-25 05:22:31 ----A---- C:\WINDOW1\system32\isign32.dll
2009-03-25 05:22:31 ----A---- C:\WINDOW1\system32\inetcfg.dll
2009-03-25 05:22:31 ----A---- C:\WINDOW1\system32\icwdial.dll
2009-03-25 05:22:31 ----A---- C:\WINDOW1\system32\icfgnt5.dll
2009-03-25 05:22:27 ----D---- C:\WINDOW1\srchasst
2009-03-25 05:22:26 ----D---- C:\WINDOW1\system32\Macromed
2009-03-25 05:22:25 ----A---- C:\WINDOW1\system32\qmgr.dll
2009-03-25 05:22:22 ----D---- C:\WINDOW1\system32\Restore
2009-03-25 05:22:22 ----D---- C:\WINDOW1\PCHealth
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\srsvc.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\srrstr.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\srclient.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\nmmkcert.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\msconf.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\mnmdd.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\ils.dll
2009-03-25 05:22:19 ----A---- C:\WINDOW1\system32\msoert2.dll
2009-03-25 05:22:19 ----A---- C:\WINDOW1\system32\msoeacct.dll
2009-03-25 05:22:18 ----A---- C:\WINDOW1\system32\inetcomm.dll
2009-03-25 05:22:17 ----A---- C:\WINDOW1\system32\schedsvc.dll
2009-03-25 05:22:17 ----A---- C:\WINDOW1\system32\mstinit.exe
2009-03-25 05:22:17 ----A---- C:\WINDOW1\system32\mstask.dll
2009-03-25 05:22:02 ----A---- C:\WINDOW1\vbaddin.ini
2009-03-25 05:22:02 ----A---- C:\WINDOW1\vb.ini
2009-03-25 05:21:59 ----D---- C:\WINDOW1\Registration
2009-03-25 05:21:35 ----A---- C:\WINDOW1\system32\write.exe
2009-03-25 05:21:31 ----A---- C:\WINDOW1\system32\accwiz.exe
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\sndvol32.exe
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\sndrec32.exe
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\hypertrm.dll
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\hticons.dll
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\avwav.dll
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\avtapi.dll
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\avmeter.dll
2009-03-25 05:21:29 ----A---- C:\WINDOW1\system32\winchat.exe
2009-03-25 05:21:25 ----A---- C:\WINDOW1\system32\getuname.dll
2009-03-25 05:21:25 ----A---- C:\WINDOW1\system32\charmap.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\winmine.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\sol.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\mshearts.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\freecell.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\calc.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\usrlogon.cmd
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tsshutdn.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tslabels.ini
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tskill.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tsdiscon.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tscon.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\shadow.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\rwinsta.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\reset.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\regini.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\rdshost.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\rdpcfgex.dll
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\qwinsta.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\qprocess.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\qappsrv.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\msg.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\logoff.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\cdmodem.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\xolehlp.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\mtxoci.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtcuiu.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtctm.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtcprf.ini
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtclog.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtc.exe
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\mtxlegih.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\mtxex.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\mtxdm.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\dcomcnfg.exe
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\comrepl.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\comaddin.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\colbact.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\stclient.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\comuid.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\comsnap.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\clbcatq.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\clbcatex.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\catsrvps.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\catsrv.dll
2009-03-25 05:21:15 ----A---- C:\WINDOW1\system32\wmimgmt.msc
2009-03-25 05:21:15 ----A---- C:\WINDOW1\system32\servdeps.dll
2009-03-25 05:21:15 ----A---- C:\WINDOW1\system32\mmfutil.dll
2009-03-25 05:21:14 ----A---- C:\WINDOW1\system32\cmprops.dll
2009-03-25 05:21:10 ----A---- C:\WINDOW1\system32\mspaint.exe
2009-03-25 05:21:10 ----A---- C:\WINDOW1\system32\mplay32.exe
2009-03-25 05:21:10 ----A---- C:\WINDOW1\system32\clipbrd.exe
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\wuauserv.dll
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\wuaueng.dll
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\wuauclt.exe
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\tscfgwmi.dll
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\spider.exe
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\mstscax.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\tscupgrd.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\termsrv.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\sessmgr.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\remotepg.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdsaddin.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdpwsx.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdpsnd.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdpclip.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdchost.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\mstsc.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\icaapi.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\cfgbkend.dll
2009-03-25 05:21:07 ----D---- C:\WINDOW1\system32\MsDtc
2009-03-25 05:21:07 ----D---- C:\WINDOW1\system32\Com
2009-03-25 05:21:07 ----A---- C:\WINDOW1\system32\msdtcprx.dll
2009-03-25 05:21:07 ----A---- C:\WINDOW1\system32\comsvcs.dll
2009-03-25 05:21:07 ----A---- C:\WINDOW1\system32\catsrvut.dll
2009-03-25 05:21:04 ----A---- C:\WINDOW1\system32\licwmi.dll
2009-03-24 21:20:48 ----A---- C:\WINDOW1\system32\h323log.txt
2009-03-24 21:16:42 ----A---- C:\WINDOW1\imsins.BAK
2009-03-24 21:16:39 ----A---- C:\WINDOW1\system32\PerfStringBackup.INI
2009-03-24 21:16:38 ----A---- C:\WINDOW1\ODBCINST.INI
2009-03-24 21:16:33 ----RA---- C:\WINDOW1\system32\kbdtuq.dll
2009-03-24 21:16:33 ----RA---- C:\WINDOW1\system32\kbdtuf.dll
2009-03-24 21:16:33 ----RA---- C:\WINDOW1\system32\kbdazel.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdycc.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbduzb.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdur.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdtat.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdru1.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdru.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdmon.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdkyr.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdkaz.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdbu.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdblr.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdaze.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhept.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhela3.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhela2.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhe319.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhe220.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhe.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdgkl.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdlv1.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdlv.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdlt1.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdlt.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdest.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdycl.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdsl1.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdsl.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdro.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdpl1.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdpl.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdhu1.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdhu.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdcz2.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdcz1.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdcz.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdcr.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\KBDAL.DLL
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\spxcoins.dll
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\irclass.dll
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\EqnClass.Dll
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\dgsetup.dll
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\dgrpsetu.dll
2009-03-24 21:16:23 ----N---- C:\WINDOW1\system32\CONFIG.TMP
2009-03-24 21:16:23 ----A---- C:\WINDOW1\TASKMAN.EXE
2009-03-24 21:16:23 ----A---- C:\WINDOW1\system32\batt.dll
2009-03-24 21:16:23 ----A---- C:\WINDOW1\notepad.exe
2009-03-24 21:16:22 ----A---- C:\WINDOW1\system32\storprop.dll
2009-03-24 21:16:18 ----ASH---- C:\Documents and Settings\All Users.WINDOW1\Application Data\desktop.ini
2009-03-24 21:16:17 ----RA---- C:\WINDOW1\SET14.tmp
2009-03-24 21:16:15 ----RA---- C:\WINDOW1\SETA.tmp
2009-03-24 21:16:12 ----RA---- C:\WINDOW1\SET3.tmp
2009-03-24 21:16:08 ----D---- C:\WINDOW1\system32\CatRoot2
2009-03-24 21:16:08 ----D---- C:\WINDOW1\system32\CatRoot
2009-03-24 21:16:02 ----SD---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Microsoft
2009-03-24 21:15:51 ----A---- C:\WINDOW1\setuplog.txt
2009-03-24 21:11:41 ----RSHDC---- C:\WINDOW1\system32\dllcache
2009-03-24 21:11:41 ----RSD---- C:\WINDOW1\Fonts
2009-03-24 21:11:41 ----RD---- C:\WINDOW1\Web
2009-03-24 21:11:41 ----HD---- C:\WINDOW1\inf
2009-03-24 21:11:41 ----D---- C:\WINDOW1\WinSxS
2009-03-24 21:11:41 ----D---- C:\WINDOW1\twain_32
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\wins
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\wbem
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\usmt
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\spool
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\ShellExt
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\Setup
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\ras
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\oobe
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\npp
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\mui
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\inetsrv
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\IME
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\icsxml
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\ias
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\export
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\drivers
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\dhcp
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\config
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\3com_dmi
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\3076
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\2052
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1054
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1042
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1041
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1037
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1033
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1031
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1028
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1025
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system
2009-03-24 21:11:41 ----D---- C:\WINDOW1\security
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Resources
2009-03-24 21:11:41 ----D---- C:\WINDOW1\repair
2009-03-24 21:11:41 ----D---- C:\WINDOW1\mui
2009-03-24 21:11:41 ----D---- C:\WINDOW1\msapps
2009-03-24 21:11:41 ----D---- C:\WINDOW1\msagent
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Media
2009-03-24 21:11:41 ----D---- C:\WINDOW1\java
2009-03-24 21:11:41 ----D---- C:\WINDOW1\ime
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Help
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Driver Cache
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Debug
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Cursors
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Connection Wizard
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Config
2009-03-24 21:11:41 ----D---- C:\WINDOW1\AppPatch
2009-03-24 21:11:41 ----D---- C:\WINDOW1\addins
2009-03-24 21:11:41 ----D---- C:\WINDOW1
2009-03-14 17:30:25 ----SHD---- C:\$RECYCLE.BIN
2009-03-13 14:19:42 ----D---- C:\SiteAdvisor
2009-03-13 14:19:42 ----D---- C:\McAfee
2009-03-13 13:48:52 ----D---- C:\Temp
2009-03-12 08:18:57 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 2 months======

2009-04-09 09:46:50 ----RD---- C:\Program Files
2009-04-09 09:46:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-08 23:58:12 ----D---- C:\Program Files\Mozilla Firefox
2009-04-08 16:02:22 ----D---- C:\Program Files\iPod
2009-03-31 17:05:42 ----D---- C:\Program Files\MSBuild
2009-03-31 15:25:14 ----D---- C:\Qoobox
2009-03-31 15:22:25 ----A---- C:\WINDOW1\system.ini
2009-03-31 15:21:10 ----D---- C:\Program Files\Common Files
2009-03-31 10:28:35 ----D---- C:\WINDOWS
2009-03-31 08:11:07 ----A---- C:\WINDOW1\powerid3editor.ini
2009-03-31 00:07:19 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-30 19:46:37 ----D---- C:\Program Files\Messenger
2009-03-30 14:02:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-30 11:24:13 ----D---- C:\Program Files\Windows Media Player
2009-03-30 11:23:16 ----D---- C:\Program Files\Movie Maker
2009-03-30 11:18:22 ----D---- C:\Program Files\NetMeeting
2009-03-30 11:18:16 ----D---- C:\Program Files\Windows NT
2009-03-30 11:18:16 ----D---- C:\Program Files\Outlook Express
2009-03-30 11:18:11 ----D---- C:\Program Files\Common Files\System
2009-03-30 01:02:57 ----D---- C:\Program Files\Internet Explorer
2009-03-26 13:44:39 ----D---- C:\Program Files\Common Files\Adobe
2009-03-26 05:23:54 ----A---- C:\WINDOW1\win.ini
2009-03-25 20:28:23 ----D---- C:\Program Files\QuickTime
2009-03-25 20:09:37 ----D---- C:\Program Files\Common Files\DESIGNER
2009-03-25 17:11:35 ----RASH---- C:\boot.ini
2009-03-25 17:08:14 ----D---- C:\Documents and Settings
2009-03-25 16:56:52 ----RASH---- C:\NTDETECT.COM
2009-03-25 15:27:15 ----D---- C:\Program Files\PowerISO
2009-03-25 15:02:31 ----HD---- C:\Program Files\WindowsUpdate
2009-03-25 05:29:00 ----SHD---- C:\System Volume Information
2009-03-25 05:21:38 ----D---- C:\Program Files\MSN
2009-03-23 22:37:18 ----D---- C:\drivers
2009-02-28 13:16:35 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOW1\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOW1\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOW1\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOW1\System32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOW1\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOW1\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOW1\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOW1\System32\DRIVERS\ialmnt5.sys [2006-03-24 1166972]
R3 IntelC51;IntelC51; C:\WINDOW1\System32\DRIVERS\IntelC51.sys [2005-05-06 1339776]
R3 IntelC52;IntelC52; C:\WINDOW1\System32\DRIVERS\IntelC52.sys [2006-03-02 618880]
R3 IntelC53;IntelC53; C:\WINDOW1\System32\DRIVERS\IntelC53.sys [2005-05-06 47360]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOW1\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOW1\System32\DRIVERS\mohfilt.sys [2005-05-06 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOW1\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOW1\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOW1\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOW1\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOW1\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\JOEKLE~1.MOR\LOCALS~1\Temp\catchme.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOW1\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOW1\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOW1\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOW1\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOW1\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 WSearch;Windows Search; C:\WINDOW1\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOW1\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOW1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOW1\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service []
S3 idsvc;Windows CardSpace; c:\WINDOW1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOW1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 armennen

armennen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 16 April 2009 - 05:40 PM

Hello suebaby,
This is an updated hijackthis random logfile. Thanks again!


Logfile of random's system information tool 1.06 (written by random/random)
Run by Joe Klein at 2009-04-16 18:38:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (7%) free of 148 GB
Total RAM: 502 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:51 PM, on 4/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOW1\System32\smss.exe
C:\WINDOW1\system32\winlogon.exe
C:\WINDOW1\system32\services.exe
C:\WINDOW1\system32\lsass.exe
C:\WINDOW1\system32\svchost.exe
C:\WINDOW1\System32\svchost.exe
C:\WINDOW1\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOW1\System32\svchost.exe
C:\WINDOW1\system32\SearchIndexer.exe
C:\WINDOW1\Explorer.EXE
C:\WINDOW1\System32\hkcmd.exe
C:\WINDOW1\System32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOW1\stsystra.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe
C:\WINDOW1\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOW1\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Brownie\brstswnd.exe
C:\WINDOW1\system32\SearchProtocolHost.exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Local Settings\Temporary Internet Files\Content.IE5\I4IXAJ2A\RSIT[1].exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\FIX\Joe Klein.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOW1\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOW1\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOW1\System32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOW1\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW1\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238007617937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238009414062
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5437 bytes

======Scheduled tasks folder======

C:\WINDOW1\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOW1\System32\igfxtray.exe [2006-03-24 94208]
"igfxhkcmd"=C:\WINDOW1\System32\hkcmd.exe [2006-03-24 77824]
"igfxpers"=C:\WINDOW1\System32\igfxpers.exe [2006-03-24 118784]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SigmatelSysTrayApp"=C:\WINDOW1\stsystra.exe [2005-03-22 339968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe [2009-03-25 270128]
"ctfmon.exe"=C:\WINDOW1\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]

C:\Documents and Settings\All Users.WINDOW1\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-01-09 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOW1\system32\igfxdev.dll [2006-03-24 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe"="C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2009-04-13 22:27:26 ----D---- C:\rsit
2009-04-11 17:38:33 ----A---- C:\WINDOW1\system32\ptpusb.dll
2009-04-11 17:38:23 ----A---- C:\WINDOW1\system32\ptpusd.dll
2009-04-09 19:47:08 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\vsosdk
2009-04-09 09:49:15 ----A---- C:\WINDOW1\BRWMARK.INI
2009-04-09 09:46:51 ----A---- C:\WINDOW1\BRVIDEO.INI
2009-04-09 09:46:51 ----A---- C:\WINDOW1\brmx2001.ini
2009-04-09 09:46:51 ----A---- C:\WINDOW1\BRDIAG.INI
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRVPDNTA.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRVPD95A.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRGSRC32.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRGSRC16.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\Brdiag2.exe
2009-04-09 09:46:50 ----N---- C:\WINDOW1\system32\BRRBTOOL.EXE
2009-04-09 09:46:50 ----D---- C:\Program Files\Brownie
2009-04-09 09:46:50 ----A---- C:\WINDOW1\HL-2040.INI
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\BROSNMP.DLL
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\brlmw03a.ini
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\brlmw03a.dll
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\brlm03a.dll
2009-04-09 09:46:06 ----D---- C:\Program Files\Brother
2009-04-09 09:46:06 -------- C:\WINDOW1\system32\Pdrvinst.dll
2009-04-09 09:45:55 ----A---- C:\WINDOW1\Brownie.ini
2009-04-08 16:02:05 ----D---- C:\Program Files\iTunes
2009-04-08 16:02:05 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 08:35:08 ----A---- C:\WINDOW1\system32\lfgif13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltkrn13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltimg13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltfil13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltefx13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltdis13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\lfcmp13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\lfbmp13n.dll
2009-03-31 17:34:45 ----HDC---- C:\WINDOW1\$NtUninstallKB961118$
2009-03-31 17:05:48 ----D---- C:\WINDOW1\system32\XPSViewer
2009-03-31 17:05:32 ----D---- C:\Program Files\Reference Assemblies
2009-03-31 17:04:48 ----N---- C:\WINDOW1\system32\prntvpt.dll
2009-03-31 17:04:47 ----N---- C:\WINDOW1\system32\xpssvcs.dll
2009-03-31 17:04:47 ----N---- C:\WINDOW1\system32\xpsshhdr.dll
2009-03-31 17:04:47 ----D---- C:\7f1c3085bd5d3f754b65d96f36e5b9f8
2009-03-31 16:56:32 ----D---- C:\WINDOW1\system32\GroupPolicy
2009-03-31 16:56:20 ----HDC---- C:\WINDOW1\$NtUninstallKB940157$
2009-03-31 16:56:11 ----HDC---- C:\WINDOW1\$NtUninstallKB915800-v4$
2009-03-31 16:53:38 ----RSD---- C:\WINDOW1\assembly
2009-03-31 16:53:38 ----D---- C:\WINDOW1\Microsoft.NET
2009-03-31 16:53:36 ----D---- C:\WINDOW1\system32\URTTemp
2009-03-31 15:26:52 ----SHD---- C:\RECYCLER
2009-03-31 15:25:12 ----D---- C:\WINDOW1\temp
2009-03-31 15:25:11 ----A---- C:\ComboFix.txt
2009-03-31 15:18:27 ----A---- C:\WINDOW1\zip.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\VFIND.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\SWXCACLS.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\SWSC.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\SWREG.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\sed.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\NIRCMD.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\grep.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\fdsv.exe
2009-03-31 10:02:07 ----A---- C:\WINDOW1\system32\tmp.txt
2009-03-31 10:02:03 ----A---- C:\rapport.txt
2009-03-31 08:05:06 ----D---- C:\Program Files\Sagasoft
2009-03-31 00:50:56 ----HDC---- C:\WINDOW1\$NtUninstallKB951978$
2009-03-31 00:50:48 ----HDC---- C:\WINDOW1\$NtUninstallKB954459$
2009-03-31 00:07:27 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\SUPERAntiSpyware.com
2009-03-30 19:46:35 ----HDC---- C:\WINDOW1\$NtUninstallKB946648$
2009-03-30 17:27:45 ----D---- C:\WINDOW1\Prefetch
2009-03-30 14:01:39 ----D---- C:\WINDOW1\ERDNT
2009-03-30 14:01:17 ----D---- C:\Program Files\CCleaner
2009-03-30 14:01:00 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Malwarebytes
2009-03-30 14:00:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-30 14:00:54 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Malwarebytes
2009-03-30 11:33:05 ----HDC---- C:\WINDOW1\$NtUninstallKB967715$
2009-03-30 11:32:55 ----HDC---- C:\WINDOW1\$NtUninstallKB960225$
2009-03-30 11:32:48 ----HDC---- C:\WINDOW1\$NtUninstallKB958690$
2009-03-30 11:32:40 ----HDC---- C:\WINDOW1\$NtUninstallKB958687$
2009-03-30 11:32:34 ----HDC---- C:\WINDOW1\$NtUninstallKB958644$
2009-03-30 11:32:26 ----HDC---- C:\WINDOW1\$NtUninstallKB957097$
2009-03-30 11:32:17 ----HDC---- C:\WINDOW1\$NtUninstallKB956841$
2009-03-30 11:32:10 ----HDC---- C:\WINDOW1\$NtUninstallKB956803$
2009-03-30 11:32:01 ----HDC---- C:\WINDOW1\$NtUninstallKB956802$
2009-03-30 11:31:53 ----HDC---- C:\WINDOW1\$NtUninstallKB955069$
2009-03-30 11:31:46 ----HDC---- C:\WINDOW1\$NtUninstallKB954600$
2009-03-30 11:31:40 ----HDC---- C:\WINDOW1\$NtUninstallKB952954$
2009-03-30 11:31:25 ----HDC---- C:\WINDOW1\$NtUninstallKB952287$
2009-03-30 11:31:17 ----HDC---- C:\WINDOW1\$NtUninstallKB951748$
2009-03-30 11:31:10 ----HDC---- C:\WINDOW1\$NtUninstallKB951698$
2009-03-30 11:31:04 ----HDC---- C:\WINDOW1\$NtUninstallKB951376-v2$
2009-03-30 11:30:55 ----HDC---- C:\WINDOW1\$NtUninstallKB951066$
2009-03-30 11:30:48 ----HDC---- C:\WINDOW1\$NtUninstallKB950974$
2009-03-30 11:30:42 ----HDC---- C:\WINDOW1\$NtUninstallKB950762$
2009-03-30 11:30:32 ----HDC---- C:\WINDOW1\$NtUninstallKB938464-v2$
2009-03-30 11:23:18 ----D---- C:\WINDOW1\system32\scripting
2009-03-30 11:23:17 ----D---- C:\WINDOW1\l2schemas
2009-03-30 11:23:16 ----D---- C:\WINDOW1\system32\en
2009-03-26 13:45:19 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-26 13:44:13 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Adobe
2009-03-26 13:43:08 ----D---- C:\Program Files\Adobe
2009-03-26 13:39:56 ----D---- C:\Program Files\NOS
2009-03-26 13:39:56 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\NOS
2009-03-26 10:00:50 ----D---- C:\WINDOW1\ie7updates
2009-03-26 10:00:04 ----D---- C:\WINDOW1\WBEM
2009-03-26 10:00:03 ----D---- C:\WINDOW1\system32\en-US
2009-03-26 09:58:45 ----HDC---- C:\WINDOW1\ie7
2009-03-26 09:58:31 ----HDC---- C:\WINDOW1\$NtServicePackUninstallIDNMitigationAPIs$
2009-03-26 09:58:13 ----HDC---- C:\WINDOW1\$NtServicePackUninstallNLSDownlevelMapping$
2009-03-26 09:57:48 ----HDC---- C:\WINDOW1\$NtUninstallKB915865$
2009-03-26 09:57:43 ----N---- C:\WINDOW1\system32\xmllite.dll
2009-03-26 09:56:28 ----D---- C:\WINDOW1\network diagnostic
2009-03-26 09:56:26 ----HDC---- C:\WINDOW1\$NtUninstallKB914440$
2009-03-26 09:56:17 ----HDC---- C:\WINDOW1\$NtUninstallKB904942$
2009-03-26 05:30:35 ----HDC---- C:\WINDOW1\$NtUninstallKB951376-v2_0$
2009-03-26 05:30:29 ----HDC---- C:\WINDOW1\$NtUninstallKB952954_0$
2009-03-26 05:30:04 ----HDC---- C:\WINDOW1\$NtUninstallKB956803_0$
2009-03-26 05:29:33 ----HDC---- C:\WINDOW1\$NtUninstallKB955839$
2009-03-26 05:29:17 ----HDC---- C:\WINDOW1\$NtUninstallKB958215$
2009-03-26 05:28:19 ----HDC---- C:\WINDOW1\$NtUninstallKB950974_0$
2009-03-26 05:28:13 ----HDC---- C:\WINDOW1\$NtUninstallKB951698_0$
2009-03-26 05:28:05 ----HDC---- C:\WINDOW1\$NtUninstallKB960225_0$
2009-03-26 05:27:56 ----HDC---- C:\WINDOW1\$NtUninstallKB956841_0$
2009-03-26 05:27:48 ----HDC---- C:\WINDOW1\$NtUninstallKB960714$
2009-03-26 05:26:44 ----HDC---- C:\WINDOW1\$NtUninstallKB938464-v2_0$
2009-03-26 05:26:39 ----HDC---- C:\WINDOW1\$NtUninstallKB952069_WM9$
2009-03-26 05:25:42 ----HDC---- C:\WINDOW1\$NtUninstallKB950762_0$
2009-03-26 05:25:37 ----HDC---- C:\WINDOW1\$NtUninstallKB957097_0$
2009-03-26 05:25:32 ----HDC---- C:\WINDOW1\$NtUninstallKB960715$
2009-03-26 05:25:27 ----HDC---- C:\WINDOW1\$NtUninstallKB958687_0$
2009-03-26 05:25:22 ----HDC---- C:\WINDOW1\$NtUninstallKB952287_0$
2009-03-26 05:25:12 ----HDC---- C:\WINDOW1\$NtUninstallKB967715_0$
2009-03-26 05:25:06 ----HDC---- C:\WINDOW1\$NtUninstallKB950760$
2009-03-26 05:25:01 ----HDC---- C:\WINDOW1\$NtUninstallKB951066_0$
2009-03-26 05:24:52 ----HDC---- C:\WINDOW1\$NtUninstallKB958690_0$
2009-03-26 05:18:13 ----HDC---- C:\WINDOW1\$NtUninstallKB951748_0$
2009-03-26 05:18:07 ----HDC---- C:\WINDOW1\$NtUninstallKB954600_0$
2009-03-26 05:18:02 ----HDC---- C:\WINDOW1\$NtUninstallKB958644_0$
2009-03-26 05:17:56 ----HDC---- C:\WINDOW1\$NtUninstallKB955069_0$
2009-03-26 05:17:37 ----HDC---- C:\WINDOW1\$NtUninstallKB956802_0$
2009-03-26 05:17:31 ----N---- C:\WINDOW1\system32\spmsg.dll
2009-03-26 05:17:29 ----HDC---- C:\WINDOW1\$NtUninstallKB944338-v2$
2009-03-25 22:02:29 ----N---- C:\WINDOW1\system32\wmphoto.dll
2009-03-25 22:02:19 ----N---- C:\WINDOW1\system32\wlanapi.dll
2009-03-25 22:02:14 ----N---- C:\WINDOW1\system32\windowscodecsext.dll
2009-03-25 22:02:14 ----N---- C:\WINDOW1\system32\windowscodecs.dll
2009-03-25 22:02:08 ----N---- C:\WINDOW1\system32\verclsid.exe
2009-03-25 22:01:58 ----N---- C:\WINDOW1\system32\tspkg.dll
2009-03-25 22:01:57 ----N---- C:\WINDOW1\system32\tsgqec.dll
2009-03-25 22:01:28 ----N---- C:\WINDOW1\system32\setupn.exe
2009-03-25 22:01:18 ----N---- C:\WINDOW1\system32\rhttpaa.dll
2009-03-25 22:01:14 ----N---- C:\WINDOW1\system32\rasqec.dll
2009-03-25 22:01:13 ----N---- C:\WINDOW1\system32\qutil.dll
2009-03-25 22:01:10 ----N---- C:\WINDOW1\system32\qcliprov.dll
2009-03-25 22:01:10 ----N---- C:\WINDOW1\system32\qagentrt.dll
2009-03-25 22:01:10 ----N---- C:\WINDOW1\system32\qagent.dll
2009-03-25 22:01:06 ----N---- C:\WINDOW1\system32\photometadatahandler.dll
2009-03-25 22:00:59 ----N---- C:\WINDOW1\system32\onex.dll
2009-03-25 22:00:36 ----N---- C:\WINDOW1\system32\napstat.exe
2009-03-25 22:00:36 ----N---- C:\WINDOW1\system32\napmontr.dll
2009-03-25 22:00:36 ----N---- C:\WINDOW1\system32\napipsec.dll
2009-03-25 22:00:33 ----N---- C:\WINDOW1\system32\msxml6r.dll
2009-03-25 22:00:33 ----N---- C:\WINDOW1\system32\msxml6.dll
2009-03-25 22:00:27 ----N---- C:\WINDOW1\system32\msshavmsg.dll
2009-03-25 22:00:27 ----N---- C:\WINDOW1\system32\mssha.dll
2009-03-25 21:59:52 ----N---- C:\WINDOW1\system32\mmcperf.exe
2009-03-25 21:59:51 ----N---- C:\WINDOW1\system32\mmcfxcommon.dll
2009-03-25 21:59:51 ----N---- C:\WINDOW1\system32\mmcex.dll
2009-03-25 21:59:51 ----N---- C:\WINDOW1\system32\microsoft.managementconsole.dll
2009-03-25 21:59:21 ----N---- C:\WINDOW1\system32\l2gpstore.dll
2009-03-25 21:59:20 ----N---- C:\WINDOW1\system32\kmsvc.dll
2009-03-25 21:59:18 ----N---- C:\WINDOW1\system32\kbdpash.dll
2009-03-25 21:59:18 ----N---- C:\WINDOW1\system32\kbdnepr.dll
2009-03-25 21:59:18 ----N---- C:\WINDOW1\system32\kbdiultn.dll
2009-03-25 21:59:17 ----N---- C:\WINDOW1\system32\kbdbhc.dll
2009-03-25 21:58:48 ----A---- C:\WINDOW1\004997_.tmp
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eapsvc.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eapqec.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eappprxy.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eapphost.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eappgnui.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eappcfg.dll
2009-03-25 21:58:43 ----N---- C:\WINDOW1\system32\eapp3hst.dll
2009-03-25 21:58:43 ----N---- C:\WINDOW1\system32\eapolqec.dll
2009-03-25 21:58:35 ----N---- C:\WINDOW1\system32\dot3ui.dll
2009-03-25 21:58:35 ----N---- C:\WINDOW1\system32\dot3svc.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3msm.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3gpclnt.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3dlg.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3cfg.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3api.dll
2009-03-25 21:58:30 ----N---- C:\WINDOW1\system32\dimsroam.dll
2009-03-25 21:58:30 ----N---- C:\WINDOW1\system32\dimsntfy.dll
2009-03-25 21:58:29 ----N---- C:\WINDOW1\system32\dhcpqec.dll
2009-03-25 21:58:19 ----N---- C:\WINDOW1\system32\credssp.dll
2009-03-25 21:57:45 ----N---- C:\WINDOW1\system32\bitsprx4.dll
2009-03-25 21:57:39 ----N---- C:\WINDOW1\system32\azroles.dll
2009-03-25 21:56:33 ----N---- C:\WINDOW1\system32\aaclient.dll
2009-03-25 20:55:55 ----A---- C:\WINDOW1\stsystra.exe
2009-03-25 20:55:05 ----A---- C:\WINDOW1\system32\staco.dll
2009-03-25 20:52:14 ----HDC---- C:\WINDOW1\$NtUninstallKB835221WXP$
2009-03-25 20:52:01 ----A---- C:\WINDOW1\system32\stacapi.dll
2009-03-25 20:52:00 ----D---- C:\Program Files\SigmaTel
2009-03-25 20:30:19 ----A---- C:\WINDOW1\system32\GEARAspi.dll
2009-03-25 20:29:43 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 20:29:19 ----D---- C:\Program Files\Bonjour
2009-03-25 20:27:47 ----N---- C:\WINDOW1\system32\xpsp3res.dll
2009-03-25 20:26:41 ----DC---- C:\WINDOW1\system32\DRVSTORE
2009-03-25 20:26:41 ----A---- C:\WINDOW1\system32\usbaaplrc.dll
2009-03-25 20:18:53 ----A---- C:\WINDOW1\system32\MRT.exe
2009-03-25 20:18:40 ----A---- C:\WINDOW1\setdebug.exe
2009-03-25 20:18:39 ----A---- C:\WINDOW1\system32\javaee.dll
2009-03-25 20:13:01 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Apple Computer
2009-03-25 20:12:34 ----D---- C:\Program Files\Safari
2009-03-25 20:12:34 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Apple Computer
2009-03-25 20:12:19 ----D---- C:\Program Files\Apple Software Update
2009-03-25 20:12:19 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Apple
2009-03-25 20:07:06 ----A---- C:\WINDOW1\system32\msonpmon.dll
2009-03-25 19:58:29 ----D---- C:\WINDOW1\SHELLNEW
2009-03-25 19:57:38 ----D---- C:\Program Files\Microsoft Office
2009-03-25 19:57:38 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Microsoft Help
2009-03-25 17:41:28 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\New Tier
2009-03-25 17:41:25 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Propellerhead Software
2009-03-25 17:41:25 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\OfficeUpdate12
2009-03-25 17:41:25 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Nikon
2009-03-25 17:41:16 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Real
2009-03-25 17:35:46 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\SiteAdvisor
2009-03-25 17:35:46 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\SecondLife
2009-03-25 17:35:45 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Sonic
2009-03-25 17:35:45 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\SlySoft
2009-03-25 17:35:45 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\skypePM
2009-03-25 17:35:45 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Skype
2009-03-25 17:35:43 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Sun
2009-03-25 17:35:35 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\SUPERAntiSpyware.com
2009-03-25 17:35:34 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Talkback
2009-03-25 17:35:33 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\U3
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Yahoo!
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\XnView
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\WinRAR
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Windows Search
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Windows Desktop Search
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Vso
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Viewpoint
2009-03-25 17:35:31 ----A---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\ezpinst.exe
2009-03-25 17:11:51 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Citrix
2009-03-25 17:11:26 ----D---- C:\Program Files\Citrix
2009-03-25 17:10:08 ----D---- C:\WINDOW1\peernet
2009-03-25 17:10:06 ----D---- C:\WINDOW1\provisioning
2009-03-25 17:08:15 ----D---- C:\drvrtmp
2009-03-25 17:08:15 ----A---- C:\WINDOW1\system32\Prounstl.exe
2009-03-25 17:08:15 ----A---- C:\WINDOW1\system32\IntelNic.dll
2009-03-25 17:04:15 ----D---- C:\WINDOW1\ServicePackFiles
2009-03-25 16:52:36 ----HDC---- C:\WINDOW1\$NtServicePackUninstall$
2009-03-25 16:52:34 ----D---- C:\WINDOW1\EHome
2009-03-25 16:44:46 ----N---- C:\WINDOW1\system32\spnpinst.exe
2009-03-25 16:31:14 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Mozilla
2009-03-25 15:32:31 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Windows Genuine Advantage
2009-03-25 15:31:08 ----A---- C:\WINDOW1\system32\mucltui.dll.mui
2009-03-25 15:31:08 ----A---- C:\WINDOW1\system32\mucltui.dll
2009-03-25 15:07:17 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Macromedia
2009-03-25 15:07:16 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Adobe
2009-03-25 15:04:05 ----D---- C:\WINDOW1\system32\PreInstall
2009-03-25 15:04:04 ----A---- C:\WINDOW1\system32\spupdsvc.exe
2009-03-25 15:04:03 ----HDC---- C:\WINDOW1\$NtUninstallKB898461$
2009-03-25 15:04:03 ----HD---- C:\WINDOW1\$hf_mig$
2009-03-25 15:03:54 ----D---- C:\Program Files\uTorrent
2009-03-25 15:03:49 ----HDC---- C:\WINDOW1\$MSI31Uninstall_KB893803v2$
2009-03-25 15:03:49 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\uTorrent
2009-03-25 15:03:28 ----D---- C:\WINDOW1\system32\bits
2009-03-25 15:03:23 ----HDC---- C:\WINDOW1\$NtUninstallKB842773$
2009-03-25 15:03:09 ----N---- C:\WINDOW1\system32\xpob2res.dll
2009-03-25 15:03:09 ----N---- C:\WINDOW1\system32\bitsprx3.dll
2009-03-25 15:03:09 ----N---- C:\WINDOW1\system32\bitsprx2.dll
2009-03-25 15:03:09 ----A---- C:\WINDOW1\system32\winhttp.dll
2009-03-25 15:03:09 ----A---- C:\WINDOW1\system32\qmgrprxy.dll
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wups2.dll
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wups.dll
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wucltui.dll.mui
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wucltui.dll
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wuaueng.dll.mui
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wuapi.dll.mui
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wuapi.dll
2009-03-25 15:00:20 ----D---- C:\WINDOW1\SoftwareDistribution
2009-03-25 14:27:58 ----A---- C:\WINDOW1\system32\igfxres.dll
2009-03-25 14:23:28 ----D---- C:\WUTemp
2009-03-25 14:23:24 ----A---- C:\WINDOW1\system32\iuengine.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\iglicd32.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igldev32.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxzoom.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxtray.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxsrvc.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxsrvc.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxress.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxpph.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxpers.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxext.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxexps.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\igfxdo.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\igfxdev.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\igfxcfg.exe
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuTRK.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuTHA.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuSVE.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuRUS.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuPTG.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuPTB.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuPLK.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuNOR.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuNLD.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuKOR.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuJPN.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuITA.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuHUN.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuHEB.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuFRC.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuFRA.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuFIN.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuESP.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuENG.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuELL.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmudlg.exe
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuDEU.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuDAN.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuCSY.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuCHT.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuCHS.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuARB.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuARA.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmrnt5.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmrem.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmdnt5.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmdev5.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmdd5.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\iAlmCoIn_v4543.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\hkcmd.exe
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\hccutils.dll
2009-03-25 14:19:23 ----A---- C:\WINDOW1\system32\ksuser.dll
2009-03-25 14:18:34 ----A---- C:\WINDOW1\system32\mhwt.dll
2009-03-25 14:18:34 ----A---- C:\WINDOW1\system32\intelmoh.dll
2009-03-25 14:18:34 ----A---- C:\WINDOW1\system32\IntelCci.dll
2009-03-25 14:15:56 ----A---- C:\WINDOW1\system32\usbui.dll
2009-03-25 14:15:37 ----D---- C:\WINDOW1\system32\ReinstallBackups
2009-03-25 05:39:14 ----A---- C:\WINDOW1\ntbtlog.txt
2009-03-25 05:38:33 ----SD---- C:\WINDOW1\system32\Microsoft
2009-03-25 05:29:50 ----SHD---- C:\WINDOW1\Installer
2009-03-25 05:29:48 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Identities
2009-03-25 05:29:42 ----ASH---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\desktop.ini
2009-03-25 05:29:41 ----SD---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Microsoft
2009-03-25 05:28:59 ----A---- C:\WINDOW1\SchedLgU.Txt
2009-03-25 05:24:44 ----D---- C:\WINDOW1\system32\xircom
2009-03-25 05:24:40 ----A---- C:\WINDOW1\control.ini
2009-03-25 05:24:33 ----A---- C:\WINDOW1\OEWABLog.txt
2009-03-25 05:24:25 ----A---- C:\WINDOW1\system32\mapi32.dll
2009-03-25 05:23:32 ----SD---- C:\WINDOW1\Downloaded Program Files
2009-03-25 05:23:32 ----RD---- C:\WINDOW1\Offline Web Pages
2009-03-25 05:23:32 ----RAH---- C:\WINDOW1\system32\logonui.exe.manifest
2009-03-25 05:23:25 ----RAH---- C:\WINDOW1\system32\cdplayer.exe.manifest
2009-03-25 05:23:04 ----D---- C:\WINDOW1\system32\DirectX
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\safrslv.dll
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\safrdm.dll
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\safrcdlg.dll
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\racpldlg.dll
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\atrace.dll
2009-03-25 05:22:40 ----A---- C:\WINDOW1\system32\desktop.ini
2009-03-25 05:22:40 ----A---- C:\WINDOW1\desktop.ini
2009-03-25 05:22:35 ----A---- C:\WINDOW1\system32\nmevtmsg.dll
2009-03-25 05:22:35 ----A---- C:\WINDOW1\system32\mnmsrvc.exe
2009-03-25 05:22:35 ----A---- C:\WINDOW1\system32\isrdbg32.dll
2009-03-25 05:22:34 ----A---- C:\WINDOW1\system32\inetres.dll
2009-03-25 05:22:34 ----A---- C:\WINDOW1\system32\acctres.dll
2009-03-25 05:22:32 ----SD---- C:\WINDOW1\Tasks
2009-03-25 05:22:32 ----A---- C:\WINDOW1\system32\icwphbk.dll
2009-03-25 05:22:31 ----A---- C:\WINDOW1\system32\isign32.dll
2009-03-25 05:22:31 ----A---- C:\WINDOW1\system32\inetcfg.dll
2009-03-25 05:22:31 ----A---- C:\WINDOW1\system32\icwdial.dll
2009-03-25 05:22:31 ----A---- C:\WINDOW1\system32\icfgnt5.dll
2009-03-25 05:22:27 ----D---- C:\WINDOW1\srchasst
2009-03-25 05:22:26 ----D---- C:\WINDOW1\system32\Macromed
2009-03-25 05:22:25 ----A---- C:\WINDOW1\system32\qmgr.dll
2009-03-25 05:22:22 ----D---- C:\WINDOW1\system32\Restore
2009-03-25 05:22:22 ----D---- C:\WINDOW1\PCHealth
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\srsvc.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\srrstr.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\srclient.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\nmmkcert.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\msconf.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\mnmdd.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\ils.dll
2009-03-25 05:22:19 ----A---- C:\WINDOW1\system32\msoert2.dll
2009-03-25 05:22:19 ----A---- C:\WINDOW1\system32\msoeacct.dll
2009-03-25 05:22:18 ----A---- C:\WINDOW1\system32\inetcomm.dll
2009-03-25 05:22:17 ----A---- C:\WINDOW1\system32\schedsvc.dll
2009-03-25 05:22:17 ----A---- C:\WINDOW1\system32\mstinit.exe
2009-03-25 05:22:17 ----A---- C:\WINDOW1\system32\mstask.dll
2009-03-25 05:22:02 ----A---- C:\WINDOW1\vbaddin.ini
2009-03-25 05:22:02 ----A---- C:\WINDOW1\vb.ini
2009-03-25 05:21:59 ----D---- C:\WINDOW1\Registration
2009-03-25 05:21:35 ----A---- C:\WINDOW1\system32\write.exe
2009-03-25 05:21:31 ----A---- C:\WINDOW1\system32\accwiz.exe
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\sndvol32.exe
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\sndrec32.exe
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\hypertrm.dll
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\hticons.dll
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\avwav.dll
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\avtapi.dll
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\avmeter.dll
2009-03-25 05:21:29 ----A---- C:\WINDOW1\system32\winchat.exe
2009-03-25 05:21:25 ----A---- C:\WINDOW1\system32\getuname.dll
2009-03-25 05:21:25 ----A---- C:\WINDOW1\system32\charmap.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\winmine.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\sol.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\mshearts.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\freecell.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\calc.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\usrlogon.cmd
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tsshutdn.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tslabels.ini
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tskill.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tsdiscon.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tscon.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\shadow.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\rwinsta.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\reset.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\regini.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\rdshost.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\rdpcfgex.dll
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\qwinsta.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\qprocess.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\qappsrv.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\msg.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\logoff.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\cdmodem.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\xolehlp.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\mtxoci.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtcuiu.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtctm.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtcprf.ini
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtclog.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtc.exe
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\mtxlegih.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\mtxex.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\mtxdm.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\dcomcnfg.exe
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\comrepl.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\comaddin.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\colbact.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\stclient.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\comuid.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\comsnap.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\clbcatq.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\clbcatex.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\catsrvps.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\catsrv.dll
2009-03-25 05:21:15 ----A---- C:\WINDOW1\system32\wmimgmt.msc
2009-03-25 05:21:15 ----A---- C:\WINDOW1\system32\servdeps.dll
2009-03-25 05:21:15 ----A---- C:\WINDOW1\system32\mmfutil.dll
2009-03-25 05:21:14 ----A---- C:\WINDOW1\system32\cmprops.dll
2009-03-25 05:21:10 ----A---- C:\WINDOW1\system32\mspaint.exe
2009-03-25 05:21:10 ----A---- C:\WINDOW1\system32\mplay32.exe
2009-03-25 05:21:10 ----A---- C:\WINDOW1\system32\clipbrd.exe
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\wuauserv.dll
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\wuaueng.dll
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\wuauclt.exe
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\tscfgwmi.dll
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\spider.exe
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\mstscax.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\tscupgrd.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\termsrv.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\sessmgr.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\remotepg.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdsaddin.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdpwsx.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdpsnd.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdpclip.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdchost.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\mstsc.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\icaapi.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\cfgbkend.dll
2009-03-25 05:21:07 ----D---- C:\WINDOW1\system32\MsDtc
2009-03-25 05:21:07 ----D---- C:\WINDOW1\system32\Com
2009-03-25 05:21:07 ----A---- C:\WINDOW1\system32\msdtcprx.dll
2009-03-25 05:21:07 ----A---- C:\WINDOW1\system32\comsvcs.dll
2009-03-25 05:21:07 ----A---- C:\WINDOW1\system32\catsrvut.dll
2009-03-25 05:21:04 ----A---- C:\WINDOW1\system32\licwmi.dll
2009-03-24 21:20:48 ----A---- C:\WINDOW1\system32\h323log.txt
2009-03-24 21:16:42 ----A---- C:\WINDOW1\imsins.BAK
2009-03-24 21:16:39 ----A---- C:\WINDOW1\system32\PerfStringBackup.INI
2009-03-24 21:16:38 ----A---- C:\WINDOW1\ODBCINST.INI
2009-03-24 21:16:33 ----RA---- C:\WINDOW1\system32\kbdtuq.dll
2009-03-24 21:16:33 ----RA---- C:\WINDOW1\system32\kbdtuf.dll
2009-03-24 21:16:33 ----RA---- C:\WINDOW1\system32\kbdazel.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdycc.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbduzb.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdur.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdtat.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdru1.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdru.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdmon.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdkyr.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdkaz.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdbu.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdblr.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdaze.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhept.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhela3.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhela2.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhe319.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhe220.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhe.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdgkl.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdlv1.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdlv.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdlt1.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdlt.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdest.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdycl.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdsl1.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdsl.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdro.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdpl1.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdpl.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdhu1.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdhu.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdcz2.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdcz1.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdcz.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdcr.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\KBDAL.DLL
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\spxcoins.dll
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\irclass.dll
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\EqnClass.Dll
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\dgsetup.dll
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\dgrpsetu.dll
2009-03-24 21:16:23 ----N---- C:\WINDOW1\system32\CONFIG.TMP
2009-03-24 21:16:23 ----A---- C:\WINDOW1\TASKMAN.EXE
2009-03-24 21:16:23 ----A---- C:\WINDOW1\system32\batt.dll
2009-03-24 21:16:23 ----A---- C:\WINDOW1\notepad.exe
2009-03-24 21:16:22 ----A---- C:\WINDOW1\system32\storprop.dll
2009-03-24 21:16:18 ----ASH---- C:\Documents and Settings\All Users.WINDOW1\Application Data\desktop.ini
2009-03-24 21:16:17 ----RA---- C:\WINDOW1\SET14.tmp
2009-03-24 21:16:15 ----RA---- C:\WINDOW1\SETA.tmp
2009-03-24 21:16:12 ----RA---- C:\WINDOW1\SET3.tmp
2009-03-24 21:16:08 ----D---- C:\WINDOW1\system32\CatRoot2
2009-03-24 21:16:08 ----D---- C:\WINDOW1\system32\CatRoot
2009-03-24 21:16:02 ----SD---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Microsoft
2009-03-24 21:15:51 ----A---- C:\WINDOW1\setuplog.txt
2009-03-24 21:11:41 ----RSHDC---- C:\WINDOW1\system32\dllcache
2009-03-24 21:11:41 ----RSD---- C:\WINDOW1\Fonts
2009-03-24 21:11:41 ----RD---- C:\WINDOW1\Web
2009-03-24 21:11:41 ----HD---- C:\WINDOW1\inf
2009-03-24 21:11:41 ----D---- C:\WINDOW1\WinSxS
2009-03-24 21:11:41 ----D---- C:\WINDOW1\twain_32
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\wins
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\wbem
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\usmt
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\spool
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\ShellExt
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\Setup
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\ras
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\oobe
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\npp
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\mui
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\inetsrv
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\IME
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\icsxml
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\ias
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\export
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\drivers
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\dhcp
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\config
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\3com_dmi
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\3076
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\2052
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1054
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1042
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1041
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1037
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1033
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1031
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1028
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1025
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system
2009-03-24 21:11:41 ----D---- C:\WINDOW1\security
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Resources
2009-03-24 21:11:41 ----D---- C:\WINDOW1\repair
2009-03-24 21:11:41 ----D---- C:\WINDOW1\mui
2009-03-24 21:11:41 ----D---- C:\WINDOW1\msapps
2009-03-24 21:11:41 ----D---- C:\WINDOW1\msagent
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Media
2009-03-24 21:11:41 ----D---- C:\WINDOW1\java
2009-03-24 21:11:41 ----D---- C:\WINDOW1\ime
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Help
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Driver Cache
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Debug
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Cursors
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Connection Wizard
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Config
2009-03-24 21:11:41 ----D---- C:\WINDOW1\AppPatch
2009-03-24 21:11:41 ----D---- C:\WINDOW1\addins
2009-03-24 21:11:41 ----D---- C:\WINDOW1
2009-03-14 17:30:25 ----SHD---- C:\$RECYCLE.BIN
2009-03-13 14:19:42 ----D---- C:\SiteAdvisor
2009-03-13 14:19:42 ----D---- C:\McAfee
2009-03-13 13:48:52 ----D---- C:\Temp
2009-03-12 08:18:57 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 2 months======

2009-04-09 09:46:50 ----RD---- C:\Program Files
2009-04-09 09:46:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-08 23:58:12 ----D---- C:\Program Files\Mozilla Firefox
2009-04-08 16:02:22 ----D---- C:\Program Files\iPod
2009-03-31 17:05:42 ----D---- C:\Program Files\MSBuild
2009-03-31 15:25:14 ----D---- C:\Qoobox
2009-03-31 15:22:25 ----A---- C:\WINDOW1\system.ini
2009-03-31 15:21:10 ----D---- C:\Program Files\Common Files
2009-03-31 10:28:35 ----D---- C:\WINDOWS
2009-03-31 08:11:07 ----A---- C:\WINDOW1\powerid3editor.ini
2009-03-31 00:07:19 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-30 19:46:37 ----D---- C:\Program Files\Messenger
2009-03-30 14:02:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-30 11:24:13 ----D---- C:\Program Files\Windows Media Player
2009-03-30 11:23:16 ----D---- C:\Program Files\Movie Maker
2009-03-30 11:18:22 ----D---- C:\Program Files\NetMeeting
2009-03-30 11:18:16 ----D---- C:\Program Files\Windows NT
2009-03-30 11:18:16 ----D---- C:\Program Files\Outlook Express
2009-03-30 11:18:11 ----D---- C:\Program Files\Common Files\System
2009-03-30 01:02:57 ----D---- C:\Program Files\Internet Explorer
2009-03-26 13:44:39 ----D---- C:\Program Files\Common Files\Adobe
2009-03-26 05:23:54 ----A---- C:\WINDOW1\win.ini
2009-03-25 20:28:23 ----D---- C:\Program Files\QuickTime
2009-03-25 20:09:37 ----D---- C:\Program Files\Common Files\DESIGNER
2009-03-25 17:11:35 ----RASH---- C:\boot.ini
2009-03-25 17:08:14 ----D---- C:\Documents and Settings
2009-03-25 16:56:52 ----RASH---- C:\NTDETECT.COM
2009-03-25 15:27:15 ----D---- C:\Program Files\PowerISO
2009-03-25 15:02:31 ----HD---- C:\Program Files\WindowsUpdate
2009-03-25 05:29:00 ----SHD---- C:\System Volume Information
2009-03-25 05:21:38 ----D---- C:\Program Files\MSN
2009-03-23 22:37:18 ----D---- C:\drivers
2009-02-28 13:16:35 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOW1\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOW1\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOW1\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOW1\System32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOW1\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOW1\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOW1\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOW1\System32\DRIVERS\ialmnt5.sys [2006-03-24 1166972]
R3 IntelC51;IntelC51; C:\WINDOW1\System32\DRIVERS\IntelC51.sys [2005-05-06 1339776]
R3 IntelC52;IntelC52; C:\WINDOW1\System32\DRIVERS\IntelC52.sys [2006-03-02 618880]
R3 IntelC53;IntelC53; C:\WINDOW1\System32\DRIVERS\IntelC53.sys [2005-05-06 47360]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOW1\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOW1\System32\DRIVERS\mohfilt.sys [2005-05-06 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOW1\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOW1\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOW1\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOW1\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOW1\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\JOEKLE~1.MOR\LOCALS~1\Temp\catchme.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOW1\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOW1\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOW1\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOW1\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOW1\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 WSearch;Windows Search; C:\WINDOW1\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOW1\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOW1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOW1\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service []
S3 idsvc;Windows CardSpace; c:\WINDOW1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOW1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:32 PM

Posted 20 April 2009 - 12:19 PM

I was diagnosed Friday with Trigger thumb which is a condition in which my thumb catches in a bent position. My thumb straightens with a snap — like a trigger being pulled and released. It can cause my finger to become locked in a bent position. It is very painful. I am wearing a brace on my left hand.

I can still type and plan to continue working your log. Please be patient as it does slow me down.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:32 PM

Posted 21 April 2009 - 05:16 PM

Step A
  • Please download GooredFix , making sure that you save this file to your Desktop.
  • Double-click GooredFix.exe on your Desktop (Note: If you are using Vista, right-click GooredFix and select Run As Administrator...).
  • Select Option#1 - Find Goored (no fix), by typing 1 and pressing Enter.
  • A logfile should popup shortly. Please post the log in your next reply.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 armennen

armennen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 23 April 2009 - 08:20 AM

Hi Suebaby,
Wow, that sounds rough with the thumb and all. Hopefully it'll start feeling good again soon.
Anyways, here is the logfile you requested.
Thanks,
joe

GooredFix v1.92 by jpshortstuff
Log created at 09:17 on 23/04/2009 running Option #1 (Joe Klein)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{D6EA6B9E-9D18-451D-846D-6DE680D87A5A}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOW1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:32 PM

Posted 23 April 2009 - 08:35 AM

Thanks. Will probably have to have surgery on my hand. I will be glad to get it fixed.

Step B
  • Close all Windows and Browsers, especially any Firefox Windows.
  • Double-click GooredFix.exe on your Desktop (Note: If you are using Vista right-click GooredFix and select Run As Administrator...)
  • Select Option#2 - Fix Goored by typing 2 and pressing Enter.
  • At the prompt, type y and press Enter.
  • GooredFix will now remove the infection, and a new log will popup. Please post the log in your next reply.
Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:32 PM

Posted 23 April 2009 - 08:38 AM

Step 1

The item(s) below indicate(s) you have installed uTorrent.

C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe"


Since the nature of P2P programs are counter productive to restoring your PC to a healthy state, I ask that you remove P2P file sharing programs prior to my providing you with malware removal assistance. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer.

The people who design and distribute malware will use any method to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular method is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.
To remove the P2P program:
  • Click Start > Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight , click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.
  • Using Windows Explorer (Windows key+e), search for the folder. If the program folder is still there, select/highlight . DELETE it. (File > Delete.) If Windows is not installed on the C drive, replace C:\ with the appropriate drive letter.
  • Close Windows Explorer.
There is a Video showing how to uninstall a program (Grinler) detailing how to add or remove program in Windows for those who find a visual aid appealing. NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

I am not asking you to do remove the P2P program(s) without giving you good reasons for doing so.
  • P2P programs form a direct conduit on to your computer.
  • P2P security measures are easily circumvented.
  • Some P2P programs will share everything on the computer with anyone by default. If your P2P program is not configured correctly, you may be sharing more files than you realize.
  • There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.
  • P2P programs have always been a target of malware writers. There are more Viruses, Worms and Trojans being distributed with the downloaded files.
  • P2P programs connected to a network can be used to spread malware, share private documents, or use the file server to both store and forward malware.
  • Many of the files in P2P networks are copyrighted and legal action could result.
  • Pedophiles can use P2P communities to distribute child porn materials or attempt to make contact with children.
  • This article from InfoWorld, Seattle Man Arrested For P To P ID Theft, illustrates perfectly the dangers of a poorly configured P2P program.
  • Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
  • When you use them, you are downloading software from an unknown source directly onto your computer bypassing your Firewall and Anti-Virus software. Many of these Downloads are being targeted to carry infections.
References for the risk of these programs are:If you continue to use P2P programs, you will probably get infected again.

Please uninstall all P2P programs.

Step 2

An antivirus program is an essential part of computer security and you do not appear to have one running on your system. There are a few available for free that have excellent reputations.

AVG 8 Anti-Virus Free Edition

AntiVir Personal

Avast! 4 Home Edition
If needed, see How to Install, Configure, and Use Avast Antivirus

For an article on antivirus programs and a listing of some available ones see the link below:
Computer Safety On line - Anti-Virus

Step 3

A Firewall is an essential part of computer security and you do not appear to have a third party software firewall running on your system. If you have one, and I missed it, please ignore this. The firewalls in Windows XP SP2 and SP3 are more effective than that in SP1, but neither filters outbound traffic (traffic going out from your computer to the Internet). In SP2 and SP3 the firewall is ON by default, but in SP1 it is OFF by default. In Vista, the firewall operates both inbound and outbound, but by default, most outbound filtering in the Windows Vista firewall is turned off.

A third party firewall is generally considered to be more effective and more configurable and usually works on both inbound and outbound traffic.

There are several firewalls that provide better protection than the Windows SP2/SP3 firewalls. Follow these steps to turn off/disable the Windows Firewall before installing a new firewall:
  • Download the new firewall to your desktop.
  • Disconnect from the Internet.
  • Click Start > Control Panel.
  • Switch to Classic View if you have not already done so.
  • Double click on the Windows Firewall icon.
  • Click Off (Not recommended).
  • Install the new Firewall.
Do not attempt to run two software firewalls since like running two antivirus programs, they will possibly cause problems and conflict with each other.

There are a few firewalls available for free that appear to be good and easy to use:For more information about firewalls, and why a two-way firewall is better than the Windows XP one-way firewall, please read Understanding and Using Firewalls.

Step 4

Please post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#10 armennen

armennen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 23 April 2009 - 09:29 PM

Hi, I deleted the P2P program as you requested (I couldn't find any folders so hopefully that's everything).

Here is the Goored Log
GooredFix v1.92 by jpshortstuff
Log created at 22:26 on 23/04/2009 running Option #2 (Joe Klein)
Firefox version 3.0.8 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{D6EA6B9E-9D18-451D-846D-6DE680D87A5A}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

Here is my hijack this log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Joe Klein at 2009-04-23 22:27:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (7%) free of 148 GB
Total RAM: 502 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:31 PM, on 4/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOW1\System32\smss.exe
C:\WINDOW1\system32\winlogon.exe
C:\WINDOW1\system32\services.exe
C:\WINDOW1\system32\lsass.exe
C:\WINDOW1\system32\svchost.exe
C:\WINDOW1\System32\svchost.exe
C:\WINDOW1\system32\spoolsv.exe
C:\WINDOW1\Explorer.EXE
C:\WINDOW1\System32\hkcmd.exe
C:\WINDOW1\System32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOW1\stsystra.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOW1\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOW1\System32\svchost.exe
C:\WINDOW1\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOW1\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Brownie\brstswnd.exe
C:\Program Files\iTunes\iTunes.exe
c:\WINDOW1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOW1\system32\wuauclt.exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Local Settings\Temporary Internet Files\Content.IE5\RK4KLY6Y\GooredFix[1].exe
C:\WINDOW1\system32\cmd.exe
C:\WINDOW1\system32\notepad.exe
C:\WINDOW1\system32\SearchProtocolHost.exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Local Settings\Temporary Internet Files\Content.IE5\HHR0TMPJ\RSIT[1].exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\FIX\Joe Klein.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOW1\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOW1\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOW1\System32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOW1\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW1\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238007617937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238009414062
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5657 bytes

======Scheduled tasks folder======

C:\WINDOW1\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOW1\System32\igfxtray.exe [2006-03-24 94208]
"igfxhkcmd"=C:\WINDOW1\System32\hkcmd.exe [2006-03-24 77824]
"igfxpers"=C:\WINDOW1\System32\igfxpers.exe [2006-03-24 118784]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SigmatelSysTrayApp"=C:\WINDOW1\stsystra.exe [2005-03-22 339968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe []
"ctfmon.exe"=C:\WINDOW1\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]

C:\Documents and Settings\All Users.WINDOW1\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-01-09 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOW1\system32\igfxdev.dll [2006-03-24 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe"="C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-04-17 02:43:03 ----HDC---- C:\WINDOW1\$NtUninstallKB959426$
2009-04-17 02:42:57 ----HDC---- C:\WINDOW1\$NtUninstallKB961373$
2009-04-17 02:41:24 ----HDC---- C:\WINDOW1\$NtUninstallKB956572$
2009-04-17 02:41:05 ----HDC---- C:\WINDOW1\$NtUninstallKB952004$
2009-04-17 02:39:58 ----HDC---- C:\WINDOW1\$NtUninstallKB960803$
2009-04-17 02:39:49 ----HDC---- C:\WINDOW1\$NtUninstallKB923561$
2009-04-17 00:02:09 ----N---- C:\WINDOW1\system32\xpsp4res.dll
2009-04-13 22:27:26 ----D---- C:\rsit
2009-04-11 17:38:33 ----A---- C:\WINDOW1\system32\ptpusb.dll
2009-04-11 17:38:23 ----A---- C:\WINDOW1\system32\ptpusd.dll
2009-04-09 19:47:08 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\vsosdk
2009-04-09 09:49:15 ----A---- C:\WINDOW1\BRWMARK.INI
2009-04-09 09:46:51 ----A---- C:\WINDOW1\BRVIDEO.INI
2009-04-09 09:46:51 ----A---- C:\WINDOW1\brmx2001.ini
2009-04-09 09:46:51 ----A---- C:\WINDOW1\BRDIAG.INI
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRVPDNTA.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRVPD95A.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRGSRC32.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRGSRC16.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\Brdiag2.exe
2009-04-09 09:46:50 ----N---- C:\WINDOW1\system32\BRRBTOOL.EXE
2009-04-09 09:46:50 ----D---- C:\Program Files\Brownie
2009-04-09 09:46:50 ----A---- C:\WINDOW1\HL-2040.INI
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\BROSNMP.DLL
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\brlmw03a.ini
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\brlmw03a.dll
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\brlm03a.dll
2009-04-09 09:46:06 ----D---- C:\Program Files\Brother
2009-04-09 09:46:06 -------- C:\WINDOW1\system32\Pdrvinst.dll
2009-04-09 09:45:55 ----A---- C:\WINDOW1\Brownie.ini
2009-04-08 16:02:05 ----D---- C:\Program Files\iTunes
2009-04-08 16:02:05 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 08:35:08 ----A---- C:\WINDOW1\system32\lfgif13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltkrn13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltimg13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltfil13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltefx13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltdis13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\lfcmp13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\lfbmp13n.dll
2009-03-31 17:34:45 ----HDC---- C:\WINDOW1\$NtUninstallKB961118$
2009-03-31 17:05:48 ----D---- C:\WINDOW1\system32\XPSViewer
2009-03-31 17:05:32 ----D---- C:\Program Files\Reference Assemblies
2009-03-31 17:04:48 ----N---- C:\WINDOW1\system32\prntvpt.dll
2009-03-31 17:04:47 ----N---- C:\WINDOW1\system32\xpssvcs.dll
2009-03-31 17:04:47 ----N---- C:\WINDOW1\system32\xpsshhdr.dll
2009-03-31 17:04:47 ----D---- C:\7f1c3085bd5d3f754b65d96f36e5b9f8
2009-03-31 16:56:32 ----D---- C:\WINDOW1\system32\GroupPolicy
2009-03-31 16:56:20 ----HDC---- C:\WINDOW1\$NtUninstallKB940157$
2009-03-31 16:56:11 ----HDC---- C:\WINDOW1\$NtUninstallKB915800-v4$
2009-03-31 16:53:38 ----RSD---- C:\WINDOW1\assembly
2009-03-31 16:53:38 ----D---- C:\WINDOW1\Microsoft.NET
2009-03-31 16:53:36 ----D---- C:\WINDOW1\system32\URTTemp
2009-03-31 15:26:52 ----SHD---- C:\RECYCLER
2009-03-31 15:25:12 ----D---- C:\WINDOW1\temp
2009-03-31 15:25:11 ----A---- C:\ComboFix.txt
2009-03-31 15:18:27 ----A---- C:\WINDOW1\zip.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\VFIND.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\SWXCACLS.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\SWSC.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\SWREG.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\sed.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\NIRCMD.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\grep.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\fdsv.exe
2009-03-31 10:02:07 ----A---- C:\WINDOW1\system32\tmp.txt
2009-03-31 10:02:03 ----A---- C:\rapport.txt
2009-03-31 08:05:06 ----D---- C:\Program Files\Sagasoft
2009-03-31 00:50:56 ----HDC---- C:\WINDOW1\$NtUninstallKB951978$
2009-03-31 00:50:48 ----HDC---- C:\WINDOW1\$NtUninstallKB954459$
2009-03-31 00:07:27 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\SUPERAntiSpyware.com
2009-03-30 19:46:35 ----HDC---- C:\WINDOW1\$NtUninstallKB946648$
2009-03-30 17:27:45 ----D---- C:\WINDOW1\Prefetch
2009-03-30 14:01:39 ----D---- C:\WINDOW1\ERDNT
2009-03-30 14:01:17 ----D---- C:\Program Files\CCleaner
2009-03-30 14:01:00 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Malwarebytes
2009-03-30 14:00:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-30 14:00:54 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Malwarebytes
2009-03-30 11:33:05 ----HDC---- C:\WINDOW1\$NtUninstallKB967715$
2009-03-30 11:32:55 ----HDC---- C:\WINDOW1\$NtUninstallKB960225$
2009-03-30 11:32:48 ----HDC---- C:\WINDOW1\$NtUninstallKB958690$
2009-03-30 11:32:40 ----HDC---- C:\WINDOW1\$NtUninstallKB958687$
2009-03-30 11:32:34 ----HDC---- C:\WINDOW1\$NtUninstallKB958644$
2009-03-30 11:32:26 ----HDC---- C:\WINDOW1\$NtUninstallKB957097$
2009-03-30 11:32:17 ----HDC---- C:\WINDOW1\$NtUninstallKB956841$
2009-03-30 11:32:10 ----HDC---- C:\WINDOW1\$NtUninstallKB956803$
2009-03-30 11:32:01 ----HDC---- C:\WINDOW1\$NtUninstallKB956802$
2009-03-30 11:31:53 ----HDC---- C:\WINDOW1\$NtUninstallKB955069$
2009-03-30 11:31:46 ----HDC---- C:\WINDOW1\$NtUninstallKB954600$
2009-03-30 11:31:40 ----HDC---- C:\WINDOW1\$NtUninstallKB952954$
2009-03-30 11:31:25 ----HDC---- C:\WINDOW1\$NtUninstallKB952287$
2009-03-30 11:31:17 ----HDC---- C:\WINDOW1\$NtUninstallKB951748$
2009-03-30 11:31:10 ----HDC---- C:\WINDOW1\$NtUninstallKB951698$
2009-03-30 11:31:04 ----HDC---- C:\WINDOW1\$NtUninstallKB951376-v2$
2009-03-30 11:30:55 ----HDC---- C:\WINDOW1\$NtUninstallKB951066$
2009-03-30 11:30:48 ----HDC---- C:\WINDOW1\$NtUninstallKB950974$
2009-03-30 11:30:42 ----HDC---- C:\WINDOW1\$NtUninstallKB950762$
2009-03-30 11:30:32 ----HDC---- C:\WINDOW1\$NtUninstallKB938464-v2$
2009-03-30 11:23:18 ----D---- C:\WINDOW1\system32\scripting
2009-03-30 11:23:17 ----D---- C:\WINDOW1\l2schemas
2009-03-30 11:23:16 ----D---- C:\WINDOW1\system32\en
2009-03-26 13:45:19 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-26 13:44:13 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Adobe
2009-03-26 13:43:08 ----D---- C:\Program Files\Adobe
2009-03-26 13:39:56 ----D---- C:\Program Files\NOS
2009-03-26 13:39:56 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\NOS
2009-03-26 10:00:50 ----D---- C:\WINDOW1\ie7updates
2009-03-26 10:00:04 ----D---- C:\WINDOW1\WBEM
2009-03-26 10:00:03 ----D---- C:\WINDOW1\system32\en-US
2009-03-26 09:58:45 ----HDC---- C:\WINDOW1\ie7
2009-03-26 09:58:31 ----HDC---- C:\WINDOW1\$NtServicePackUninstallIDNMitigationAPIs$
2009-03-26 09:58:13 ----HDC---- C:\WINDOW1\$NtServicePackUninstallNLSDownlevelMapping$
2009-03-26 09:57:48 ----HDC---- C:\WINDOW1\$NtUninstallKB915865$
2009-03-26 09:57:43 ----N---- C:\WINDOW1\system32\xmllite.dll
2009-03-26 09:56:28 ----D---- C:\WINDOW1\network diagnostic
2009-03-26 09:56:26 ----HDC---- C:\WINDOW1\$NtUninstallKB914440$
2009-03-26 09:56:17 ----HDC---- C:\WINDOW1\$NtUninstallKB904942$
2009-03-26 05:30:35 ----HDC---- C:\WINDOW1\$NtUninstallKB951376-v2_0$
2009-03-26 05:30:29 ----HDC---- C:\WINDOW1\$NtUninstallKB952954_0$
2009-03-26 05:30:04 ----HDC---- C:\WINDOW1\$NtUninstallKB956803_0$
2009-03-26 05:29:33 ----HDC---- C:\WINDOW1\$NtUninstallKB955839$
2009-03-26 05:29:17 ----HDC---- C:\WINDOW1\$NtUninstallKB958215$
2009-03-26 05:28:19 ----HDC---- C:\WINDOW1\$NtUninstallKB950974_0$
2009-03-26 05:28:13 ----HDC---- C:\WINDOW1\$NtUninstallKB951698_0$
2009-03-26 05:28:05 ----HDC---- C:\WINDOW1\$NtUninstallKB960225_0$
2009-03-26 05:27:56 ----HDC---- C:\WINDOW1\$NtUninstallKB956841_0$
2009-03-26 05:27:48 ----HDC---- C:\WINDOW1\$NtUninstallKB960714$
2009-03-26 05:26:44 ----HDC---- C:\WINDOW1\$NtUninstallKB938464-v2_0$
2009-03-26 05:26:39 ----HDC---- C:\WINDOW1\$NtUninstallKB952069_WM9$
2009-03-26 05:25:42 ----HDC---- C:\WINDOW1\$NtUninstallKB950762_0$
2009-03-26 05:25:37 ----HDC---- C:\WINDOW1\$NtUninstallKB957097_0$
2009-03-26 05:25:32 ----HDC---- C:\WINDOW1\$NtUninstallKB960715$
2009-03-26 05:25:27 ----HDC---- C:\WINDOW1\$NtUninstallKB958687_0$
2009-03-26 05:25:22 ----HDC---- C:\WINDOW1\$NtUninstallKB952287_0$
2009-03-26 05:25:12 ----HDC---- C:\WINDOW1\$NtUninstallKB967715_0$
2009-03-26 05:25:06 ----HDC---- C:\WINDOW1\$NtUninstallKB950760$
2009-03-26 05:25:01 ----HDC---- C:\WINDOW1\$NtUninstallKB951066_0$
2009-03-26 05:24:52 ----HDC---- C:\WINDOW1\$NtUninstallKB958690_0$
2009-03-26 05:18:13 ----HDC---- C:\WINDOW1\$NtUninstallKB951748_0$
2009-03-26 05:18:07 ----HDC---- C:\WINDOW1\$NtUninstallKB954600_0$
2009-03-26 05:18:02 ----HDC---- C:\WINDOW1\$NtUninstallKB958644_0$
2009-03-26 05:17:56 ----HDC---- C:\WINDOW1\$NtUninstallKB955069_0$
2009-03-26 05:17:37 ----HDC---- C:\WINDOW1\$NtUninstallKB956802_0$
2009-03-26 05:17:31 ----N---- C:\WINDOW1\system32\spmsg.dll
2009-03-26 05:17:29 ----HDC---- C:\WINDOW1\$NtUninstallKB944338-v2$
2009-03-25 22:02:29 ----N---- C:\WINDOW1\system32\wmphoto.dll
2009-03-25 22:02:19 ----N---- C:\WINDOW1\system32\wlanapi.dll
2009-03-25 22:02:14 ----N---- C:\WINDOW1\system32\windowscodecsext.dll
2009-03-25 22:02:14 ----N---- C:\WINDOW1\system32\windowscodecs.dll
2009-03-25 22:02:08 ----N---- C:\WINDOW1\system32\verclsid.exe
2009-03-25 22:01:58 ----N---- C:\WINDOW1\system32\tspkg.dll
2009-03-25 22:01:57 ----N---- C:\WINDOW1\system32\tsgqec.dll
2009-03-25 22:01:28 ----N---- C:\WINDOW1\system32\setupn.exe
2009-03-25 22:01:18 ----N---- C:\WINDOW1\system32\rhttpaa.dll
2009-03-25 22:01:14 ----N---- C:\WINDOW1\system32\rasqec.dll
2009-03-25 22:01:13 ----N---- C:\WINDOW1\system32\qutil.dll
2009-03-25 22:01:10 ----N---- C:\WINDOW1\system32\qcliprov.dll
2009-03-25 22:01:10 ----N---- C:\WINDOW1\system32\qagentrt.dll
2009-03-25 22:01:10 ----N---- C:\WINDOW1\system32\qagent.dll
2009-03-25 22:01:06 ----N---- C:\WINDOW1\system32\photometadatahandler.dll
2009-03-25 22:00:59 ----N---- C:\WINDOW1\system32\onex.dll
2009-03-25 22:00:36 ----N---- C:\WINDOW1\system32\napstat.exe
2009-03-25 22:00:36 ----N---- C:\WINDOW1\system32\napmontr.dll
2009-03-25 22:00:36 ----N---- C:\WINDOW1\system32\napipsec.dll
2009-03-25 22:00:33 ----N---- C:\WINDOW1\system32\msxml6r.dll
2009-03-25 22:00:33 ----N---- C:\WINDOW1\system32\msxml6.dll
2009-03-25 22:00:27 ----N---- C:\WINDOW1\system32\msshavmsg.dll
2009-03-25 22:00:27 ----N---- C:\WINDOW1\system32\mssha.dll
2009-03-25 21:59:52 ----N---- C:\WINDOW1\system32\mmcperf.exe
2009-03-25 21:59:51 ----N---- C:\WINDOW1\system32\mmcfxcommon.dll
2009-03-25 21:59:51 ----N---- C:\WINDOW1\system32\mmcex.dll
2009-03-25 21:59:51 ----N---- C:\WINDOW1\system32\microsoft.managementconsole.dll
2009-03-25 21:59:21 ----N---- C:\WINDOW1\system32\l2gpstore.dll
2009-03-25 21:59:20 ----N---- C:\WINDOW1\system32\kmsvc.dll
2009-03-25 21:59:18 ----N---- C:\WINDOW1\system32\kbdpash.dll
2009-03-25 21:59:18 ----N---- C:\WINDOW1\system32\kbdnepr.dll
2009-03-25 21:59:18 ----N---- C:\WINDOW1\system32\kbdiultn.dll
2009-03-25 21:59:17 ----N---- C:\WINDOW1\system32\kbdbhc.dll
2009-03-25 21:58:48 ----A---- C:\WINDOW1\004997_.tmp
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eapsvc.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eapqec.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eappprxy.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eapphost.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eappgnui.dll
2009-03-25 21:58:44 ----N---- C:\WINDOW1\system32\eappcfg.dll
2009-03-25 21:58:43 ----N---- C:\WINDOW1\system32\eapp3hst.dll
2009-03-25 21:58:43 ----N---- C:\WINDOW1\system32\eapolqec.dll
2009-03-25 21:58:35 ----N---- C:\WINDOW1\system32\dot3ui.dll
2009-03-25 21:58:35 ----N---- C:\WINDOW1\system32\dot3svc.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3msm.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3gpclnt.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3dlg.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3cfg.dll
2009-03-25 21:58:34 ----N---- C:\WINDOW1\system32\dot3api.dll
2009-03-25 21:58:30 ----N---- C:\WINDOW1\system32\dimsroam.dll
2009-03-25 21:58:30 ----N---- C:\WINDOW1\system32\dimsntfy.dll
2009-03-25 21:58:29 ----N---- C:\WINDOW1\system32\dhcpqec.dll
2009-03-25 21:58:19 ----N---- C:\WINDOW1\system32\credssp.dll
2009-03-25 21:57:45 ----N---- C:\WINDOW1\system32\bitsprx4.dll
2009-03-25 21:57:39 ----N---- C:\WINDOW1\system32\azroles.dll
2009-03-25 21:56:33 ----N---- C:\WINDOW1\system32\aaclient.dll
2009-03-25 20:55:55 ----A---- C:\WINDOW1\stsystra.exe
2009-03-25 20:55:05 ----A---- C:\WINDOW1\system32\staco.dll
2009-03-25 20:52:14 ----HDC---- C:\WINDOW1\$NtUninstallKB835221WXP$
2009-03-25 20:52:01 ----A---- C:\WINDOW1\system32\stacapi.dll
2009-03-25 20:52:00 ----D---- C:\Program Files\SigmaTel
2009-03-25 20:30:19 ----A---- C:\WINDOW1\system32\GEARAspi.dll
2009-03-25 20:29:43 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-25 20:29:19 ----D---- C:\Program Files\Bonjour
2009-03-25 20:27:47 ----N---- C:\WINDOW1\system32\xpsp3res.dll
2009-03-25 20:26:41 ----DC---- C:\WINDOW1\system32\DRVSTORE
2009-03-25 20:26:41 ----A---- C:\WINDOW1\system32\usbaaplrc.dll
2009-03-25 20:18:53 ----A---- C:\WINDOW1\system32\MRT.exe
2009-03-25 20:18:40 ----A---- C:\WINDOW1\setdebug.exe
2009-03-25 20:18:39 ----A---- C:\WINDOW1\system32\javaee.dll
2009-03-25 20:13:01 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Apple Computer
2009-03-25 20:12:34 ----D---- C:\Program Files\Safari
2009-03-25 20:12:34 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Apple Computer
2009-03-25 20:12:19 ----D---- C:\Program Files\Apple Software Update
2009-03-25 20:12:19 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Apple
2009-03-25 20:07:06 ----A---- C:\WINDOW1\system32\msonpmon.dll
2009-03-25 19:58:29 ----D---- C:\WINDOW1\SHELLNEW
2009-03-25 19:57:38 ----D---- C:\Program Files\Microsoft Office
2009-03-25 19:57:38 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Microsoft Help
2009-03-25 17:41:28 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\New Tier
2009-03-25 17:41:25 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Propellerhead Software
2009-03-25 17:41:25 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\OfficeUpdate12
2009-03-25 17:41:25 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Nikon
2009-03-25 17:41:16 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Real
2009-03-25 17:35:46 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\SiteAdvisor
2009-03-25 17:35:46 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\SecondLife
2009-03-25 17:35:45 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Sonic
2009-03-25 17:35:45 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\SlySoft
2009-03-25 17:35:45 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\skypePM
2009-03-25 17:35:45 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Skype
2009-03-25 17:35:43 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Sun
2009-03-25 17:35:35 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\SUPERAntiSpyware.com
2009-03-25 17:35:34 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Talkback
2009-03-25 17:35:33 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\U3
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Yahoo!
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\XnView
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\WinRAR
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Windows Search
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Windows Desktop Search
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Vso
2009-03-25 17:35:32 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Viewpoint
2009-03-25 17:35:31 ----A---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\ezpinst.exe
2009-03-25 17:11:51 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Citrix
2009-03-25 17:11:26 ----D---- C:\Program Files\Citrix
2009-03-25 17:10:08 ----D---- C:\WINDOW1\peernet
2009-03-25 17:10:06 ----D---- C:\WINDOW1\provisioning
2009-03-25 17:08:15 ----D---- C:\drvrtmp
2009-03-25 17:08:15 ----A---- C:\WINDOW1\system32\Prounstl.exe
2009-03-25 17:08:15 ----A---- C:\WINDOW1\system32\IntelNic.dll
2009-03-25 17:04:15 ----D---- C:\WINDOW1\ServicePackFiles
2009-03-25 16:52:36 ----HDC---- C:\WINDOW1\$NtServicePackUninstall$
2009-03-25 16:52:34 ----D---- C:\WINDOW1\EHome
2009-03-25 16:44:46 ----N---- C:\WINDOW1\system32\spnpinst.exe
2009-03-25 16:31:14 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Mozilla
2009-03-25 15:32:31 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Windows Genuine Advantage
2009-03-25 15:31:08 ----A---- C:\WINDOW1\system32\mucltui.dll.mui
2009-03-25 15:31:08 ----A---- C:\WINDOW1\system32\mucltui.dll
2009-03-25 15:07:17 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Macromedia
2009-03-25 15:07:16 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Adobe
2009-03-25 15:04:05 ----D---- C:\WINDOW1\system32\PreInstall
2009-03-25 15:04:04 ----A---- C:\WINDOW1\system32\spupdsvc.exe
2009-03-25 15:04:03 ----HDC---- C:\WINDOW1\$NtUninstallKB898461$
2009-03-25 15:04:03 ----HD---- C:\WINDOW1\$hf_mig$
2009-03-25 15:03:49 ----HDC---- C:\WINDOW1\$MSI31Uninstall_KB893803v2$
2009-03-25 15:03:49 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\uTorrent
2009-03-25 15:03:28 ----D---- C:\WINDOW1\system32\bits
2009-03-25 15:03:23 ----HDC---- C:\WINDOW1\$NtUninstallKB842773$
2009-03-25 15:03:09 ----N---- C:\WINDOW1\system32\xpob2res.dll
2009-03-25 15:03:09 ----N---- C:\WINDOW1\system32\bitsprx3.dll
2009-03-25 15:03:09 ----N---- C:\WINDOW1\system32\bitsprx2.dll
2009-03-25 15:03:09 ----A---- C:\WINDOW1\system32\winhttp.dll
2009-03-25 15:03:09 ----A---- C:\WINDOW1\system32\qmgrprxy.dll
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wups2.dll
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wups.dll
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wucltui.dll.mui
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wucltui.dll
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wuaueng.dll.mui
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wuapi.dll.mui
2009-03-25 15:02:30 ----A---- C:\WINDOW1\system32\wuapi.dll
2009-03-25 15:00:20 ----D---- C:\WINDOW1\SoftwareDistribution
2009-03-25 14:27:58 ----A---- C:\WINDOW1\system32\igfxres.dll
2009-03-25 14:23:28 ----D---- C:\WUTemp
2009-03-25 14:23:24 ----A---- C:\WINDOW1\system32\iuengine.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\iglicd32.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igldev32.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxzoom.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxtray.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxsrvc.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxsrvc.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxress.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxpph.dll
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxpers.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxext.exe
2009-03-25 14:20:07 ----A---- C:\WINDOW1\system32\igfxexps.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\igfxdo.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\igfxdev.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\igfxcfg.exe
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuTRK.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuTHA.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuSVE.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuRUS.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuPTG.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuPTB.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuPLK.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuNOR.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuNLD.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuKOR.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuJPN.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuITA.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuHUN.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuHEB.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuFRC.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuFRA.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuFIN.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuESP.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuENG.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuELL.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmudlg.exe
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuDEU.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuDAN.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuCSY.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuCHT.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuCHS.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuARB.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmuARA.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmrnt5.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmrem.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmdnt5.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmdev5.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\ialmdd5.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\iAlmCoIn_v4543.dll
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\hkcmd.exe
2009-03-25 14:20:06 ----A---- C:\WINDOW1\system32\hccutils.dll
2009-03-25 14:19:23 ----A---- C:\WINDOW1\system32\ksuser.dll
2009-03-25 14:18:34 ----A---- C:\WINDOW1\system32\mhwt.dll
2009-03-25 14:18:34 ----A---- C:\WINDOW1\system32\intelmoh.dll
2009-03-25 14:18:34 ----A---- C:\WINDOW1\system32\IntelCci.dll
2009-03-25 14:15:56 ----A---- C:\WINDOW1\system32\usbui.dll
2009-03-25 14:15:37 ----D---- C:\WINDOW1\system32\ReinstallBackups
2009-03-25 05:39:14 ----A---- C:\WINDOW1\ntbtlog.txt
2009-03-25 05:38:33 ----SD---- C:\WINDOW1\system32\Microsoft
2009-03-25 05:29:50 ----SHD---- C:\WINDOW1\Installer
2009-03-25 05:29:48 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Identities
2009-03-25 05:29:42 ----ASH---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\desktop.ini
2009-03-25 05:29:41 ----SD---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Microsoft
2009-03-25 05:28:59 ----A---- C:\WINDOW1\SchedLgU.Txt
2009-03-25 05:24:44 ----D---- C:\WINDOW1\system32\xircom
2009-03-25 05:24:40 ----A---- C:\WINDOW1\control.ini
2009-03-25 05:24:33 ----A---- C:\WINDOW1\OEWABLog.txt
2009-03-25 05:24:25 ----A---- C:\WINDOW1\system32\mapi32.dll
2009-03-25 05:23:32 ----SD---- C:\WINDOW1\Downloaded Program Files
2009-03-25 05:23:32 ----RD---- C:\WINDOW1\Offline Web Pages
2009-03-25 05:23:32 ----RAH---- C:\WINDOW1\system32\logonui.exe.manifest
2009-03-25 05:23:25 ----RAH---- C:\WINDOW1\system32\cdplayer.exe.manifest
2009-03-25 05:23:04 ----D---- C:\WINDOW1\system32\DirectX
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\safrslv.dll
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\safrdm.dll
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\safrcdlg.dll
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\racpldlg.dll
2009-03-25 05:22:43 ----A---- C:\WINDOW1\system32\atrace.dll
2009-03-25 05:22:40 ----A---- C:\WINDOW1\system32\desktop.ini
2009-03-25 05:22:40 ----A---- C:\WINDOW1\desktop.ini
2009-03-25 05:22:35 ----A---- C:\WINDOW1\system32\nmevtmsg.dll
2009-03-25 05:22:35 ----A---- C:\WINDOW1\system32\mnmsrvc.exe
2009-03-25 05:22:35 ----A---- C:\WINDOW1\system32\isrdbg32.dll
2009-03-25 05:22:34 ----A---- C:\WINDOW1\system32\inetres.dll
2009-03-25 05:22:34 ----A---- C:\WINDOW1\system32\acctres.dll
2009-03-25 05:22:32 ----SD---- C:\WINDOW1\Tasks
2009-03-25 05:22:32 ----A---- C:\WINDOW1\system32\icwphbk.dll
2009-03-25 05:22:31 ----A---- C:\WINDOW1\system32\isign32.dll
2009-03-25 05:22:31 ----A---- C:\WINDOW1\system32\inetcfg.dll
2009-03-25 05:22:31 ----A---- C:\WINDOW1\system32\icwdial.dll
2009-03-25 05:22:31 ----A---- C:\WINDOW1\system32\icfgnt5.dll
2009-03-25 05:22:27 ----D---- C:\WINDOW1\srchasst
2009-03-25 05:22:26 ----D---- C:\WINDOW1\system32\Macromed
2009-03-25 05:22:25 ----A---- C:\WINDOW1\system32\qmgr.dll
2009-03-25 05:22:22 ----D---- C:\WINDOW1\system32\Restore
2009-03-25 05:22:22 ----D---- C:\WINDOW1\PCHealth
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\srsvc.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\srrstr.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\srclient.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\nmmkcert.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\msconf.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\mnmdd.dll
2009-03-25 05:22:21 ----A---- C:\WINDOW1\system32\ils.dll
2009-03-25 05:22:19 ----A---- C:\WINDOW1\system32\msoert2.dll
2009-03-25 05:22:19 ----A---- C:\WINDOW1\system32\msoeacct.dll
2009-03-25 05:22:18 ----A---- C:\WINDOW1\system32\inetcomm.dll
2009-03-25 05:22:17 ----A---- C:\WINDOW1\system32\schedsvc.dll
2009-03-25 05:22:17 ----A---- C:\WINDOW1\system32\mstinit.exe
2009-03-25 05:22:17 ----A---- C:\WINDOW1\system32\mstask.dll
2009-03-25 05:22:02 ----A---- C:\WINDOW1\vbaddin.ini
2009-03-25 05:22:02 ----A---- C:\WINDOW1\vb.ini
2009-03-25 05:21:59 ----D---- C:\WINDOW1\Registration
2009-03-25 05:21:35 ----A---- C:\WINDOW1\system32\write.exe
2009-03-25 05:21:31 ----A---- C:\WINDOW1\system32\accwiz.exe
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\sndvol32.exe
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\sndrec32.exe
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\hypertrm.dll
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\hticons.dll
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\avwav.dll
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\avtapi.dll
2009-03-25 05:21:30 ----A---- C:\WINDOW1\system32\avmeter.dll
2009-03-25 05:21:29 ----A---- C:\WINDOW1\system32\winchat.exe
2009-03-25 05:21:25 ----A---- C:\WINDOW1\system32\getuname.dll
2009-03-25 05:21:25 ----A---- C:\WINDOW1\system32\charmap.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\winmine.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\sol.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\mshearts.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\freecell.exe
2009-03-25 05:21:24 ----A---- C:\WINDOW1\system32\calc.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\usrlogon.cmd
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tsshutdn.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tslabels.ini
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tskill.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tsdiscon.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\tscon.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\shadow.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\rwinsta.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\reset.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\regini.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\rdshost.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\rdpcfgex.dll
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\qwinsta.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\qprocess.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\qappsrv.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\msg.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\logoff.exe
2009-03-25 05:21:23 ----A---- C:\WINDOW1\system32\cdmodem.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\xolehlp.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\mtxoci.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtcuiu.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtctm.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtcprf.ini
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtclog.dll
2009-03-25 05:21:22 ----A---- C:\WINDOW1\system32\msdtc.exe
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\mtxlegih.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\mtxex.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\mtxdm.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\dcomcnfg.exe
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\comrepl.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\comaddin.dll
2009-03-25 05:21:21 ----A---- C:\WINDOW1\system32\colbact.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\stclient.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\comuid.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\comsnap.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\clbcatq.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\clbcatex.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\catsrvps.dll
2009-03-25 05:21:20 ----A---- C:\WINDOW1\system32\catsrv.dll
2009-03-25 05:21:15 ----A---- C:\WINDOW1\system32\wmimgmt.msc
2009-03-25 05:21:15 ----A---- C:\WINDOW1\system32\servdeps.dll
2009-03-25 05:21:15 ----A---- C:\WINDOW1\system32\mmfutil.dll
2009-03-25 05:21:14 ----A---- C:\WINDOW1\system32\cmprops.dll
2009-03-25 05:21:10 ----A---- C:\WINDOW1\system32\mspaint.exe
2009-03-25 05:21:10 ----A---- C:\WINDOW1\system32\mplay32.exe
2009-03-25 05:21:10 ----A---- C:\WINDOW1\system32\clipbrd.exe
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\wuauserv.dll
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\wuaueng.dll
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\wuauclt.exe
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\tscfgwmi.dll
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\spider.exe
2009-03-25 05:21:09 ----A---- C:\WINDOW1\system32\mstscax.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\tscupgrd.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\termsrv.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\sessmgr.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\remotepg.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdsaddin.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdpwsx.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdpsnd.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdpclip.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\rdchost.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\mstsc.exe
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\icaapi.dll
2009-03-25 05:21:08 ----A---- C:\WINDOW1\system32\cfgbkend.dll
2009-03-25 05:21:07 ----D---- C:\WINDOW1\system32\MsDtc
2009-03-25 05:21:07 ----D---- C:\WINDOW1\system32\Com
2009-03-25 05:21:07 ----A---- C:\WINDOW1\system32\msdtcprx.dll
2009-03-25 05:21:07 ----A---- C:\WINDOW1\system32\comsvcs.dll
2009-03-25 05:21:07 ----A---- C:\WINDOW1\system32\catsrvut.dll
2009-03-25 05:21:04 ----A---- C:\WINDOW1\system32\licwmi.dll
2009-03-24 21:20:48 ----A---- C:\WINDOW1\system32\h323log.txt
2009-03-24 21:16:42 ----A---- C:\WINDOW1\imsins.BAK
2009-03-24 21:16:39 ----A---- C:\WINDOW1\system32\PerfStringBackup.INI
2009-03-24 21:16:38 ----A---- C:\WINDOW1\ODBCINST.INI
2009-03-24 21:16:33 ----RA---- C:\WINDOW1\system32\kbdtuq.dll
2009-03-24 21:16:33 ----RA---- C:\WINDOW1\system32\kbdtuf.dll
2009-03-24 21:16:33 ----RA---- C:\WINDOW1\system32\kbdazel.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdycc.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbduzb.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdur.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdtat.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdru1.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdru.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdmon.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdkyr.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdkaz.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdbu.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdblr.dll
2009-03-24 21:16:32 ----RA---- C:\WINDOW1\system32\kbdaze.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhept.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhela3.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhela2.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhe319.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhe220.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdhe.dll
2009-03-24 21:16:30 ----RA---- C:\WINDOW1\system32\kbdgkl.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdlv1.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdlv.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdlt1.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdlt.dll
2009-03-24 21:16:29 ----RA---- C:\WINDOW1\system32\kbdest.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdycl.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdsl1.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdsl.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdro.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdpl1.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdpl.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdhu1.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdhu.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdcz2.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdcz1.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdcz.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\kbdcr.dll
2009-03-24 21:16:28 ----RA---- C:\WINDOW1\system32\KBDAL.DLL
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\spxcoins.dll
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\irclass.dll
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\EqnClass.Dll
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\dgsetup.dll
2009-03-24 21:16:25 ----A---- C:\WINDOW1\system32\dgrpsetu.dll
2009-03-24 21:16:23 ----N---- C:\WINDOW1\system32\CONFIG.TMP
2009-03-24 21:16:23 ----A---- C:\WINDOW1\TASKMAN.EXE
2009-03-24 21:16:23 ----A---- C:\WINDOW1\system32\batt.dll
2009-03-24 21:16:23 ----A---- C:\WINDOW1\notepad.exe
2009-03-24 21:16:22 ----A---- C:\WINDOW1\system32\storprop.dll
2009-03-24 21:16:18 ----ASH---- C:\Documents and Settings\All Users.WINDOW1\Application Data\desktop.ini
2009-03-24 21:16:17 ----RA---- C:\WINDOW1\SET14.tmp
2009-03-24 21:16:15 ----RA---- C:\WINDOW1\SETA.tmp
2009-03-24 21:16:12 ----RA---- C:\WINDOW1\SET3.tmp
2009-03-24 21:16:08 ----D---- C:\WINDOW1\system32\CatRoot2
2009-03-24 21:16:08 ----D---- C:\WINDOW1\system32\CatRoot
2009-03-24 21:16:02 ----SD---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Microsoft
2009-03-24 21:15:51 ----A---- C:\WINDOW1\setuplog.txt
2009-03-24 21:11:41 ----RSHDC---- C:\WINDOW1\system32\dllcache
2009-03-24 21:11:41 ----RSD---- C:\WINDOW1\Fonts
2009-03-24 21:11:41 ----RD---- C:\WINDOW1\Web
2009-03-24 21:11:41 ----HD---- C:\WINDOW1\inf
2009-03-24 21:11:41 ----D---- C:\WINDOW1\WinSxS
2009-03-24 21:11:41 ----D---- C:\WINDOW1\twain_32
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\wins
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\wbem
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\usmt
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\spool
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\ShellExt
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\Setup
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\ras
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\oobe
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\npp
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\mui
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\inetsrv
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\IME
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\icsxml
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\ias
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\export
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\drivers
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\dhcp
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\config
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\3com_dmi
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\3076
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\2052
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1054
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1042
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1041
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1037
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1033
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1031
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1028
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32\1025
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system32
2009-03-24 21:11:41 ----D---- C:\WINDOW1\system
2009-03-24 21:11:41 ----D---- C:\WINDOW1\security
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Resources
2009-03-24 21:11:41 ----D---- C:\WINDOW1\repair
2009-03-24 21:11:41 ----D---- C:\WINDOW1\mui
2009-03-24 21:11:41 ----D---- C:\WINDOW1\msapps
2009-03-24 21:11:41 ----D---- C:\WINDOW1\msagent
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Media
2009-03-24 21:11:41 ----D---- C:\WINDOW1\java
2009-03-24 21:11:41 ----D---- C:\WINDOW1\ime
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Help
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Driver Cache
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Debug
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Cursors
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Connection Wizard
2009-03-24 21:11:41 ----D---- C:\WINDOW1\Config
2009-03-24 21:11:41 ----D---- C:\WINDOW1\AppPatch
2009-03-24 21:11:41 ----D---- C:\WINDOW1\addins
2009-03-24 21:11:41 ----D---- C:\WINDOW1

======List of files/folders modified in the last 1 months======

2009-04-23 22:22:22 ----RD---- C:\Program Files
2009-04-22 03:50:46 ----D---- C:\Program Files\Mozilla Firefox
2009-04-17 02:42:48 ----D---- C:\Program Files\Internet Explorer
2009-04-17 02:40:55 ----SHD---- C:\Config.Msi
2009-04-09 09:46:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-08 16:02:22 ----D---- C:\Program Files\iPod
2009-03-31 17:05:42 ----D---- C:\Program Files\MSBuild
2009-03-31 15:25:14 ----D---- C:\Qoobox
2009-03-31 15:22:25 ----A---- C:\WINDOW1\system.ini
2009-03-31 15:21:10 ----D---- C:\Program Files\Common Files
2009-03-31 15:19:37 ----D---- C:\Temp
2009-03-31 10:28:35 ----D---- C:\WINDOWS
2009-03-31 08:11:07 ----A---- C:\WINDOW1\powerid3editor.ini
2009-03-31 00:07:19 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-30 19:46:37 ----D---- C:\Program Files\Messenger
2009-03-30 14:02:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-30 11:24:13 ----D---- C:\Program Files\Windows Media Player
2009-03-30 11:23:16 ----D---- C:\Program Files\Movie Maker
2009-03-30 11:18:22 ----D---- C:\Program Files\NetMeeting
2009-03-30 11:18:16 ----D---- C:\Program Files\Windows NT
2009-03-30 11:18:16 ----D---- C:\Program Files\Outlook Express
2009-03-30 11:18:11 ----D---- C:\Program Files\Common Files\System
2009-03-26 13:44:39 ----D---- C:\Program Files\Common Files\Adobe
2009-03-26 05:23:54 ----A---- C:\WINDOW1\win.ini
2009-03-25 20:28:23 ----D---- C:\Program Files\QuickTime
2009-03-25 20:09:37 ----D---- C:\Program Files\Common Files\DESIGNER
2009-03-25 17:11:35 ----RASH---- C:\boot.ini
2009-03-25 17:08:14 ----D---- C:\Documents and Settings
2009-03-25 16:56:52 ----RASH---- C:\NTDETECT.COM
2009-03-25 15:27:15 ----D---- C:\Program Files\PowerISO
2009-03-25 15:02:31 ----HD---- C:\Program Files\WindowsUpdate
2009-03-25 05:29:00 ----SHD---- C:\System Volume Information
2009-03-25 05:21:38 ----D---- C:\Program Files\MSN

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOW1\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOW1\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOW1\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOW1\System32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOW1\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOW1\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOW1\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOW1\System32\DRIVERS\ialmnt5.sys [2006-03-24 1166972]
R3 IntelC51;IntelC51; C:\WINDOW1\System32\DRIVERS\IntelC51.sys [2005-05-06 1339776]
R3 IntelC52;IntelC52; C:\WINDOW1\System32\DRIVERS\IntelC52.sys [2006-03-02 618880]
R3 IntelC53;IntelC53; C:\WINDOW1\System32\DRIVERS\IntelC53.sys [2005-05-06 47360]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOW1\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOW1\System32\DRIVERS\mohfilt.sys [2005-05-06 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOW1\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOW1\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOW1\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOW1\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOW1\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\JOEKLE~1.MOR\LOCALS~1\Temp\catchme.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOW1\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOW1\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOW1\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOW1\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOW1\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 WSearch;Windows Search; C:\WINDOW1\system32\SearchIndexer.exe [2008-05-26 439808]
R3 idsvc;Windows CardSpace; c:\WINDOW1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOW1\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOW1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOW1\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOW1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Thanks again for your help. Are you slated for surgery soon?
Joe

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOW1\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

#11 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:32 PM

Posted 24 April 2009 - 05:36 PM

There is still one entry. O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe" which is on your desktop.

Please delete and post a new HijackThis log.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#12 armennen

armennen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 25 April 2009 - 12:22 PM

Sorry, I deleted that right after I ran the check. Anyways, here's the new log. Thanks.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Joe Klein at 2009-04-25 13:22:07
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (7%) free of 148 GB
Total RAM: 502 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:11 PM, on 4/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOW1\System32\smss.exe
C:\WINDOW1\system32\winlogon.exe
C:\WINDOW1\system32\services.exe
C:\WINDOW1\system32\lsass.exe
C:\WINDOW1\system32\svchost.exe
C:\WINDOW1\System32\svchost.exe
C:\WINDOW1\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOW1\System32\svchost.exe
C:\WINDOW1\system32\SearchIndexer.exe
C:\WINDOW1\Explorer.EXE
C:\WINDOW1\System32\hkcmd.exe
C:\WINDOW1\System32\igfxpers.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOW1\stsystra.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOW1\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOW1\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
c:\WINDOW1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOW1\system32\SearchProtocolHost.exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\RSIT.exe
C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\FIX\Joe Klein.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOW1\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOW1\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOW1\System32\igfxpers.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOW1\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOW1\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238007617937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1238009414062
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5300 bytes

======Scheduled tasks folder======

C:\WINDOW1\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOW1\System32\igfxtray.exe [2006-03-24 94208]
"igfxhkcmd"=C:\WINDOW1\System32\hkcmd.exe [2006-03-24 77824]
"igfxpers"=C:\WINDOW1\System32\igfxpers.exe [2006-03-24 118784]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"SigmatelSysTrayApp"=C:\WINDOW1\stsystra.exe [2005-03-22 339968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe []
"ctfmon.exe"=C:\WINDOW1\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]

C:\Documents and Settings\All Users.WINDOW1\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-01-09 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOW1\system32\igfxdev.dll [2006-03-24 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe"="C:\Documents and Settings\Joe Klein.MORTALREMINDER\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-04-17 02:43:03 ----HDC---- C:\WINDOW1\$NtUninstallKB959426$
2009-04-17 02:42:57 ----HDC---- C:\WINDOW1\$NtUninstallKB961373$
2009-04-17 02:41:24 ----HDC---- C:\WINDOW1\$NtUninstallKB956572$
2009-04-17 02:41:05 ----HDC---- C:\WINDOW1\$NtUninstallKB952004$
2009-04-17 02:39:58 ----HDC---- C:\WINDOW1\$NtUninstallKB960803$
2009-04-17 02:39:49 ----HDC---- C:\WINDOW1\$NtUninstallKB923561$
2009-04-17 00:02:09 ----N---- C:\WINDOW1\system32\xpsp4res.dll
2009-04-13 22:27:26 ----D---- C:\rsit
2009-04-11 17:38:33 ----A---- C:\WINDOW1\system32\ptpusb.dll
2009-04-11 17:38:23 ----A---- C:\WINDOW1\system32\ptpusd.dll
2009-04-09 19:47:08 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\vsosdk
2009-04-09 09:49:15 ----A---- C:\WINDOW1\BRWMARK.INI
2009-04-09 09:46:51 ----A---- C:\WINDOW1\BRVIDEO.INI
2009-04-09 09:46:51 ----A---- C:\WINDOW1\brmx2001.ini
2009-04-09 09:46:51 ----A---- C:\WINDOW1\BRDIAG.INI
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRVPDNTA.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRVPD95A.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRGSRC32.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\BRGSRC16.DLL
2009-04-09 09:46:51 -------- C:\WINDOW1\system32\Brdiag2.exe
2009-04-09 09:46:50 ----N---- C:\WINDOW1\system32\BRRBTOOL.EXE
2009-04-09 09:46:50 ----D---- C:\Program Files\Brownie
2009-04-09 09:46:50 ----A---- C:\WINDOW1\HL-2040.INI
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\BROSNMP.DLL
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\brlmw03a.ini
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\brlmw03a.dll
2009-04-09 09:46:50 -------- C:\WINDOW1\system32\brlm03a.dll
2009-04-09 09:46:06 ----D---- C:\Program Files\Brother
2009-04-09 09:46:06 -------- C:\WINDOW1\system32\Pdrvinst.dll
2009-04-09 09:45:55 ----A---- C:\WINDOW1\Brownie.ini
2009-04-08 16:02:05 ----D---- C:\Program Files\iTunes
2009-04-08 16:02:05 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 08:35:08 ----A---- C:\WINDOW1\system32\lfgif13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltkrn13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltimg13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltfil13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltefx13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\ltdis13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\lfcmp13n.dll
2009-04-07 08:35:07 ----A---- C:\WINDOW1\system32\lfbmp13n.dll
2009-03-31 17:34:45 ----HDC---- C:\WINDOW1\$NtUninstallKB961118$
2009-03-31 17:05:48 ----D---- C:\WINDOW1\system32\XPSViewer
2009-03-31 17:05:32 ----D---- C:\Program Files\Reference Assemblies
2009-03-31 17:04:48 ----N---- C:\WINDOW1\system32\prntvpt.dll
2009-03-31 17:04:47 ----N---- C:\WINDOW1\system32\xpssvcs.dll
2009-03-31 17:04:47 ----N---- C:\WINDOW1\system32\xpsshhdr.dll
2009-03-31 17:04:47 ----D---- C:\7f1c3085bd5d3f754b65d96f36e5b9f8
2009-03-31 16:56:32 ----D---- C:\WINDOW1\system32\GroupPolicy
2009-03-31 16:56:20 ----HDC---- C:\WINDOW1\$NtUninstallKB940157$
2009-03-31 16:56:11 ----HDC---- C:\WINDOW1\$NtUninstallKB915800-v4$
2009-03-31 16:53:38 ----RSD---- C:\WINDOW1\assembly
2009-03-31 16:53:38 ----D---- C:\WINDOW1\Microsoft.NET
2009-03-31 16:53:36 ----D---- C:\WINDOW1\system32\URTTemp
2009-03-31 15:26:52 ----SHD---- C:\RECYCLER
2009-03-31 15:25:12 ----D---- C:\WINDOW1\temp
2009-03-31 15:25:11 ----A---- C:\ComboFix.txt
2009-03-31 15:18:27 ----A---- C:\WINDOW1\zip.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\VFIND.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\SWXCACLS.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\SWSC.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\SWREG.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\sed.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\NIRCMD.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\grep.exe
2009-03-31 15:18:27 ----A---- C:\WINDOW1\fdsv.exe
2009-03-31 10:02:07 ----A---- C:\WINDOW1\system32\tmp.txt
2009-03-31 10:02:03 ----A---- C:\rapport.txt
2009-03-31 08:05:06 ----D---- C:\Program Files\Sagasoft
2009-03-31 00:50:56 ----HDC---- C:\WINDOW1\$NtUninstallKB951978$
2009-03-31 00:50:48 ----HDC---- C:\WINDOW1\$NtUninstallKB954459$
2009-03-31 00:07:27 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\SUPERAntiSpyware.com
2009-03-30 19:46:35 ----HDC---- C:\WINDOW1\$NtUninstallKB946648$
2009-03-30 17:27:45 ----D---- C:\WINDOW1\Prefetch
2009-03-30 14:01:39 ----D---- C:\WINDOW1\ERDNT
2009-03-30 14:01:17 ----D---- C:\Program Files\CCleaner
2009-03-30 14:01:00 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Malwarebytes
2009-03-30 14:00:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-30 14:00:54 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Malwarebytes
2009-03-30 11:33:05 ----HDC---- C:\WINDOW1\$NtUninstallKB967715$
2009-03-30 11:32:55 ----HDC---- C:\WINDOW1\$NtUninstallKB960225$
2009-03-30 11:32:48 ----HDC---- C:\WINDOW1\$NtUninstallKB958690$
2009-03-30 11:32:40 ----HDC---- C:\WINDOW1\$NtUninstallKB958687$
2009-03-30 11:32:34 ----HDC---- C:\WINDOW1\$NtUninstallKB958644$
2009-03-30 11:32:26 ----HDC---- C:\WINDOW1\$NtUninstallKB957097$
2009-03-30 11:32:17 ----HDC---- C:\WINDOW1\$NtUninstallKB956841$
2009-03-30 11:32:10 ----HDC---- C:\WINDOW1\$NtUninstallKB956803$
2009-03-30 11:32:01 ----HDC---- C:\WINDOW1\$NtUninstallKB956802$
2009-03-30 11:31:53 ----HDC---- C:\WINDOW1\$NtUninstallKB955069$
2009-03-30 11:31:46 ----HDC---- C:\WINDOW1\$NtUninstallKB954600$
2009-03-30 11:31:40 ----HDC---- C:\WINDOW1\$NtUninstallKB952954$
2009-03-30 11:31:25 ----HDC---- C:\WINDOW1\$NtUninstallKB952287$
2009-03-30 11:31:17 ----HDC---- C:\WINDOW1\$NtUninstallKB951748$
2009-03-30 11:31:10 ----HDC---- C:\WINDOW1\$NtUninstallKB951698$
2009-03-30 11:31:04 ----HDC---- C:\WINDOW1\$NtUninstallKB951376-v2$
2009-03-30 11:30:55 ----HDC---- C:\WINDOW1\$NtUninstallKB951066$
2009-03-30 11:30:48 ----HDC---- C:\WINDOW1\$NtUninstallKB950974$
2009-03-30 11:30:42 ----HDC---- C:\WINDOW1\$NtUninstallKB950762$
2009-03-30 11:30:32 ----HDC---- C:\WINDOW1\$NtUninstallKB938464-v2$
2009-03-30 11:23:18 ----D---- C:\WINDOW1\system32\scripting
2009-03-30 11:23:17 ----D---- C:\WINDOW1\l2schemas
2009-03-30 11:23:16 ----D---- C:\WINDOW1\system32\en
2009-03-26 13:45:19 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-26 13:44:13 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Adobe
2009-03-26 13:43:08 ----D---- C:\Program Files\Adobe
2009-03-26 13:39:56 ----D---- C:\Program Files\NOS
2009-03-26 13:39:56 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\NOS
2009-03-26 10:00:50 ----D---- C:\WINDOW1\ie7updates
2009-03-26 10:00:04 ----D---- C:\WINDOW1\WBEM
2009-03-26 10:00:03 ----D---- C:\WINDOW1\system32\en-US
2009-03-26 09:58:45 ----HDC---- C:\WINDOW1\ie7
2009-03-26 09:58:31 ----HDC---- C:\WINDOW1\$NtServicePackUninstallIDNMitigationAPIs$
2009-03-26 09:58:13 ----HDC---- C:\WINDOW1\$NtServicePackUninstallNLSDownlevelMapping$
2009-03-26 09:57:48 ----HDC---- C:\WINDOW1\$NtUninstallKB915865$
2009-03-26 09:57:43 ----N---- C:\WINDOW1\system32\xmllite.dll
2009-03-26 09:56:28 ----D---- C:\WINDOW1\network diagnostic
2009-03-26 09:56:26 ----HDC---- C:\WINDOW1\$NtUninstallKB914440$
2009-03-26 09:56:17 ----HDC---- C:\WINDOW1\$NtUninstallKB904942$
2009-03-26 05:30:35 ----HDC---- C:\WINDOW1\$NtUninstallKB951376-v2_0$
2009-03-26 05:30:29 ----HDC---- C:\WINDOW1\$NtUninstallKB952954_0$
2009-03-26 05:30:04 ----HDC---- C:\WINDOW1\$NtUninstallKB956803_0$
2009-03-26 05:29:33 ----HDC---- C:\WINDOW1\$NtUninstallKB955839$
2009-03-26 05:29:17 ----HDC---- C:\WINDOW1\$NtUninstallKB958215$
2009-03-26 05:28:19 ----HDC---- C:\WINDOW1\$NtUninstallKB950974_0$
2009-03-26 05:28:13 ----HDC---- C:\WINDOW1\$NtUninstallKB951698_0$
2009-03-26 05:28:05 ----HDC---- C:\WINDOW1\$NtUninstallKB960225_0$
2009-03-26 05:27:56 ----HDC---- C:\WINDOW1\$NtUninstallKB956841_0$
2009-03-26 05:27:48 ----HDC---- C:\WINDOW1\$NtUninstallKB960714$
2009-03-26 05:26:44 ----HDC---- C:\WINDOW1\$NtUninstallKB938464-v2_0$
2009-03-26 05:26:39 ----HDC---- C:\WINDOW1\$NtUninstallKB952069_WM9$
2009-03-26 05:25:42 ----HDC---- C:\WINDOW1\$NtUninstallKB950762_0$
2009-03-26 05:25:37 ----HDC---- C:\WINDOW1\$NtUninstallKB957097_0$
2009-03-26 05:25:32 ----HDC---- C:\WINDOW1\$NtUninstallKB960715$
2009-03-26 05:25:27 ----HDC---- C:\WINDOW1\$NtUninstallKB958687_0$
2009-03-26 05:25:22 ----HDC---- C:\WINDOW1\$NtUninstallKB952287_0$
2009-03-26 05:25:12 ----HDC---- C:\WINDOW1\$NtUninstallKB967715_0$
2009-03-26 05:25:06 ----HDC---- C:\WINDOW1\$NtUninstallKB950760$
2009-03-26 05:25:01 ----HDC---- C:\WINDOW1\$NtUninstallKB951066_0$
2009-03-26 05:24:52 ----HDC---- C:\WINDOW1\$NtUninstallKB958690_0$
2009-03-26 05:18:13 ----HDC---- C:\WINDOW1\$NtUninstallKB951748_0$
2009-03-26 05:18:07 ----HDC---- C:\WINDOW1\$NtUninstallKB954600_0$
2009-03-26 05:18:02 ----HDC---- C:\WINDOW1\$NtUninstallKB958644_0$
2009-03-26 05:17:56 ----HDC---- C:\WINDOW1\$NtUninstallKB955069_0$
2009-03-26 05:17:37 ----HDC---- C:\WINDOW1\$NtUninstallKB956802_0$
2009-03-26 05:17:31 ----N---- C:\WINDOW1\system32\spmsg.dll
2009-03-26 05:17:29 ----HDC---- C:\WINDOW1\$NtUninstallKB944338-v2$

======List of files/folders modified in the last 1 months======

2009-04-24 13:51:50 ----A---- C:\WINDOW1\SchedLgU.Txt
2009-04-23 22:45:02 ----D---- C:\Program Files\Mozilla Firefox
2009-04-23 22:22:22 ----RD---- C:\Program Files
2009-04-23 22:22:21 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\uTorrent
2009-04-23 18:54:53 ----D---- C:\WINDOW1\system32\CatRoot2
2009-04-19 01:24:24 ----SD---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Microsoft
2009-04-17 14:28:19 ----HD---- C:\WINDOW1\inf
2009-04-17 12:41:07 ----D---- C:\WINDOW1\system32
2009-04-17 12:41:07 ----A---- C:\WINDOW1\system32\PerfStringBackup.INI
2009-04-17 12:39:06 ----D---- C:\WINDOW1
2009-04-17 12:36:44 ----D---- C:\WINDOW1\system32\wbem
2009-04-17 12:36:43 ----D---- C:\WINDOW1\AppPatch
2009-04-17 02:43:04 ----RSHDC---- C:\WINDOW1\system32\dllcache
2009-04-17 02:43:00 ----A---- C:\WINDOW1\imsins.BAK
2009-04-17 02:42:48 ----D---- C:\Program Files\Internet Explorer
2009-04-17 02:41:14 ----HD---- C:\WINDOW1\$hf_mig$
2009-04-17 02:40:55 ----SHD---- C:\WINDOW1\Installer
2009-04-17 02:40:55 ----SHD---- C:\Config.Msi
2009-04-17 02:40:54 ----D---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Microsoft Help
2009-04-16 22:51:58 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Vso
2009-04-15 21:41:12 ----D---- C:\WINDOW1\system32\drivers
2009-04-09 09:46:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-08 16:02:45 ----DC---- C:\WINDOW1\system32\DRVSTORE
2009-04-08 16:02:22 ----D---- C:\Program Files\iPod
2009-04-07 08:35:05 ----SD---- C:\WINDOW1\Downloaded Program Files
2009-04-06 10:57:24 ----A---- C:\WINDOW1\system32\MRT.exe
2009-03-31 17:35:38 ----D---- C:\WINDOW1\system32\CatRoot
2009-03-31 17:33:24 ----D---- C:\WINDOW1\Registration
2009-03-31 17:11:57 ----D---- C:\WINDOW1\WinSxS
2009-03-31 17:05:42 ----D---- C:\Program Files\MSBuild
2009-03-31 17:05:38 ----RSD---- C:\WINDOW1\Fonts
2009-03-31 17:05:08 ----D---- C:\WINDOW1\system32\spool
2009-03-31 16:56:41 ----SD---- C:\Documents and Settings\All Users.WINDOW1\Application Data\Microsoft
2009-03-31 16:56:39 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Windows Desktop Search
2009-03-31 16:55:32 ----D---- C:\WINDOW1\system32\ReinstallBackups
2009-03-31 16:53:48 ----D---- C:\WINDOW1\system32\mui
2009-03-31 15:25:14 ----D---- C:\Qoobox
2009-03-31 15:22:25 ----A---- C:\WINDOW1\system.ini
2009-03-31 15:21:10 ----D---- C:\Program Files\Common Files
2009-03-31 15:19:37 ----D---- C:\Temp
2009-03-31 10:28:35 ----D---- C:\WINDOWS
2009-03-31 08:11:07 ----A---- C:\WINDOW1\powerid3editor.ini
2009-03-31 00:07:19 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-30 19:46:37 ----D---- C:\Program Files\Messenger
2009-03-30 17:28:40 ----A---- C:\WINDOW1\OEWABLog.txt
2009-03-30 17:27:51 ----A---- C:\WINDOW1\setuplog.txt
2009-03-30 17:27:22 ----D---- C:\WINDOW1\system32\Setup
2009-03-30 17:26:10 ----D---- C:\WINDOW1\security
2009-03-30 14:02:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-30 11:24:15 ----D---- C:\WINDOW1\ServicePackFiles
2009-03-30 11:24:13 ----D---- C:\Program Files\Windows Media Player
2009-03-30 11:24:10 ----D---- C:\WINDOW1\Help
2009-03-30 11:23:53 ----D---- C:\WINDOW1\ime
2009-03-30 11:23:21 ----D---- C:\WINDOW1\system32\usmt
2009-03-30 11:23:16 ----D---- C:\WINDOW1\system32\bits
2009-03-30 11:23:16 ----D---- C:\WINDOW1\peernet
2009-03-30 11:23:16 ----D---- C:\Program Files\Movie Maker
2009-03-30 11:18:28 ----D---- C:\WINDOW1\system32\Restore
2009-03-30 11:18:27 ----D---- C:\WINDOW1\system32\npp
2009-03-30 11:18:25 ----D---- C:\WINDOW1\msagent
2009-03-30 11:18:22 ----D---- C:\WINDOW1\srchasst
2009-03-30 11:18:22 ----D---- C:\Program Files\NetMeeting
2009-03-30 11:18:20 ----D---- C:\WINDOW1\system32\Com
2009-03-30 11:18:16 ----D---- C:\Program Files\Windows NT
2009-03-30 11:18:16 ----D---- C:\Program Files\Outlook Express
2009-03-30 11:18:11 ----D---- C:\Program Files\Common Files\System
2009-03-30 11:17:40 ----D---- C:\WINDOW1\system32\oobe
2009-03-30 11:17:37 ----D---- C:\WINDOW1\system
2009-03-30 11:13:07 ----HDC---- C:\WINDOW1\$NtServicePackUninstall$
2009-03-30 11:07:21 ----D---- C:\WINDOW1\EHome
2009-03-26 16:31:18 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Apple Computer
2009-03-26 13:45:41 ----D---- C:\Documents and Settings\Joe Klein.MORTALREMINDER\Application Data\Adobe
2009-03-26 13:44:39 ----D---- C:\Program Files\Common Files\Adobe
2009-03-26 10:00:10 ----D---- C:\WINDOW1\system32\config
2009-03-26 09:59:58 ----D---- C:\WINDOW1\Media
2009-03-26 05:23:54 ----A---- C:\WINDOW1\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOW1\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOW1\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOW1\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOW1\System32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOW1\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOW1\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOW1\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOW1\System32\DRIVERS\ialmnt5.sys [2006-03-24 1166972]
R3 IntelC51;IntelC51; C:\WINDOW1\System32\DRIVERS\IntelC51.sys [2005-05-06 1339776]
R3 IntelC52;IntelC52; C:\WINDOW1\System32\DRIVERS\IntelC52.sys [2006-03-02 618880]
R3 IntelC53;IntelC53; C:\WINDOW1\System32\DRIVERS\IntelC53.sys [2005-05-06 47360]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOW1\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOW1\System32\DRIVERS\mohfilt.sys [2005-05-06 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOW1\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOW1\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOW1\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOW1\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOW1\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\JOEKLE~1.MOR\LOCALS~1\Temp\catchme.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOW1\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOW1\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOW1\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOW1\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOW1\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 WSearch;Windows Search; C:\WINDOW1\system32\SearchIndexer.exe [2008-05-26 439808]
R3 idsvc;Windows CardSpace; c:\WINDOW1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOW1\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOW1\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOW1\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOW1\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#13 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:32 PM

Posted 25 April 2009 - 06:38 PM

Still there. Check again and delete.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#14 armennen

armennen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 30 April 2009 - 10:42 PM

Hi Suebaby,
I'm sorry about the delay in my reply but my desktop is disassembled and I won't be able to put it back together until after this weekend (graduation stuff). Thanks for your help so far and I will run the post a new hijack log (hopefully this time without any torrent files I have missed). Hopefully this works but let me know if otherwise. Thanks!

#15 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:32 PM

Posted 01 May 2009 - 10:23 AM

I will keep your topic open.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users