Sponsored By

outbenchthis

Members
  • Content Count

    13
  • Joined

  • Last visited

Everything posted by outbenchthis

  1. Hi Sarahw sorry for the late reply. I have spoken with a friend and he has said that there is a risk of losing files when you do a System Restore. I am concerned that I could lose some or all of my files (.docs as well as emails as I use Microsoft outlook) is there a way i could address this problem? My friend said that in theory it will only restore system files and not personal files but actually you could risk losing personal files in the process. I have been informed that saving work in My Documents may be a way of protecting against that risk, is this the case? Is there a more effective way of insuring against this risk? As I am not to familiar with the process I am concerned with the risk of losing files, is there something I could do instead of performing a System Restore that would resolve my problems? I appreciate your assistance thanks
  2. Hi Sarahw, thanks for the reply, I have attached the log from Malwarebytes as an attachment as it is too large to fit in a post. this is the file name: mbam-log-2008-09-30(19-06-09).txt thanks mbam_log_2008_09_30__19_06_09_.txt
  3. Hi, I have had success on this forum with a previous problem with a virus after some excellent assistance from Sarahw so I thought I would post here again as this current problem may be related. My computer was running slow so I decided to do a Malwarebytes Anti-malware scan which found 1530 infected files (deleted and quarantined). I thought this was an exceptionally high number of infected files (I can post the log from the Mbam scan if you'd like). Below is the log from the Hijackthis log. After my system was cleaned up the first time a month ago from really good advice (sarahw), should I have then performed a System Restore? This was suggested to me at the Malwarebytes Security Forums. I think the reason the System Restore was suggested was because the MBam log returned the following entry 1530 times with a different .dll C:\System Volume Information\_restore{025B975B-FBD3-4DE0-899E-8E330F2E4991} Should I therefore disable and enable System Restore? Is there a risk to the system or my files in doing this as I have never done this before? Thanks for your assistance, -----------------Hijackthis log--------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:53:54, on 30/09/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\windows\system\hpsysdrv.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\USB Storage RW\shwicon.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Panasonic\Panasonic X700 PC Software Suite\connmngmntbox.exe C:\Program Files\Panasonic\Panasonic X700 PC Software Suite\ectaskscheduler.exe C:\PROGRA~1\PANASO~1\PANASO~2\Elogerr.exe C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\PANASO~1\PANASO~2\BROADC~1.EXE C:\PROGRA~1\PANASO~1\PANASO~2\SCRFS.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\Grisoft\AVG7\avgw.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: PanasonicX700PCSoftwareSuite Detect.lnk = ? O4 - Global Startup: PanasonicX700PCSoftwareSuite TS.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 6273 bytes
  4. Hi Sarahw, Thanks! I'll go through all of your recommendations. If I have any questions in the future, I'll know where to ask. Thanks again for all your help.
  5. Hi Sarahw, Sorry for my late reply. The computer is running much quicker now. Thank you very much for all your help! I wanted to know a few things to ensure the computer will remain trojan and malware free. Can you tell me (or how can I tell) if I have a firewall? I currently have AVG 7.5 Free installed which scans periodically but I wanted to know your expert opinion on whether to use an alternative or continue with this scanning program. Should I uninstall the programs HiJackThis, SDFix and OTMoveIT2 now that I've finished with them? Thanks again for all your help, Sarah. Regards, Sean
  6. Hi Sarah, Below is the ESET Online Scanner log Thanks -------------------------------------------------------------------- # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3430 (20080910) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=16abe310adb8b84088d22846f792c154 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-09-10 12:29:36 # local_time=2008-09-10 10:29:36 (+1000, E. Australia Standard Time) # country="Australia" # osver=5.1.2600 NT Service Pack 1 # scanned=492160 # found=2 # scan_time=14204 C:\Documents and Settings\Administrator\Desktop\catchme.zip a variant of Win32/Spy.Silentbanker trojan (deleted) 00000000000000000000000000000000 C:\Documents and Settings\Administrator\Desktop\catchme.zip »ZIP »41893321731.CPX a variant of Win32/Spy.Silentbanker trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
  7. I have restored the four entries from the Quarantine tab in mbam. do you require another log? thanks
  8. Hi Sarahw below is the OTMoveIt2 log and the Hijackthis log thanks OTMoveIt2 File/Folder C:\Program Files\rhcp2pj0e7bv not found. File/Folder C:\Documents and Settings\Clementi\Application Data\rhcp2pj0e7bv not found. File/Folder C:\WINDOWS\system32\kdizk.exe not found. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09092008_110907 ------------------------------------------------------------------------- Hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:11:11, on 9/09/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\windows\system\hpsysdrv.exe C:\Program Files\USB Storage RW\shwicon.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Panasonic\Panasonic X700 PC Software Suite\connmngmntbox.exe C:\Program Files\Panasonic\Panasonic X700 PC Software Suite\ectaskscheduler.exe C:\PROGRA~1\PANASO~1\PANASO~2\Elogerr.exe C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\PANASO~1\PANASO~2\BROADC~1.EXE C:\PROGRA~1\PANASO~1\PANASO~2\SCRFS.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Owner\Desktop\OTMoveIt2.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: PanasonicX700PCSoftwareSuite Detect.lnk = ? O4 - Global Startup: PanasonicX700PCSoftwareSuite TS.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 6018 bytes
  9. I ran Malwarebytes Anti-Malware and it found 28 objects infected, which I checked and removed successfully. here is the log file below Thanks ------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.26 Database version: 1127 Windows 5.1.2600 Service Pack 1 8/09/2008 3:59:15 PM mbam-log-2008-09-08 (15-59-15).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 122455 Time elapsed: 2 hour(s), 11 minute(s), 51 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 1 Registry Data Items Infected: 15 Folders Infected: 3 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.42 85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{127b6989-7fc9-4963-84a5-8ab81d0d6fcd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.42,85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{41be3759-f7f4-4bce-969f-6f86e114a44b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.42,85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{41be3759-f7f4-4bce-969f-6f86e114a44b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.42,85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{c8f42016-28ff-4c04-84c9-e535e54047e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.42,85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.42 85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{127b6989-7fc9-4963-84a5-8ab81d0d6fcd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.42,85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{41be3759-f7f4-4bce-969f-6f86e114a44b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.42,85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{41be3759-f7f4-4bce-969f-6f86e114a44b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.42,85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{c8f42016-28ff-4c04-84c9-e535e54047e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.42,85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.42 85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{127b6989-7fc9-4963-84a5-8ab81d0d6fcd}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.42,85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{41be3759-f7f4-4bce-969f-6f86e114a44b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.115.42,85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{41be3759-f7f4-4bce-969f-6f86e114a44b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.42,85.255.112.170 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{c8f42016-28ff-4c04-84c9-e535e54047e5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.42,85.255.112.170 -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\append.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xlib254.dll (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\secdrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\EndNote X Introductory.pdf (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Owner\Application Data\temp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
  10. Hi Sarah the OTMoveIt2 folder has been zipped and uploaded to uploadmalware.com as (09082008_091946.zip). Thanks
  11. Hi Sarah here is the OTMoveit2 log thanks ---------------------- File/Folder C:\WINDOWS\System32\ntos.exe not found. LoadLibrary failed for C:\WINDOWS\system32\wowfx.dll C:\WINDOWS\system32\wowfx.dll NOT unregistered. C:\WINDOWS\system32\wowfx.dll moved successfully. File/Folder C:\WINDOWS\system32\ALCXMNTR.EXE not found. File/Folder C:\WINDOWS\System32\braviax.exe not found. File/Folder C:\WINDOWS\System32\spoolvs.exe not found. C:\WINDOWS\web\Wallpaper moved successfully. C:\WINDOWS\web\printers\images moved successfully. C:\WINDOWS\web\printers moved successfully. C:\WINDOWS\web moved successfully. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09082008_091946
  12. Hi sarahw! thanks for your help. I have gone through step-by-step your list of instructions below I have posted my new hijackthis log and the SDfix report (report.txt). I also have a log from OTMoveIt2 that I can post for your analysis if you would like. The window with the error message "the application or dll c:\windows\system32\wowfx.dll is not a valid Windows image. Please verify with the installation disk." has stopped popping up after following your directions! Based on the new logs, what else needs to be done now? Thanks in advance for your help. ------------------------------------------------------------------------ Hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:01:17, on 8/09/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\wuauclt.exe C:\windows\system\hpsysdrv.exe C:\Program Files\USB Storage RW\shwicon.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Panasonic\Panasonic X700 PC Software Suite\connmngmntbox.exe C:\Program Files\Panasonic\Panasonic X700 PC Software Suite\ectaskscheduler.exe C:\PROGRA~1\PANASO~1\PANASO~2\Elogerr.exe C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\PANASO~1\PANASO~2\BROADC~1.EXE C:\PROGRA~1\PANASO~1\PANASO~2\SCRFS.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: PanasonicX700PCSoftwareSuite Detect.lnk = ? O4 - Global Startup: PanasonicX700PCSoftwareSuite TS.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{41BE3759-F7F4-4BCE-969F-6F86E114A44B}: NameServer = 85.255.115.42,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F42016-28FF-4C04-84C9-E535E54047E5}: NameServer = 85.255.115.42,85.255.112.170 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 6311 bytes --------------------------------------------------------------------------------------------------------------------------------- SDfix report SDFix: Version 1.222 Run by Administrator on Mon 08/09/2008 at 09:34 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Resetting SecurityProviders Value [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "aux1"="wdmaud.drv" Restoring aux1 registry value to wdmaud.drv Resetting AppInit_DLLs value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\KERNEL32.EXE - Deleted C:\Program Files\altcmd\altcmd.inf - Deleted C:\Program Files\altcmd\uninstall.bat - Deleted C:\WINDOWS\rasqervy.dll - Deleted C:\WINDOWS\sdfinacs.dll - Deleted C:\WINDOWS\system32\Kernel32.exe - Deleted C:\WINDOWS\wuasirvy.dll - Deleted C:\WINDOWS\system32\41893321731.CPX - Deleted C:\WINDOWS\system32\418933217312.CPX - Deleted C:\WINDOWS\system32\418933217321.CPX - Deleted C:\WINDOWS\system32\418933217331.CPX - Deleted C:\WINDOWS\system32\418933217351.CPX - Deleted C:\WINDOWS\system32\wowfx.dll - Deleted Folder C:\Program Files\altcmd - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-08 09:44:11 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Documents and Settings\\Owner\\Application Data\\printer.exe"="C:\\Documents and Settings\\Owner\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\System32\\printer.exe"="C:\\WINDOWS\\System32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\System32\\spoolvs.exe"="C:\\WINDOWS\\System32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019" "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Owner\\Application Data\\62203.exe"="C:\\Documents and Settings\\Owner\\Application Data\\62203.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Owner\\Application Data\\64355.exe"="C:\\Documents and Settings\\Owner\\Application Data\\64355.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Owner\\Application Data\\14991.exe"="C:\\Documents and Settings\\Owner\\Application Data\\14991.exe:*:Enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\\Documents and Settings\\Owner\\Application Data\\printer.exe"="C:\\Documents and Settings\\Owner\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\System32\\printer.exe"="C:\\WINDOWS\\System32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\System32\\spoolvs.exe"="C:\\WINDOWS\\System32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019" "%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Owner\\Application Data\\62203.exe"="C:\\Documents and Settings\\Owner\\Application Data\\62203.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Owner\\Application Data\\64355.exe"="C:\\Documents and Settings\\Owner\\Application Data\\64355.exe:*:Enabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\Owner\\Application Data\\14991.exe"="C:\\Documents and Settings\\Owner\\Application Data\\14991.exe:*:Enabled:@xpsp2res.dll,-22019" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Wed 4 Jun 2008 37,888 ...H. --- "C:\Seabrook\~WRL1868.tmp" Fri 14 Mar 2008 92,160 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc157.tmp" Thu 17 Apr 2008 80,896 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc158.tmp" Mon 5 Nov 2007 32,256 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc61.tmp" Mon 5 Nov 2007 29,184 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc62.tmp" Mon 5 Nov 2007 31,232 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc63.tmp" Mon 5 Nov 2007 32,256 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc64.tmp" Mon 5 Nov 2007 39,936 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc65.tmp" Mon 5 Nov 2007 36,352 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc66.tmp" Mon 5 Nov 2007 29,184 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc67.tmp" Mon 5 Nov 2007 30,208 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc68.tmp" Mon 5 Nov 2007 33,280 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc69.tmp" Mon 5 Nov 2007 26,624 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc70.tmp" Mon 5 Nov 2007 40,960 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc71.tmp" Mon 5 Nov 2007 37,888 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc72.tmp" Mon 5 Nov 2007 40,960 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc73.tmp" Mon 5 Nov 2007 37,888 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc74.tmp" Mon 5 Nov 2007 36,352 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc75.tmp" Mon 5 Nov 2007 29,184 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc76.tmp" Mon 5 Nov 2007 26,112 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc77.tmp" Mon 5 Nov 2007 41,472 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc78.tmp" Mon 5 Nov 2007 39,936 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc79.tmp" Mon 5 Nov 2007 40,960 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc80.tmp" Mon 5 Nov 2007 40,960 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc81.tmp" Mon 5 Nov 2007 37,888 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc82.tmp" Mon 5 Nov 2007 29,184 A..H. --- "C:\RECYCLER\S-1-5-21-3305781904-3999868759-2749077437-1003\Dc84.tmp" Tue 24 Aug 2004 21,504 A..H. --- "C:\OLD C\Uni Stuff\Legal Theory\~WRL2803.tmp" Sun 29 Aug 2004 65,536 ...H. --- "C:\Program Files\Panasonic\Panasonic X700\MCCIUSBUninstall.exe" Fri 5 Sep 2003 25,088 A..H. --- "C:\Documents and Settings\Owner\My Documents\unistuff\~WRL2657.tmp" Fri 5 Sep 2003 29,696 A..H. --- "C:\Documents and Settings\Owner\My Documents\unistuff\~WRL2700.tmp" Sun 13 Nov 2005 20,480 A..H. --- "C:\OLD C\Uni Stuff\corporations\Exam\~WRL0216.tmp" Sun 13 Nov 2005 20,480 A..H. --- "C:\OLD C\Uni Stuff\corporations\Exam\~WRL1427.tmp" Sun 13 Nov 2005 19,968 A..H. --- "C:\OLD C\Uni Stuff\corporations\Exam\~WRL3371.tmp" Fri 7 Oct 2005 24,064 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL0023.tmp" Fri 7 Oct 2005 42,496 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL0114.tmp" Fri 7 Oct 2005 39,424 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL0248.tmp" Fri 7 Oct 2005 21,504 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL0321.tmp" Fri 7 Oct 2005 29,696 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL0328.tmp" Fri 7 Oct 2005 26,624 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL0385.tmp" Fri 7 Oct 2005 43,520 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL0406.tmp" Fri 7 Oct 2005 46,080 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL0494.tmp" Fri 7 Oct 2005 31,744 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL0502.tmp" Thu 6 Oct 2005 23,552 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL0557.tmp" Fri 7 Oct 2005 38,912 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL0580.tmp" Thu 29 Sep 2005 23,552 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL0803.tmp" Fri 7 Oct 2005 46,592 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL1028.tmp" Mon 24 Oct 2005 22,016 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL1074.tmp" Fri 7 Oct 2005 24,576 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL1159.tmp" Fri 7 Oct 2005 48,128 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL1348.tmp" Mon 24 Oct 2005 22,016 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL1578.tmp" Fri 7 Oct 2005 79,872 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL1586.tmp" Fri 7 Oct 2005 48,640 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL1688.tmp" Fri 7 Oct 2005 78,848 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL1807.tmp" Fri 7 Oct 2005 28,672 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL1844.tmp" Fri 7 Oct 2005 78,336 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL1845.tmp" Fri 7 Oct 2005 50,176 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL2157.tmp" Fri 7 Oct 2005 37,376 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL2285.tmp" Fri 7 Oct 2005 80,384 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL2329.tmp" Fri 7 Oct 2005 38,400 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL2339.tmp" Fri 7 Oct 2005 41,472 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL2465.tmp" Fri 7 Oct 2005 38,912 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL2503.tmp" Fri 7 Oct 2005 37,888 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL2685.tmp" Fri 7 Oct 2005 33,280 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL2780.tmp" Fri 7 Oct 2005 44,544 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL2877.tmp" Mon 24 Oct 2005 22,016 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL3024.tmp" Thu 29 Sep 2005 23,040 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL3679.tmp" Fri 7 Oct 2005 38,912 A..H. --- "C:\OLD C\Uni Stuff\semester 2, 2005\Marketing Communication\~WRL3958.tmp" Mon 24 Jul 2006 23,040 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL0014.tmp" Mon 24 Jul 2006 23,040 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL0140.tmp" Tue 8 Aug 2006 23,040 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL0476.tmp" Mon 24 Jul 2006 22,528 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL0824.tmp" Mon 24 Jul 2006 23,552 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL0965.tmp" Mon 24 Jul 2006 24,064 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL1384.tmp" Mon 24 Jul 2006 26,112 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL1429.tmp" Mon 24 Jul 2006 29,696 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL1507.tmp" Mon 24 Jul 2006 22,528 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL1710.tmp" Mon 24 Jul 2006 22,016 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL1969.tmp" Mon 24 Jul 2006 24,064 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL2107.tmp" Mon 24 Jul 2006 28,160 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL2232.tmp" Tue 8 Aug 2006 24,064 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL2257.tmp" Mon 24 Jul 2006 27,648 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL2347.tmp" Mon 24 Jul 2006 21,504 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL2684.tmp" Tue 8 Aug 2006 21,504 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL2697.tmp" Mon 24 Jul 2006 29,184 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL2726.tmp" Mon 24 Jul 2006 22,528 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL3008.tmp" Mon 24 Jul 2006 23,552 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL3255.tmp" Tue 8 Aug 2006 22,528 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL3491.tmp" Mon 24 Jul 2006 25,088 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL3543.tmp" Mon 24 Jul 2006 22,528 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL3962.tmp" Mon 24 Jul 2006 20,992 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\media law\~WRL4080.tmp" Wed 5 Apr 2006 25,600 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\internet Marketing\~WRL0645.tmp" Tue 2 May 2006 65,536 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\InternationalAcc\~WRL2853.tmp" Tue 2 May 2006 44,544 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\InternationalAcc\~WRL3836.tmp" Thu 4 May 2006 25,088 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL0023.tmp" Thu 4 May 2006 45,568 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL0505.tmp" Thu 4 May 2006 31,232 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL0798.tmp" Thu 4 May 2006 26,112 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL0907.tmp" Thu 4 May 2006 28,672 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL1027.tmp" Thu 4 May 2006 27,648 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL1387.tmp" Thu 4 May 2006 28,672 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL1573.tmp" Thu 4 May 2006 31,744 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL1938.tmp" Thu 4 May 2006 29,696 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL1940.tmp" Thu 4 May 2006 44,032 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL1948.tmp" Thu 4 May 2006 21,504 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2048.tmp" Thu 4 May 2006 26,112 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2110.tmp" Thu 4 May 2006 29,184 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2273.tmp" Wed 14 Jun 2006 35,328 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2470.tmp" Thu 4 May 2006 25,600 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2494.tmp" Thu 4 May 2006 25,600 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2516.tmp" Thu 4 May 2006 26,112 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2553.tmp" Thu 4 May 2006 21,504 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2602.tmp" Thu 4 May 2006 23,552 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2633.tmp" Wed 3 May 2006 24,064 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2785.tmp" Thu 4 May 2006 25,088 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2929.tmp" Thu 4 May 2006 24,064 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2936.tmp" Thu 4 May 2006 24,576 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2960.tmp" Thu 4 May 2006 24,576 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2986.tmp" Thu 4 May 2006 43,008 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL2987.tmp" Thu 4 May 2006 29,184 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL3184.tmp" Thu 4 May 2006 25,600 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL3323.tmp" Thu 4 May 2006 47,616 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL3373.tmp" Thu 4 May 2006 30,208 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL3393.tmp" Thu 4 May 2006 27,136 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL3411.tmp" Wed 14 Jun 2006 42,496 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL3420.tmp" Thu 4 May 2006 27,136 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL3526.tmp" Thu 4 May 2006 30,208 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL3606.tmp" Thu 4 May 2006 45,568 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL3752.tmp" Thu 4 May 2006 25,088 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL3950.tmp" Thu 4 May 2006 29,184 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL3984.tmp" Wed 14 Jun 2006 34,304 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\Jurisprudence\~WRL3997.tmp" Sun 9 Dec 2007 69,632 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2327.tmp" Tue 5 Jun 2007 50,176 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRL2844.tmp" Mon 17 Sep 2007 48,128 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0051.tmp" Mon 21 May 2007 46,080 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0193.tmp" Thu 11 Oct 2007 59,392 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0531.tmp" Wed 10 Oct 2007 58,368 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0597.tmp" Sun 5 Aug 2007 39,936 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL0964.tmp" Tue 13 Nov 2007 63,488 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1166.tmp" Sun 4 Nov 2007 64,512 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1572.tmp" Fri 2 Nov 2007 64,512 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL1698.tmp" Thu 30 Aug 2007 44,544 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL2707.tmp" Sun 20 May 2007 46,080 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL2882.tmp" Fri 14 Sep 2007 47,616 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3182.tmp" Fri 31 Aug 2007 49,152 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3242.tmp" Mon 17 Sep 2007 48,128 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3246.tmp" Tue 9 Oct 2007 53,760 ...H. --- "C:\Documents and Settings\Owner\Application Data\Microsoft\Word\~WRL3510.tmp" Wed 6 Sep 2006 29,184 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7010GSM Leadership Comm\~WRL0610.tmp" Wed 6 Sep 2006 30,720 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7010GSM Leadership Comm\~WRL1224.tmp" Wed 6 Sep 2006 31,232 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7010GSM Leadership Comm\~WRL2218.tmp" Wed 6 Sep 2006 31,232 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7010GSM Leadership Comm\~WRL3408.tmp" Wed 6 Sep 2006 29,184 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7010GSM Leadership Comm\~WRL3889.tmp" Mon 25 Sep 2006 24,064 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\~WRL0246.tmp" Mon 25 Sep 2006 22,528 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\~WRL0370.tmp" Mon 25 Sep 2006 20,480 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\~WRL0548.tmp" Mon 25 Sep 2006 23,552 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\~WRL0736.tmp" Mon 25 Sep 2006 21,504 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\~WRL0813.tmp" Mon 25 Sep 2006 23,040 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\~WRL1091.tmp" Mon 25 Sep 2006 19,456 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\~WRL1153.tmp" Mon 25 Sep 2006 19,456 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\~WRL1731.tmp" Mon 25 Sep 2006 21,504 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\~WRL2666.tmp" Mon 25 Sep 2006 20,992 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\~WRL2922.tmp" Mon 25 Sep 2006 22,528 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\~WRL3526.tmp" Mon 25 Sep 2006 25,088 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\~WRL3619.tmp" Thu 9 Nov 2006 37,888 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\Property law\exams\~WRL1105.tmp" Thu 2 Nov 2006 37,888 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\Property law\exams\~WRL2981.tmp" Thu 9 Nov 2006 37,376 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\Property law\exams\~WRL3159.tmp" Tue 11 Apr 2006 22,016 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL0291.tmp" Tue 11 Apr 2006 20,992 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL0311.tmp" Tue 11 Apr 2006 33,280 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL0531.tmp" Tue 11 Apr 2006 21,504 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL0641.tmp" Tue 11 Apr 2006 22,528 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL0765.tmp" Tue 11 Apr 2006 19,456 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL0784.tmp" Tue 11 Apr 2006 23,040 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL0895.tmp" Tue 11 Apr 2006 20,480 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL1257.tmp" Tue 11 Apr 2006 33,280 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL1360.tmp" Tue 11 Apr 2006 22,528 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL1385.tmp" Tue 11 Apr 2006 20,992 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL1595.tmp" Tue 11 Apr 2006 20,992 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL1707.tmp" Tue 11 Apr 2006 22,016 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL2111.tmp" Tue 11 Apr 2006 33,280 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL2612.tmp" Tue 11 Apr 2006 23,552 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL2685.tmp" Tue 11 Apr 2006 33,280 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL2759.tmp" Tue 11 Apr 2006 22,528 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL2827.tmp" Tue 11 Apr 2006 19,968 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL3080.tmp" Tue 11 Apr 2006 22,016 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL3601.tmp" Tue 11 Apr 2006 35,840 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL3657.tmp" Mon 10 Apr 2006 19,968 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL3694.tmp" Tue 11 Apr 2006 19,456 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL3721.tmp" Tue 11 Apr 2006 20,992 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL3992.tmp" Tue 11 Apr 2006 21,504 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL3999.tmp" Tue 11 Apr 2006 22,016 A..H. --- "C:\OLD C\Uni Stuff\semester 1 2006\intro to IB\assignment2\~WRL4046.tmp" Sun 24 Sep 2006 2,159,104 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\New Folder\~WRL0618.tmp" Sun 24 Sep 2006 26,112 A..H. --- "C:\OLD C\Uni Stuff\semester 2 2006\MBA (Practicum)[5449] - International IMBA [5457]\7028GSM Cross-Cultural Mgt\New Folder\~WRL2537.tmp" Finished!
  13. Hi, On my Windows Xp PC, every time I open it I receive a window with this message: "the application or dll c:\windows\system32\wowfx.dll is not a valid Windows image. Please verify with the installation disk." I have AVG FREE installed and have performed a scan but still recieve the wowfx.dll message. I also have Smitfraud and have scanned which I was able to do but then I restarted in safemode to do the 'clean' process but it was unable to do the 'clean' because wowfx.dll window message would not go away, so I still keep getting this message On my Windows Xp PC, every time I open it I receive a windows with this message: "the application or dll c:\windows\system32\wowfx.dll is not a valid Windows image. Please verify with the installation disk." After reading a number of forums I noticed they all suggest the best way of dealing with the problem is to post a log. Below you can find my HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:07:16, on 7/09/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\USB Storage RW\shwicon.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Program Files\Panasonic\Panasonic X700 PC Software Suite\connmngmntbox.exe C:\Program Files\Panasonic\Panasonic X700 PC Software Suite\ectaskscheduler.exe C:\PROGRA~1\PANASO~1\PANASO~2\Elogerr.exe C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe C:\PROGRA~1\PANASO~1\PANASO~2\BROADC~1.EXE C:\PROGRA~1\PANASO~1\PANASO~2\SCRFS.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe, O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [braviax] C:\WINDOWS\System32\braviax.exe O4 - HKCU\..\Run: [spoolsv] C:\WINDOWS\System32\spoolvs.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: PanasonicX700PCSoftwareSuite Detect.lnk = ? O4 - Global Startup: PanasonicX700PCSoftwareSuite TS.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{127B6989-7FC9-4963-84A5-8AB81D0D6FCD}: NameServer = 85.255.115.42,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{41BE3759-F7F4-4BCE-969F-6F86E114A44B}: NameServer = 85.255.115.42,85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F42016-28FF-4C04-84C9-E535E54047E5}: NameServer = 85.255.115.42,85.255.112.170 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170 O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 7039 bytes I would greatly appreciate any assistance. thanks in advance.