lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Hijackthis Log File - Please Help!

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules

Register


 Default 

Hijackthis Log File - Please Help!




Reply
Page 2 of 2 1 2
 
Thread Tools
  #11  
Old 18th Feb 2009, 18:30
Member Group
  
Default Hijackthis Log File - Please Help!

Diagnostic Report (1.9.0006.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-T4YDB-PB6DG-JPKMJ
Windows Product Key Hash: kLpNTgYGTsUYia9HU4fgu7ASyNA=
Windows Product ID: 55274-640-1011873-23081
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.xpn
ID: {5BA4811C-5876-40D4-A70C-0A964AC3D48B}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-449-80004005_025D1FF3-229-80004005_025D1FF3-230-1_025D1FF3-528-80004005_025D1FF3-237-80004005_025D1FF3-238-2_025D1FF3-258-3
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A
Version: N/A
WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-543-80070002_025D1FF3-449-80004005_025D1FF3-229-80004005_025D1FF3-230-1_025D1FF3-528-80004005_025D1FF3-237-80004005_025D1FF3-238-2_025D1FF3-258-3
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{5BA4811C-5876-40D4-A70C-0A964AC3D48B}</UGUID><Version>1.9.0006.1</Version><OS>5.1.2600.2.00010100.3.0.xpn</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-JPKMJ</PKey><PID>55274-640-1011873-23081</PID><PIDType>1</PIDType><SID>S-1-5-21-839522115-117609710-1801674531</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0170 </Version><SMBIOSVersion major="2" minor="4"/><Date>20060627000000.000000+000</Date></BIOS><HWID>580330070184607B</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>
Licensing Data-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 130E0:ASUSTeK Computer Inc|14B56:GENUINE C&C INC|10CAF:MPC Computers
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005
OEM Activation 2.0 Data-->
N/A
  #12  
Old 18th Feb 2009, 19:32
Moderator Group
  
Default Hijackthis Log File - Please Help!

Looks like a newly installed OS. Is it running OK?
__________________
  #13  
Old 19th Feb 2009, 02:01
Member Group
  
Default Hijackthis Log File - Please Help!

Yeah it seems ok, weird as i havent done anything different this time. Thanks for your help though mate.
  #14  
Old 19th Feb 2009, 11:08
Moderator Group
  
Default Hijackthis Log File - Please Help!

Your welcome.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
  #15  
Old 20th Feb 2009, 07:10
Member Group
  
Default Hijackthis Log File - Please Help!

Grrr.... its back again...

Can you see anything in this lot?

info.txt logfile of random's system information tool 1.05 2009-02-20 13:34:24
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\ 01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Delta-->C:\Program Files\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe -runfromtemp -l0x0009 -removeonly
ESET NOD32 Antivirus-->MsiExec.exe /I{4EAE8F8E-0C2E-4814-9A04-635AFB9050AA}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe"
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microso ft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spunin st.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spunin st.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spunin st.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spunin st.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spunin st.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spunin st.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spunin st.exe"
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AV: ESET NOD32 Antivirus 3.0
System event log
Computer Name: RICK-EF41529DBB
Event Code: 15007
Message: Reservation for namespace identified by URL prefix http://*:2869/ was successfully added.
Record Number: 5
Source Name: HTTP
Time Written: 20090219000345.000000+000
Event Type: information
User:
Computer Name: RICK-EF41529DBB
Event Code: 6011
Message: The NetBIOS name and DNS host name of this machine have been changed from MACHINENAME to RICK-EF41529DBB.
Record Number: 4
Source Name: EventLog
Time Written: 20090219000042.000000+000
Event Type: information
User:
Computer Name: MACHINENAME
Event Code: 2
Message: While validating that \Device\Serial0 was really a serial port, a fifo was detected. The fifo will be used.
Record Number: 3
Source Name: Serial
Time Written: 20090218235418.000000+000
Event Type: information
User:
Computer Name: MACHINENAME
Event Code: 6005
Message: The Event log service was started.
Record Number: 2
Source Name: EventLog
Time Written: 20090218235403.000000+000
Event Type: information
User:
Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Multiprocessor Free.
Record Number: 1
Source Name: EventLog
Time Written: 20090218235403.000000+000
Event Type: information
User:
Application event log
Computer Name: RICK-EF41529DBB
Event Code: 1000
Message: Performance counters for the MSDTC (MSDTC) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 5
Source Name: LoadPerf
Time Written: 20090219000211.000000+000
Event Type: information
User:
Computer Name: RICK-EF41529DBB
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 4
Source Name: LoadPerf
Time Written: 20090219000209.000000+000
Event Type: information
User:
Computer Name: RICK-EF41529DBB
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 3
Source Name: LoadPerf
Time Written: 20090219000104.000000+000
Event Type: information
User:
Computer Name: RICK-EF41529DBB
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 2
Source Name: LoadPerf
Time Written: 20090219000049.000000+000
Event Type: information
User:
Computer Name: RICK-EF41529DBB
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.
Record Number: 1
Source Name: LoadPerf
Time Written: 20090219000048.000000+000
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0f05
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
  #16  
Old 20th Feb 2009, 07:10
Member Group
  
Default Hijackthis Log File - Please Help!

Logfile of random's system information tool 1.05 (written by random/random)
Run by Rick at 2009-02-20 13:33:52
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (83%) free of 40 GB
Total RAM: 2047 MB (74% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:53, on 20/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inf\rundll33.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DeltaIITray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\msrstart.exe
C:\WINDOWS\system32\grcrt.exe
C:\Documents and Settings\Rick\reader_s.exe
C:\WINDOWS\system32\afisicx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mabidwe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\noytcyr.exe
C:\WINDOWS\system32\roytctm.exe
C:\WINDOWS\system32\soxpeca.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tdydowkc.exe
C:\WINDOWS\system32\wsldoekd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\TEMP\VRT2D.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\CcEvtSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\4E.tmp
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\Rick\Desktop\RAPGET\rapget.exe
C:\Program Files\trend micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\inf\rundll33.exe
C:\WINDOWS\system32\udxfytw.sys
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Z_fox\RSIT.exe
C:\Program Files\trend micro\HijackThis\Rick.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\msrstart.exe
O4 - HKLM\..\Run: [DeskTopSrv] C:\WINDOWS\system32\grcrt.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Rick\reader_s.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: afisicx Service (afisicx) - Unknown owner - C:\WINDOWS\system32\afisicx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mabidwe Service (mabidwe) - Unknown owner - C:\WINDOWS\system32\mabidwe.exe
O23 - Service: noytcyr Service (noytcyr) - Unknown owner - C:\WINDOWS\system32\noytcyr.exe
O23 - Service: roytctm Service (roytctm) - Unknown owner - C:\WINDOWS\system32\roytctm.exe
O23 - Service: soxpeca Service (soxpeca) - Unknown owner - C:\WINDOWS\system32\soxpeca.exe
O23 - Service: tdydowkc Service (tdydowkc) - Unknown owner - C:\WINDOWS\system32\tdydowkc.exe
O23 - Service: wsldoekd Service (wsldoekd) - Unknown owner - C:\WINDOWS\system32\wsldoekd.exe
--
End of file - 7650 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-02-19 1157120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-02-19 1157120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-10-24 1451264]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 434176]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]
"M-Audio Taskbar Icon"=C:\WINDOWS\System32\DeltaIITray.exe [2008-03-03 236040]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-06-23 868352]
"reader_s"=C:\WINDOWS\System32\reader_s.exe [2009-02-19 47616]
"Explorer"=C:\WINDOWS\system32\msrstart.exe [2008-04-14 258048]
"DeskTopSrv"=C:\WINDOWS\system32\grcrt.exe []
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.e xe [2008-12-01 43008]
"DeltaIITaskbarApp"=C:\WINDOWS\system32\DeltaIITra y.exe [2008-03-03 236040]
"services"=C:\WINDOWS\services.exe [2009-02-20 42497]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run]
"services"=C:\WINDOWS\services.exe [2009-02-20 42497]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 32768]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 110592]
"reader_s"=C:\Documents and Settings\Rick\reader_s.exe [2009-02-19 47104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WIN DOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======File associations======
.txt - open - "C:\WINDOWS\system32\nxtepad.exe" "%1"
======List of files/folders created in the last 1 months======
2009-02-20 13:33:52 ----D---- C:\rsit
2009-02-20 13:26:18 ----A---- C:\WINDOWS\system32\4E.tmp
2009-02-20 13:26:16 ----A---- C:\WINDOWS\system32\CcEvtSvc.exe
2009-02-20 13:26:08 ----A---- C:\WINDOWS\adobe.bat
2009-02-20 13:26:06 ----A---- C:\WINDOWS\services.exe
2009-02-20 13:26:05 ----A---- C:\WINDOWS\system32\46.tmp
2009-02-20 13:25:51 ----A---- C:\WINDOWS\system32\42.tmp
2009-02-19 11:58:11 ----A---- C:\WINDOWS\system32\444.tmp
2009-02-19 11:58:10 ----A---- C:\WINDOWS\system32\442.tmp
2009-02-19 11:58:03 ----A---- C:\WINDOWS\system32\438.tmp
2009-02-19 11:58:02 ----A---- C:\WINDOWS\system32\435.tmp
2009-02-19 11:52:07 ----A---- C:\WINDOWS\system32\228.tmp
2009-02-19 11:52:06 ----A---- C:\WINDOWS\system32\222.tmp
2009-02-19 11:51:32 ----A---- C:\WINDOWS\system32\1FE.tmp
2009-02-19 11:51:30 ----A---- C:\WINDOWS\system32\1F9.tmp
2009-02-19 11:48:26 ----A---- C:\WINDOWS\system32\deltaIICoIn.dll
2009-02-19 11:48:24 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2009-02-19 11:48:23 ----A---- C:\WINDOWS\system32\atibrtmon.exe
2009-02-19 11:48:23 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2009-02-19 11:48:23 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2009-02-19 11:48:23 ----A---- C:\WINDOWS\system32\amdcalrt.dll
2009-02-19 11:48:23 ----A---- C:\WINDOWS\system32\Amdcaldd.dll
2009-02-19 11:48:23 ----A---- C:\WINDOWS\system32\amdcalcl.dll
2009-02-19 11:44:25 ----A---- C:\WINDOWS\Ukoce.dll
2009-02-19 11:43:54 ----A---- C:\WINDOWS\system32\grcrt2.exe
2009-02-19 11:43:54 ----A---- C:\WINDOWS\system32\grcrt.dll
2009-02-19 11:43:51 ----A---- C:\WINDOWS\system32\w.exe
2009-02-19 11:43:49 ----A---- C:\WINDOWS\system32\tmpxccacj0.exe
2009-02-19 11:43:43 ----A---- C:\WINDOWS\system32\xcchit32.ini
2009-02-19 11:43:34 ----A---- C:\WINDOWS\system32\39.tmp
2009-02-19 11:43:32 ----A---- C:\WINDOWS\system32\reader_s.exe
2009-02-19 11:43:32 ----A---- C:\WINDOWS\system32\37.tmp
2009-02-19 11:43:12 ----A---- C:\WINDOWS\xccdf32_090131a.dll
2009-02-19 11:43:10 ----A---- C:\WINDOWS\system32\15.tmp
2009-02-19 11:43:08 ----D---- C:\WINDOWS\system32\inf
2009-02-19 11:43:08 ----A---- C:\WINDOWS\xccwinsys.ini
2009-02-19 11:43:07 ----A---- C:\WINDOWS\system32\9.tmp
2009-02-19 11:34:33 ----D---- C:\Program Files\Analog Devices
2009-02-19 11:34:26 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-02-19 11:33:04 ----A---- C:\WINDOWS\system32\PostProc.dll
2009-02-19 11:33:03 ----A---- C:\WINDOWS\system32\a3d.dll
2009-02-19 11:32:35 ----A---- C:\WINDOWS\system32\pcifmdio.dll
2009-02-19 11:32:35 ----A---- C:\WINDOWS\system32\DeltaIITray.exe
2009-02-19 11:32:35 ----A---- C:\WINDOWS\system32\DeltaIIpnl.dll
2009-02-19 11:32:35 ----A---- C:\WINDOWS\system32\DeltaIICpl.exe
2009-02-19 11:32:35 ----A---- C:\WINDOWS\system32\deltaIIasio.dll
2009-02-19 11:32:17 ----D---- C:\Program Files\M-Audio
2009-02-19 11:32:16 ----D---- C:\Documents and Settings\Rick\Application Data\InstallShield
2009-02-19 11:30:28 ----D---- C:\Documents and Settings\Rick\Application Data\Apple Computer
2009-02-19 11:30:23 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-02-19 11:30:11 ----D---- C:\Program Files\iPod
2009-02-19 11:30:09 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-19 11:30:08 ----D---- C:\Program Files\iTunes
2009-02-19 11:29:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-19 11:29:48 ----D---- C:\Program Files\Common Files\Apple
2009-02-19 11:29:07 ----D---- C:\Program Files\Bonjour
2009-02-19 11:28:42 ----D---- C:\Program Files\QuickTime
2009-02-19 11:28:42 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-02-19 11:28:35 ----D---- C:\Program Files\Apple Software Update
2009-02-19 11:28:35 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-02-19 11:07:02 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-02-19 11:07:02 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-02-19 10:05:27 ----A---- C:\WINDOWS\cFosSpeed_Setup_Log.txt
2009-02-19 10:02:42 ----D---- C:\Program Files\ESET
2009-02-19 09:38:22 ----D---- C:\Program Files\Google
2009-02-19 09:24:27 ----D---- C:\Documents and Settings\Rick\Application Data\Adobe
2009-02-19 09:20:56 ----D---- C:\Program Files\MSBuild
2009-02-19 09:20:52 ----D---- C:\WINDOWS\system32\XPSViewer
2009-02-19 09:20:49 ----D---- C:\Program Files\Reference Assemblies
2009-02-19 09:20:32 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-02-19 09:20:02 ----RSD---- C:\WINDOWS\assembly
2009-02-19 09:19:48 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-19 09:04:46 ----D---- C:\Documents and Settings\Rick\Application Data\vlc
2009-02-19 09:04:21 ----D---- C:\Program Files\VideoLAN
2009-02-19 08:53:12 ----D---- C:\Documents and Settings\Rick\Application Data\uTorrent
2009-02-19 08:53:00 ----D---- C:\Program Files\uTorrent
2009-02-19 01:30:37 ----D---- C:\Documents and Settings\Rick\Application Data\Macromedia
2009-02-19 00:54:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-19 00:53:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-19 00:53:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-19 00:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-19 00:52:48 ----D---- C:\WINDOWS\ie7updates
2009-02-19 00:52:37 ----D---- C:\WINDOWS\WBEM
2009-02-19 00:51:56 ----HDC---- C:\WINDOWS\ie7
2009-02-19 00:51:50 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPI s$
2009-02-19 00:51:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapp ing$
2009-02-19 00:50:54 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-19 00:44:49 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-19 00:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-02-19 00:44:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-19 00:44:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-19 00:44:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-19 00:44:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-19 00:44:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-19 00:44:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-02-19 00:43:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-19 00:43:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-19 00:43:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-19 00:43:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-19 00:43:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-19 00:43:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-02-19 00:43:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-19 00:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-19 00:43:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-19 00:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-19 00:43:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-19 00:43:15 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-19 00:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-19 00:41:35 ----SHD---- C:\RECYCLER
2009-02-19 00:39:38 ----D---- C:\WINDOWS\system32\PreInstall
2009-02-19 00:39:38 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-02-19 00:39:37 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-02-19 00:39:37 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-19 00:36:40 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-02-19 00:35:37 ----D---- C:\Program Files\WinRAR
2009-02-19 00:33:04 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-02-19 00:32:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-19 00:32:02 ----A---- C:\WINDOWS\system32\RtNicProp32.dll
2009-02-19 00:23:45 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2009-02-19 00:22:29 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-02-19 00:22:18 ----D---- C:\Program Files\ATI Technologies
2009-02-19 00:22:13 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-19 00:22:03 ----D---- C:\Program Files\Common Files\InstallShield
2009-02-19 00:21:52 ----D---- C:\ATI
2009-02-19 00:19:48 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-02-19 00:09:08 ----D---- C:\Program Files\trend micro
2009-02-19 00:08:52 ----D---- C:\Documents and Settings\Rick\Application Data\Identities
2009-02-19 00:08:51 ----HD---- C:\Program Files\Uninstall Information
2009-02-19 00:08:41 ----ASH---- C:\Documents and Settings\Rick\Application Data\desktop.ini
2009-02-19 00:08:40 ----SD---- C:\Documents and Settings\Rick\Application Data\Microsoft
2009-02-19 00:08:12 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-19 00:08:10 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-19 00:08:10 ----D---- C:\WINDOWS\Prefetch
2009-02-19 00:08:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-19 00:04:53 ----D---- C:\WINDOWS\system32\xircom
2009-02-19 00:04:53 ----D---- C:\Program Files\xerox
2009-02-19 00:04:53 ----D---- C:\Program Files\windows media player
2009-02-19 00:04:53 ----D---- C:\Program Files\microsoft frontpage
2009-02-19 00:04:40 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-19 00:04:34 ----A---- C:\WINDOWS\control.ini
2009-02-19 00:04:34 ----A---- C:\AUTOEXEC.BAT
2009-02-19 00:04:32 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-19 00:04:28 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-02-19 00:03:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-19 00:03:53 ----RD---- C:\WINDOWS\Offline Web Pages
2009-02-19 00:03:53 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-02-19 00:03:49 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-02-19 00:03:46 ----HD---- C:\Program Files\WindowsUpdate
2009-02-19 00:03:32 ----D---- C:\WINDOWS\system32\DirectX
2009-02-19 00:03:32 ----A---- C:\WINDOWS\system32\atrace.dll
2009-02-19 00:03:30 ----A---- C:\WINDOWS\system32\desktop.ini
2009-02-19 00:03:30 ----A---- C:\WINDOWS\desktop.ini
2009-02-19 00:03:25 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-02-19 00:03:24 ----D---- C:\Program Files\Common Files\Services
2009-02-19 00:03:24 ----A---- C:\WINDOWS\system32\acctres.dll
2009-02-19 00:03:22 ----SD---- C:\WINDOWS\Tasks
2009-02-19 00:03:22 ----D---- C:\Program Files\Common Files\MSSoap
2009-02-19 00:03:22 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-02-19 00:03:18 ----D---- C:\WINDOWS\srchasst
2009-02-19 00:03:17 ----D---- C:\WINDOWS\system32\Macromed
2009-02-19 00:03:17 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-02-19 00:03:17 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-02-19 00:03:17 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-02-19 00:03:17 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-02-19 00:03:17 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-02-19 00:03:16 ----A---- C:\WINDOWS\system32\wups.dll
2009-02-19 00:03:16 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-02-19 00:03:16 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-02-19 00:03:16 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-02-19 00:03:16 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-02-19 00:03:16 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-02-19 00:03:16 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-02-19 00:03:16 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-02-19 00:03:16 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-02-19 00:03:12 ----SHD---- C:\Program Files\Movie Maker
2009-02-19 00:02:59 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-02-19 00:02:59 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-02-19 00:02:59 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-02-19 00:02:59 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-02-19 00:02:55 ----D---- C:\WINDOWS\system32\Restore
2009-02-19 00:02:55 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-02-19 00:02:55 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-02-19 00:02:55 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-02-19 00:02:54 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-02-19 00:02:54 ----A---- C:\WINDOWS\system32\srclient.dll
2009-02-19 00:02:54 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-02-19 00:02:54 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-02-19 00:02:54 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-02-19 00:02:54 ----A---- C:\WINDOWS\system32\ils.dll
2009-02-19 00:02:53 ----A---- C:\WINDOWS\system32\msconf.dll
2009-02-19 00:02:53 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-02-19 00:02:51 ----D---- C:\Program Files\NetMeeting
2009-02-19 00:02:51 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-02-19 00:02:51 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-02-19 00:02:50 ----A---- C:\WINDOWS\system32\inetres.dll
2009-02-19 00:02:50 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-02-19 00:02:48 ----D---- C:\Program Files\Outlook Express
2009-02-19 00:02:48 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-02-19 00:02:48 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-02-19 00:02:48 ----A---- C:\WINDOWS\system32\mstask.dll
2009-02-19 00:02:48 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-02-19 00:02:48 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-02-19 00:02:47 ----A---- C:\WINDOWS\system32\isign32.dll
2009-02-19 00:02:47 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-02-19 00:02:42 ----D---- C:\Program Files\Common Files\System
2009-02-19 00:02:41 ----D---- C:\Program Files\Internet Explorer
2009-02-19 00:02:19 ----D---- C:\Program Files\ComPlus Applications
2009-02-19 00:02:18 ----A---- C:\WINDOWS\vbaddin.ini
2009-02-19 00:02:18 ----A---- C:\WINDOWS\vb.ini
2009-02-19 00:02:14 ----D---- C:\WINDOWS\Registration
2009-02-19 00:02:09 ----D---- C:\Program Files\Online Services
2009-02-19 00:02:03 ----D---- C:\Program Files\Messenger
2009-02-19 00:02:00 ----D---- C:\Program Files\MSN Gaming Zone
2009-02-19 00:02:00 ----A---- C:\WINDOWS\system32\write.exe
2009-02-19 00:01:53 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-02-19 00:01:53 ----A---- C:\WINDOWS\system32\hticons.dll
2009-02-19 00:01:53 ----A---- C:\WINDOWS\system32\avwav.dll
2009-02-19 00:01:53 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-02-19 00:01:53 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-02-19 00:01:52 ----A---- C:\WINDOWS\system32\winchat.exe
2009-02-19 00:01:48 ----A---- C:\WINDOWS\system32\getuname.dll
2009-02-19 00:01:47 ----A---- C:\WINDOWS\system32\winmine.exe
2009-02-19 00:01:47 ----A---- C:\WINDOWS\system32\sol.exe
2009-02-19 00:01:47 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-02-19 00:01:47 ----A---- C:\WINDOWS\system32\charmap.exe
2009-02-19 00:01:47 ----A---- C:\WINDOWS\system32\calc.exe
2009-02-19 00:01:46 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-02-19 00:01:46 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-02-19 00:01:46 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-02-19 00:01:46 ----A---- C:\WINDOWS\system32\tskill.exe
2009-02-19 00:01:46 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-02-19 00:01:46 ----A---- C:\WINDOWS\system32\tscon.exe
2009-02-19 00:01:46 ----A---- C:\WINDOWS\system32\shadow.exe
2009-02-19 00:01:46 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-02-19 00:01:46 ----A---- C:\WINDOWS\system32\reset.exe
2009-02-19 00:01:46 ----A---- C:\WINDOWS\system32\regini.exe
2009-02-19 00:01:46 ----A---- C:\WINDOWS\system32\freecell.exe
2009-02-19 00:01:45 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-02-19 00:01:45 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-02-19 00:01:45 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-02-19 00:01:45 ----A---- C:\WINDOWS\system32\msg.exe
2009-02-19 00:01:45 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-02-19 00:01:45 ----A---- C:\WINDOWS\system32\logoff.exe
2009-02-19 00:01:45 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-02-19 00:01:41 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-02-19 00:01:26 ----D---- C:\Program Files\MSN
2009-02-19 00:01:25 ----D---- C:\Program Files\Windows NT
2009-02-19 00:01:25 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-02-19 00:01:25 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-02-19 00:01:25 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-02-19 00:01:24 ----A---- C:\WINDOWS\system32\spider.exe
2009-02-19 00:01:24 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-02-19 00:01:24 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-02-19 00:01:23 ----D---- C:\WINDOWS\system32\en-US
2009-02-19 00:01:23 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-02-19 00:01:23 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-02-19 00:01:23 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-02-19 00:01:22 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-02-19 00:01:22 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-02-19 00:01:22 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-02-19 00:01:21 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-02-19 00:01:21 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-02-19 00:01:21 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-02-19 00:01:21 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-02-19 00:01:21 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-02-19 00:01:21 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-02-19 00:01:21 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-02-19 00:01:21 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-02-19 00:01:21 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-02-19 00:01:21 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-02-19 00:01:21 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-02-19 00:01:21 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-02-19 00:01:20 ----D---- C:\WINDOWS\system32\MsDtc
2009-02-19 00:01:20 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-02-19 00:01:20 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-02-19 00:01:20 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-02-19 00:01:20 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-02-19 00:01:20 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-02-19 00:01:20 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-02-19 00:01:20 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-02-19 00:01:19 ----D---- C:\WINDOWS\system32\Com
2009-02-19 00:01:19 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-02-19 00:01:19 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-02-19 00:01:19 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-02-19 00:01:19 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-02-19 00:01:19 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-02-19 00:01:19 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-02-19 00:01:19 ----A---- C:\WINDOWS\system32\colbact.dll
2009-02-19 00:01:18 ----A---- C:\WINDOWS\system32\stclient.dll
2009-02-19 00:01:18 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-02-19 00:01:18 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-02-19 00:01:18 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-02-19 00:01:18 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-02-19 00:01:17 ----A---- C:\WINDOWS\system32\comuid.dll
2009-02-19 00:01:17 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-02-19 00:01:17 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-02-19 00:01:17 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-02-19 00:01:11 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-02-19 00:01:11 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-02-19 00:01:11 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-02-19 00:01:11 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-02-19 00:00:33 ----A---- C:\WINDOWS\system32\h323log.txt
2009-02-18 23:57:24 ----A---- C:\WINDOWS\system32\usbui.dll
2009-02-18 23:56:38 ----A---- C:\WINDOWS\imsins.BAK
2009-02-18 23:56:36 ----SHD---- C:\WINDOWS\Installer
2009-02-18 23:56:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-18 23:56:35 ----D---- C:\Program Files\Common Files\ODBC
2009-02-18 23:56:35 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-18 23:56:32 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-02-18 23:56:31 ----RD---- C:\Program Files
2009-02-18 23:56:31 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-18 23:56:31 ----D---- C:\Program Files\Common Files
2009-02-18 23:56:29 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-02-18 23:56:29 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-02-18 23:56:29 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-02-18 23:56:28 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-02-18 23:56:28 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-02-18 23:56:28 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-02-18 23:56:28 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-02-18 23:56:28 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-02-18 23:56:28 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-02-18 23:56:28 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-02-18 23:56:28 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-02-18 23:56:28 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-02-18 23:56:28 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-02-18 23:56:28 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-02-18 23:56:28 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-02-18 23:56:27 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-02-18 23:56:27 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-02-18 23:56:27 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-02-18 23:56:27 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-02-18 23:56:27 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-02-18 23:56:27 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-02-18 23:56:27 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-02-18 23:56:26 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-02-18 23:56:26 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-02-18 23:56:26 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-02-18 23:56:26 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-02-18 23:56:26 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-02-18 23:56:25 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-02-18 23:56:23 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-02-18 23:56:23 ----A---- C:\WINDOWS\system32\irclass.dll
2009-02-18 23:56:23 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-02-18 23:56:23 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-02-18 23:56:23 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-02-18 23:56:21 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-02-18 23:56:21 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-02-18 23:56:21 ----A---- C:\WINDOWS\system32\batt.dll
2009-02-18 23:56:21 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-02-18 23:56:17 ----A---- C:\WINDOWS\system32\storprop.dll
2009-02-18 23:56:12 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-02-18 23:55:02 ----RA---- C:\WINDOWS\SET27.tmp
2009-02-18 23:54:30 ----RA---- C:\WINDOWS\SET8.tmp
2009-02-18 23:54:28 ----RA---- C:\WINDOWS\SET4.tmp
2009-02-18 23:54:26 ----RA---- C:\WINDOWS\SET3.tmp
2009-02-18 23:54:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-18 23:54:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-18 23:54:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-18 23:54:01 ----A---- C:\WINDOWS\setuplog.txt
2009-02-18 23:53:58 ----SHD---- C:\System Volume Information
2009-02-18 23:53:58 ----D---- C:\Documents and Settings
2009-02-18 23:53:22 ----SH---- C:\boot.ini
2009-02-18 23:47:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-18 23:47:28 ----RSD---- C:\WINDOWS\Fonts
2009-02-18 23:47:28 ----RD---- C:\WINDOWS\Web
2009-02-18 23:47:28 ----HD---- C:\WINDOWS\inf
2009-02-18 23:47:28 ----D---- C:\WINDOWS\WinSxS
2009-02-18 23:47:28 ----D---- C:\WINDOWS\twain_32
2009-02-18 23:47:28 ----D---- C:\WINDOWS\Temp
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\wins
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\wbem
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\usmt
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\spool
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\ShellExt
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\Setup
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\scripting
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\ras
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\oobe
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\npp
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\mui
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\IME
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\icsxml
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\ias
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\export
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\en
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\drivers
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\dhcp
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\config
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\3com_dmi
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\3076
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\2052
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\1054
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\1042
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\1041
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\1037
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\1033
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\1031
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\1028
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32\1025
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system32
2009-02-18 23:47:28 ----D---- C:\WINDOWS\system
2009-02-18 23:47:28 ----D---- C:\WINDOWS\security
2009-02-18 23:47:28 ----D---- C:\WINDOWS\Resources
2009-02-18 23:47:28 ----D---- C:\WINDOWS\repair
2009-02-18 23:47:28 ----D---- C:\WINDOWS\Provisioning
2009-02-18 23:47:28 ----D---- C:\WINDOWS\PeerNet
2009-02-18 23:47:28 ----D---- C:\WINDOWS\pchealth
2009-02-18 23:47:28 ----D---- C:\WINDOWS\Network Diagnostic
2009-02-18 23:47:28 ----D---- C:\WINDOWS\mui
2009-02-18 23:47:28 ----D---- C:\WINDOWS\msapps
2009-02-18 23:47:28 ----D---- C:\WINDOWS\msagent
2009-02-18 23:47:28 ----D---- C:\WINDOWS\Media
2009-02-18 23:47:28 ----D---- C:\WINDOWS\L2Schemas
2009-02-18 23:47:28 ----D---- C:\WINDOWS\java
2009-02-18 23:47:28 ----D---- C:\WINDOWS\ime
2009-02-18 23:47:28 ----D---- C:\WINDOWS\Help
2009-02-18 23:47:28 ----D---- C:\WINDOWS\ehome
2009-02-18 23:47:28 ----D---- C:\WINDOWS\Driver Cache
2009-02-18 23:47:28 ----D---- C:\WINDOWS\Debug
2009-02-18 23:47:28 ----D---- C:\WINDOWS\Cursors
2009-02-18 23:47:28 ----D---- C:\WINDOWS\Connection Wizard
2009-02-18 23:47:28 ----D---- C:\WINDOWS\Config
2009-02-18 23:47:28 ----D---- C:\WINDOWS\AppPatch
2009-02-18 23:47:28 ----D---- C:\WINDOWS\addins
2009-02-18 23:47:28 ----D---- C:\WINDOWS
2009-02-06 12:35:56 ----A---- C:\WINDOWS\system32\LegitCheckControl.DLL
======List of files/folders modified in the last 1 months======
2009-02-19 11:43:34 ----A---- C:\WINDOWS\win.ini
2009-02-18 23:59:36 ----A---- C:\WINDOWS\system.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-10-24 34824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-27 245760]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-27 93824]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
R3 DELTAII;Service for M-Audio Delta Driver (WDM); C:\WINDOWS\system32\DRIVERS\deltaII.sys [2008-03-03 302728]
R3 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 restore;restore; \??\C:\WINDOWS\system32\drivers\restore.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 afisicx;afisicx Service; C:\WINDOWS\system32\afisicx.exe [2008-04-14 64512]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 618496]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 mabidwe;mabidwe Service; C:\WINDOWS\system32\mabidwe.exe [2008-04-14 64512]
R2 noytcyr;noytcyr Service; C:\WINDOWS\system32\noytcyr.exe [2008-04-14 201216]
R2 roytctm;roytctm Service; C:\WINDOWS\system32\roytctm.exe [2008-04-14 201216]
R2 soxpeca;soxpeca Service; C:\WINDOWS\system32\soxpeca.exe [2008-04-14 64000]
R2 tdydowkc;tdydowkc Service; C:\WINDOWS\system32\tdydowkc.exe [2008-04-14 64512]
R2 wsldoekd;wsldoekd Service; C:\WINDOWS\system32\wsldoekd.exe [2008-04-14 201728]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-02-02 540672]
S2 CcEvtSvc;CcEvtSvc; C:\WINDOWS\System32\CcEvtSvc.exe [2009-02-20 105030]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-10-24 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe [2007-10-09 57344]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 884736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 143360]
-----------------EOF-----------------
  #17  
Old 20th Feb 2009, 07:41
Moderator Group
  
Default Hijackthis Log File - Please Help!

Your actually even more infected now then you were before. Whatever you're downloading, likely torrent or p2p files are putting you and me in an uncomfortable situation. I can't keep helping knowing what you are doing is, in many countries, illegal. There are free alternatives to almost any software.

One or more of the identified infections was related to a rootkit componet. Rootkits are very dangerous because they use advanced techniques as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

It is dangerous and incorrect to assume that because the rootkit has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Please read When should I re-format? How should I reinstall? and Reformatting the computer or troubleshooting; which is best?.

We can try to clean it but I have to warn it will be the last time we can help, and I don't know if it will be a success.

If you want to continue, remove any cracked software and ALL p2p and file sharing software before we start. Let me know what you decide.
__________________
  #18  
Old 20th Feb 2009, 08:06
Member Group
  
Default Hijackthis Log File - Please Help!

Hi, i dont have any hacked software, although i do use utorrent on occasions. I'll remove it though. I wont be home for another 3 hours but yes i would like your help and am very grateful for you response so far.
  #19  
Old 20th Feb 2009, 09:00
Moderator Group
  
Default Hijackthis Log File - Please Help!

Download and install SUPERAntiSpyware Free for Home Users
  • Start SUPERAntiSpyware and click Check for updates
If you encounter any problems while downloading the updates, manually download and unzip them from here
  • Once the update is finished, on the main screen, click Scan your computer
  • Check Perform Complete Scan
  • Click Next to start the scan.

When finished SUPERAntiSpyware will list all the infections found.
Make sure everything found has a check next to it and press Next
Then click Finish

It is possible that the SUPERAntiSpyware asks to reboot the PC in order to delete some files.

Locate the SUPERAntiSpyware log as follows:
  • Click: Preferences
  • Click the Statistics/Logs tab
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log

It opens in your default text editor (such as Notepad)

Post the SUPERAntiSpyware log in your reply.

----------

Download Malwarebytes' Anti-Malware (MBAM)
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
__________________
Reply
Page 2 of 2 1 2

Register

Bookmarks

Similar Threads
Thread Thread Starter Forum Replies Last Post
Video File Presentation/ File Format for a Dvd Player? jamblebee Multimedia & Codecs 2 6th Oct 2009 04:00
HijackThis Log File - Help Please Paul4763 Virus, Spyware & Security 1 10th Aug 2009 12:08
How to Change Icons for Files?! Not File Types or Folders, Each Individual File. 4D(Fordy(Ford) Ollie Windows Operating Systems 1 26th Jul 2009 05:10
Hijackthis log Sideways52 Virus, Spyware & Security 7 29th Nov 2008 23:47
Can you change file format to windows media file? confused21 Windows Operating Systems 1 17th Nov 2007 03:27
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.