Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups From Url.cpvfeed.com,socialnetworkcenter.com, Systemdoctor.com


  • Please log in to reply
12 replies to this topic

#1 aabeesee

aabeesee

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 April 2007 - 06:47 AM

Hello. Just did a reformat of my com but unfortunately i got popups after about 1 day of usage. (I carelessly forgot to turn on my firewall before connecting to the net.) I scanned my pc using the Panda software and 48 malware were found, but i was too slow to catch what was the malwares but i noticed most were from Mozilla's cookies in files I backed up. How do i go about removing them?

Prior to my Spybot scan, my shutdown and run buttons were gone too but it has since been solved. Before the scans made, my pc was noticeably slowed down as well.

Something worth mentioning is a casalemedia malware which is particularly irritating because whenever i type anything in Google it comes up with a popup with a search engine of its own.

Can anyone help check whether there is anything wrong with the logfile below? Please do point out on programs that aren't necessary to start up but not malware/spyware. (Things like TitanTV are stuff from my TV card.) I hope to remove them as well.

Thanks in advance!


Logfile of HijackThis v1.99.1
Scan saved at 7:37:31 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\WinTV\Scheduler\TitanTV.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\Scheduler\TitanTV.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0FD0C3C-E0BD-4AC6-B98E-91A376979A97}: NameServer = 202.156.1.68,218.186.1.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by aabeesee, 18 April 2007 - 07:07 AM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 18 April 2007 - 08:23 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum aabeesee :thumbsup:

First of all it seems you've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Active Virus Shield
There's a nice setup tutorial Here:
http://www.activevirusshield.com/antivirus/freeav/

****************************

I cannot see any signs of a firewall,this is possibly because you're using the Windows Firewall or you're behind a hardware firewall.
If you do need a third party program,please install one of the following from the list below:

Sygate Personal Firewall Free Edition:
http://www.filehippo.com/download_sygate_personal_firewall/

Zone Alarm Free:
http://download.zonelabs.com/bin/free/1001..._737_000_en.exe

Comodo Personal Firewall:
http://www.personalfirewall.comodo.com/

****************************

Now please go to:
C:\Program Files\HijackThis\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 aabeesee

aabeesee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 April 2007 - 09:36 AM

Just scanned my computer with Active Virus Shield. Somehow something was detected in the core.sys in they system. They were going to remove in the next reboot but during the next reboot the com restarted itself right before icons were displayed. Rebooted another time and it went fine. But when i tried again the same cycle repeats itself. Not sure for the next one cos i dont see any alerts for now.

Anyway here's my log after renaming the application. Thanks for taking up my case! Cheers! :D

EDIT: I don't seem to be getting any popups anymore. But i still see weird stuff in my log!

Logfile of HijackThis v1.99.1
Scan saved at 10:29:43 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\WinTV\Scheduler\TitanTV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\abc.bat.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\system32\jkkihfd.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\tetvnkhw.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F0419C3-8DA8-4A7A-AD6A-6F040F5CD547} - C:\WINDOWS\system32\vtstu.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\Scheduler\TitanTV.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0FD0C3C-E0BD-4AC6-B98E-91A376979A97}: NameServer = 202.156.1.68,218.186.1.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkkihfd - C:\WINDOWS\SYSTEM32\jkkihfd.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: vtstu - C:\WINDOWS\system32\vtstu.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by aabeesee, 18 April 2007 - 09:42 AM.


#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 18 April 2007 - 09:45 AM

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply,along with a new Hijackthis log.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
Posted Image
Posted Image

#5 aabeesee

aabeesee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 April 2007 - 09:55 AM

Vundofix.txt



VundoFix V6.3.19

Checking Java version...

Sun Java not detected
Scan started at 10:46:55 PM 4/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\pcoukajx.dll
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.tmp
C:\WINDOWS\system32\vtstu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pcoukajx.dll
C:\WINDOWS\system32\pcoukajx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.ini
C:\WINDOWS\system32\utstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\utstv.tmp
C:\WINDOWS\system32\utstv.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\vtstu.dll Has been deleted!

Performing Repairs to the registry.
Done!


Hijackthis Log.

Logfile of HijackThis v1.99.1
Scan saved at 10:51:30 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\WinTV\Scheduler\TitanTV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\abc.bat.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\system32\jkkihfd.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\system32\tetvnkhw.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F0419C3-8DA8-4A7A-AD6A-6F040F5CD547} - C:\WINDOWS\system32\vtstu.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\Scheduler\TitanTV.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0FD0C3C-E0BD-4AC6-B98E-91A376979A97}: NameServer = 202.156.1.68,218.186.1.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkkihfd - C:\WINDOWS\SYSTEM32\jkkihfd.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 18 April 2007 - 09:58 AM

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply please.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Posted Image

#7 aabeesee

aabeesee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 April 2007 - 10:12 AM

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ktkxmdob.dll
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\jjkmp.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2007-03-18 to 2007-04-18 ))))))))))))))))))))))))))))))))))


2007-04-18 23:05 493,686 ---hs---- C:\WINDOWS\system32\jjkmp.ini2
2007-04-18 22:46 <DIR> d-------- C:\VundoFix Backups
2007-04-18 21:41 9,504 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-04-18 21:41 673,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-04-18 21:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AOL
2007-04-18 19:32 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-18 19:32 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-04-18 19:32 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-04-18 19:17 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-04-18 19:05 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-18 18:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-18 18:25 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-04-18 18:25 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-04-18 18:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-04-18 18:08 <DIR> d-------- C:\DOCUME~1\CHRISS~1\APPLIC~1\Ahead
2007-04-18 17:33 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-18 17:33 <DIR> d-------- C:\DOCUME~1\CHRISS~1\APPLIC~1\Lavasoft
2007-04-18 17:26 <DIR> d-------- C:\Program Files\Common Files\IviSDK
2007-04-18 17:26 <DIR> d-------- C:\DOCUME~1\CHRISS~1\APPLIC~1\Adobe
2007-04-18 17:25 <DIR> d-------- C:\WINDOWS\Profiles
2007-04-18 17:25 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-04-18 17:25 <DIR> d-------- C:\DOCUME~1\CHRISS~1\APPLIC~1\InterTrust
2007-04-18 17:24 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-18 17:19 90,190 --a------ C:\WINDOWS\system32\Bt848WST.DLL
2007-04-18 17:19 69,632 --a------ C:\WINDOWS\system32\3DES.dll
2007-04-18 17:19 65,536 --a------ C:\WINDOWS\system32\dmcrypto.dll
2007-04-18 17:19 639,049 --a------ C:\WINDOWS\system32\hcwtvwnd.dll
2007-04-18 17:19 393,216 --a------ C:\WINDOWS\system32\hcwsnbd9.dll
2007-04-18 17:19 28,672 --a------ C:\WINDOWS\system32\hcwsched.dll
2007-04-18 17:19 213,050 --a------ C:\WINDOWS\system32\hcwChan.dll
2007-04-18 17:19 159,744 --a------ C:\WINDOWS\system32\hcwChDB.dll
2007-04-18 17:19 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2007-04-18 17:19 11,264 --a------ C:\WINDOWS\system32\hcwhook.dll
2007-04-18 17:19 106,559 --a------ C:\WINDOWS\system32\hcwTVDlg.dll
2007-04-18 17:19 <DIR> d-------- C:\MyVideos
2007-04-18 17:18 26,714 --a------ C:\WINDOWS\system32\jkkihfd.dll
2007-04-18 17:18 <DIR> d-------- C:\Program Files\WinTV
2007-04-18 17:15 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-04-18 17:15 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-04-18 17:15 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-04-18 17:15 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-04-18 17:15 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-04-18 17:15 15,360 --a------ C:\WINDOWS\system32\drivers\MPE.sys
2007-04-18 17:15 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-04-18 17:15 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-04-18 17:14 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-04-18 17:14 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-04-18 17:14 299,715 -ra------ C:\WINDOWS\system32\drivers\hcw88tse.sys
2007-04-18 17:14 198,720 -ra------ C:\WINDOWS\system32\drivers\hcw88bda.sys
2007-04-18 17:14 11,776 --a------ C:\WINDOWS\system32\drivers\BdaSup.sys
2007-04-18 17:13 94,264 --------- C:\WINDOWS\system32\hcwi2c32.dll
2007-04-18 17:13 9,539 -ra------ C:\WINDOWS\system32\drivers\hcw88r9x.sys
2007-04-18 17:13 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-04-18 17:13 495,680 -ra------ C:\WINDOWS\system32\drivers\hcw88vid.sys
2007-04-18 17:13 40,960 -ra------ C:\WINDOWS\system32\hcwxds.dll
2007-04-18 17:13 36,921 --a------ C:\WINDOWS\system32\hcwutl32.dll
2007-04-18 17:13 237,624 --------- C:\WINDOWS\system32\hcwpnp32.dll
2007-04-18 17:13 23,104 -ra------ C:\WINDOWS\system32\drivers\hcw88bar.sys
2007-04-18 17:13 144,961 -ra------ C:\WINDOWS\system32\drivers\hcw88tun.sys
2007-04-18 17:13 11,970 -ra------ C:\WINDOWS\system32\drivers\hcw88aud.sys
2007-04-18 17:13 11,841 -ra------ C:\WINDOWS\system32\drivers\hcw88rc5.sys
2007-04-18 17:09 <DIR> d-------- C:\WINDOWS\Web Download
2007-04-18 16:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-04-18 16:23 <DIR> d-------- C:\DOCUME~1\CHRISS~1\APPLIC~1\WinRAR
2007-04-18 16:20 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-04-18 16:20 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-04-18 16:20 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-04-18 16:20 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-04-18 16:20 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-04-18 16:20 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-04-18 16:20 2,146,304 --------- C:\WINDOWS\UNNeroVision.exe
2007-04-18 16:20 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-04-18 16:20 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-04-18 16:20 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-04-18 16:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Ahead
2007-04-18 16:19 <DIR> d-------- C:\Program Files\Ahead
2007-04-18 16:11 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
2007-04-18 16:11 <DIR> d-------- C:\Program Files\Codecs
2007-04-18 16:08 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-04-18 15:50 <DIR> d-------- C:\Program Files\uTorrent
2007-04-18 15:50 <DIR> d-------- C:\DOCUME~1\CHRISS~1\APPLIC~1\uTorrent
2007-04-18 07:12 <DIR> dr------- C:\DOCUME~1\ALLUSE~1.WIN\Documents
2007-04-18 07:02 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-18 06:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-18 06:58 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-18 06:57 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-18 06:57 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-18 06:57 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-18 06:57 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-18 06:57 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-18 06:57 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-18 06:57 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-18 06:57 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-18 06:57 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-18 06:57 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-18 06:57 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-18 06:57 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-18 06:57 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-18 06:57 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-18 06:57 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-18 06:57 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-18 06:57 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-18 06:57 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-18 06:57 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-18 06:57 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-18 06:57 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-18 06:57 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-18 06:57 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-18 06:57 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-18 06:57 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-18 06:57 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-18 06:57 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-18 06:57 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-18 06:57 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-18 06:57 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-18 06:57 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-18 06:57 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-18 06:57 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-18 06:57 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-18 06:57 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-18 06:57 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-18 06:57 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-18 06:57 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-18 06:57 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-18 06:57 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-18 06:57 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-18 06:57 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-18 06:57 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-18 06:57 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-18 06:57 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-18 06:57 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-18 06:57 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-18 06:57 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-18 06:57 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-18 06:57 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-18 06:57 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-18 06:57 <DIR> dr------- C:\Program Files
2007-04-18 06:57 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-18 06:57 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-18 06:57 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-18 06:57 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-18 06:57 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-18 06:56 <DIR> d--hs---- C:\System Volume Information
2007-04-18 06:56 <DIR> d-------- C:\Documents and Settings
2007-04-18 06:50 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-18 06:50 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-18 06:50 <DIR> dr------- C:\WINDOWS\Web
2007-04-18 06:50 <DIR> d--h----- C:\WINDOWS\inf
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system32
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\system
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\security
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\Resources
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\repair
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\Provisioning
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\PeerNet
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\pchealth
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\mui
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\msapps
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\msagent
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\Media
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\java
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\ime
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\Help
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\Debug
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\Config
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS\addins
2007-04-18 06:50 <DIR> d-------- C:\WINDOWS
2007-04-18 01:10 <DIR> d-------- C:\DOCUME~1\CHRISS~1\APPLIC~1\foobar2000
2007-04-18 00:25 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-04-18 00:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Windows Genuine Advantage
2007-04-18 00:15 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-04-18 00:15 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-04-18 00:10 87,936 -ra------ C:\WINDOWS\system32\drivers\nvatabus.sys
2007-04-18 00:10 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-18 00:10 77,824 --a------ C:\WINDOWS\SOUNDMAN.EXE
2007-04-18 00:10 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-18 00:10 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-18 00:10 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-18 00:10 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-18 00:10 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-18 00:10 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-18 00:10 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-18 00:10 40,960 --------- C:\WINDOWS\system32\ChCfg.exe
2007-04-18 00:10 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-18 00:10 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-18 00:10 295,424 -ra------ C:\WINDOWS\system32\idecoi.dll
2007-04-18 00:10 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-18 00:10 2,300,928 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2007-04-18 00:10 176,128 -ra------ C:\WINDOWS\system32\nvuide.exe
2007-04-18 00:10 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-18 00:10 156,672 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2007-04-18 00:10 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-04-18 00:10 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-18 00:09 9,728 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2007-04-18 00:09 9,728 -ra------ C:\WINDOWS\system32\bdco1.dll
2007-04-18 00:09 9,324,032 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2007-04-18 00:09 33,408 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2007-04-18 00:09 32,256 -ra------ C:\WINDOWS\system32\nvconrm.dll
2007-04-18 00:09 275,584 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys
2007-04-18 00:09 208,896 --------- C:\WINDOWS\alcupd.exe
2007-04-18 00:09 208,256 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2007-04-18 00:09 200,192 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2007-04-18 00:09 200,192 -ra------ C:\WINDOWS\system32\fdco1.dll
2007-04-18 00:09 176,128 -ra------ C:\WINDOWS\system32\nvusmb.exe
2007-04-18 00:09 176,128 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-04-18 00:09 176,128 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-04-18 00:09 139,264 --------- C:\WINDOWS\alcrmv.exe
2007-04-18 00:09 12,928 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2007-04-18 00:06 35,840 -ra------ C:\WINDOWS\system32\drivers\AmdK8.sys
2007-04-18 00:06 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-18 00:01 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-04-18 00:01 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-04-18 00:01 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-04-18 00:01 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-04-18 00:01 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-04-18 00:01 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-04-18 00:01 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-04-18 00:01 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-04-18 00:01 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-04-18 00:01 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-04-18 00:01 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-04-18 00:01 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-04-18 00:01 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-04-18 00:01 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-04-18 00:01 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-04-18 00:01 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-04-18 00:01 1,156 --a------ C:\WINDOWS\mozver.dat
2007-04-18 00:00 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-04-18 00:00 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-04-18 00:00 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-04-18 00:00 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2007-04-18 00:00 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-04-18 00:00 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-04-18 00:00 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-04-18 00:00 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-04-18 00:00 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-04-17 23:56 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-17 23:50 <DIR> d---s---- C:\DOCUME~1\CHRISS~1\UserData
2007-04-17 23:46 <DIR> d--hs---- C:\RECYCLER
2007-04-17 23:45 <DIR> d-------- C:\DOCUME~1\CHRISS~1\Contacts
2007-04-17 23:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\nView_Profiles
2007-04-17 23:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-04-17 23:43 <DIR> d-------- C:\Program Files\MSN Messenger
2007-04-17 23:42 921,600 --a------ C:\WINDOWS\system32\nwiz.exe
2007-04-17 23:42 86,016 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-04-17 23:42 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-04-17 23:42 5,271,552 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-04-17 23:42 462,848 --a------ C:\WINDOWS\system32\nvshell.dll
2007-04-17 23:42 442,368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-04-17 23:42 4,628,480 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-04-17 23:42 393,216 --a------ C:\WINDOWS\system32\keystone.exe
2007-04-17 23:42 32,256 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-04-17 23:42 32,256 --a------ C:\WINDOWS\system32\nvcod.dll
2007-04-17 23:42 311,296 --a------ C:\WINDOWS\system32\nvwrses.dll
2007-04-17 23:42 311,296 --a------ C:\WINDOWS\system32\nvwrsel.dll
2007-04-17 23:42 303,104 --a------ C:\WINDOWS\system32\nvwrsesm.dll
2007-04-17 23:42 3,742,208 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-04-17 23:42 3,224,480 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-04-17 23:42 299,008 --a------ C:\WINDOWS\system32\nvwrspt.dll
2007-04-17 23:42 299,008 --a------ C:\WINDOWS\system32\nvwrsit.dll
2007-04-17 23:42 299,008 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2007-04-17 23:42 299,008 --a------ C:\WINDOWS\system32\nvrsar.dll
2007-04-17 23:42 294,912 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2007-04-17 23:42 294,912 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2007-04-17 23:42 294,912 --a------ C:\WINDOWS\system32\nvrshe.dll
2007-04-17 23:42 290,816 --a------ C:\WINDOWS\system32\nvwrsru.dll
2007-04-17 23:42 290,816 --a------ C:\WINDOWS\system32\nvwrshu.dll
2007-04-17 23:42 282,624 --a------ C:\WINDOWS\system32\nvwrsde.dll
2007-04-17 23:42 278,528 --a------ C:\WINDOWS\system32\nvwrstr.dll
2007-04-17 23:42 278,528 --a------ C:\WINDOWS\system32\nvwrssl.dll
2007-04-17 23:42 278,528 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2007-04-17 23:42 274,432 --a------ C:\WINDOWS\system32\nvwrssv.dll
2007-04-17 23:42 274,432 --a------ C:\WINDOWS\system32\nvwrssk.dll
2007-04-17 23:42 274,432 --a------ C:\WINDOWS\system32\nvwrspl.dll
2007-04-17 23:42 274,432 --a------ C:\WINDOWS\system32\nvwrsno.dll
2007-04-17 23:42 274,432 --a------ C:\WINDOWS\system32\nvwrsda.dll
2007-04-17 23:42 262,144 --a------ C:\WINDOWS\system32\nvwrseng.dll
2007-04-17 23:42 262,144 --a------ C:\WINDOWS\system32\nvwrscs.dll
2007-04-17 23:42 262,144 --a------ C:\WINDOWS\system32\nvrsit.dll
2007-04-17 23:42 262,144 --a------ C:\WINDOWS\system32\nvrsfr.dll
2007-04-17 23:42 258,048 --a------ C:\WINDOWS\system32\nvwrshe.dll
2007-04-17 23:42 258,048 --a------ C:\WINDOWS\system32\nvwrsar.dll
2007-04-17 23:42 258,048 --a------ C:\WINDOWS\system32\nvrses.dll
2007-04-17 23:42 258,048 --a------ C:\WINDOWS\system32\nvrsel.dll
2007-04-17 23:42 258,048 --a------ C:\WINDOWS\system32\nvrsde.dll
2007-04-17 23:42 253,952 --a------ C:\WINDOWS\system32\nvrsnl.dll
2007-04-17 23:42 253,952 --a------ C:\WINDOWS\system32\nvrsesm.dll
2007-04-17 23:42 249,856 --a------ C:\WINDOWS\system32\nvrspt.dll
2007-04-17 23:42 245,760 --a------ C:\WINDOWS\system32\nvrsru.dll
2007-04-17 23:42 245,760 --a------ C:\WINDOWS\system32\nvrsptb.dll
2007-04-17 23:42 245,760 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-04-17 23:42 241,664 --a------ C:\WINDOWS\system32\nvrsko.dll
2007-04-17 23:42 241,664 --a------ C:\WINDOWS\system32\nvrsja.dll
2007-04-17 23:42 237,568 --a------ C:\WINDOWS\system32\nvrssl.dll
2007-04-17 23:42 237,568 --a------ C:\WINDOWS\system32\nvrshu.dll
2007-04-17 23:42 237,568 --a------ C:\WINDOWS\system32\nvrsda.dll
2007-04-17 23:42 233,472 --a------ C:\WINDOWS\system32\nvrstr.dll
2007-04-17 23:42 233,472 --a------ C:\WINDOWS\system32\nvrssv.dll
2007-04-17 23:42 233,472 --a------ C:\WINDOWS\system32\nvrssk.dll
2007-04-17 23:42 233,472 --a------ C:\WINDOWS\system32\nvrspl.dll
2007-04-17 23:42 233,472 --a------ C:\WINDOWS\system32\nvrsno.dll
2007-04-17 23:42 225,280 --a------ C:\WINDOWS\system32\nvrsfi.dll
2007-04-17 23:42 225,280 --a------ C:\WINDOWS\system32\nvrseng.dll
2007-04-17 23:42 225,280 --a------ C:\WINDOWS\system32\nvrscs.dll
2007-04-17 23:42 204,800 --a------ C:\WINDOWS\system32\nvrszhc.dll
2007-04-17 23:42 196,608 --a------ C:\WINDOWS\system32\nvwrsja.dll
2007-04-17 23:42 184,320 --a------ C:\WINDOWS\system32\nvwrsko.dll
2007-04-17 23:42 176,128 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-04-17 23:42 155,648 --a------ C:\WINDOWS\system32\nvwrszht.dll
2007-04-17 23:42 151,552 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2007-04-17 23:42 127,043 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-04-17 23:42 114,688 --a------ C:\WINDOWS\system32\nvrszht.dll
2007-04-17 23:42 1,646,592 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-04-17 23:42 1,441,792 --a------ C:\WINDOWS\system32\nview.dll
2007-04-17 23:42 1,339,392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-04-17 23:42 1,019,904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-04-17 23:42 <DIR> d-------- C:\WINDOWS\system32\WinFast
2007-04-17 23:42 <DIR> d-------- C:\WINDOWS\nview
2007-04-17 23:40 9,469 --a------ C:\WINDOWS\system32\drivers\WINFOXIO.sys
2007-04-17 23:40 <DIR> d-------- C:\WINDOWS\system32\WinFox
2007-04-17 23:36 98,304 --a------ C:\WINDOWS\system32\drivers\vnet558x.sys
2007-04-17 23:36 61,440 --a------ C:\WINDOWS\system32\W32N50.DLL
2007-04-17 23:36 40,960 --a------ C:\WINDOWS\system32\IsUser11b.dll
2007-04-17 23:36 16,292 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
2007-04-17 23:36 16,112 --a------ C:\WINDOWS\system32\PCANDIS4.SYS
2007-04-17 23:36 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-17 23:36 <DIR> d-------- C:\Program Files\WUSB11 WLAN Monitor
2007-04-17 23:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-17 23:28 2,097,152 --ah----- C:\DOCUME~1\CHRISS~1\NTUSER.DAT
2007-04-17 23:27 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-17 23:27 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-17 23:27 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-17 23:27 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-17 23:24 225,280 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-17 23:24 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-17 23:24 0 -rahs---- C:\MSDOS.SYS
2007-04-17 23:24 0 -rahs---- C:\IO.SYS
2007-04-17 23:24 0 --a------ C:\CONFIG.SYS
2007-04-17 23:24 0 --a------ C:\AUTOEXEC.BAT
2007-04-17 23:24 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-17 23:24 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-17 23:23 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-17 23:23 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1.WIN\DRM
2007-04-17 23:23 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-17 23:23 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-17 23:23 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-17 23:22 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-17 23:22 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-17 23:22 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-17 23:22 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-17 23:22 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-17 23:22 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-17 23:22 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-17 23:22 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-17 23:22 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-17 23:22 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-17 23:22 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-17 23:22 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-17 23:22 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-17 23:22 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-17 23:22 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-17 23:22 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-17 23:22 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-17 23:22 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-04-17 23:22 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-17 23:22 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-17 23:22 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-17 23:22 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-17 23:22 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-17 23:22 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-17 23:22 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-17 23:22 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-17 23:22 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-17 23:22 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-17 23:22 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-04-17 23:22 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-17 23:22 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-17 23:22 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-17 23:22 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-17 23:22 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-17 23:22 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-17 23:22 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-17 23:22 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-17 23:22 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-17 23:22 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-04-17 23:22 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-17 23:22 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-17 23:22 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-17 23:22 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-17 23:22 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-17 23:22 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-17 23:22 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-17 23:22 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-17 23:22 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-17 23:22 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-17 23:22 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-17 23:22 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-17 23:21 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-17 23:21 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-17 23:21 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-17 23:21 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-17 23:21 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-17 23:21 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-17 23:21 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-17 23:21 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-17 23:21 <DIR> d-------- C:\WINDOWS\Registration
2007-04-17 23:21 <DIR> d-------- C:\Program Files\Online Services
2007-04-17 23:21 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-17 23:21 <DIR> d-------- C:\Program Files\Messenger
2007-04-17 23:20 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-17 23:20 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-17 23:20 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-17 23:20 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-17 23:20 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-17 23:20 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-17 23:20 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-17 23:20 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-17 23:20 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-17 23:20 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-17 23:20 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-17 23:20 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-17 23:20 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-17 23:20 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-17 23:20 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-17 23:20 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-17 23:20 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-17 23:20 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-17 23:20 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-17 23:20 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-17 23:20 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-17 23:20 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-17 23:20 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-17 23:20 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-17 23:20 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-17 23:20 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-17 23:20 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-17 23:20 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-17 23:20 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-17 23:20 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-17 23:20 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-17 23:20 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-17 23:20 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-17 23:20 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-17 23:20 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-17 23:20 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-17 23:20 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-17 23:20 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-17 23:20 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-17 23:20 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-17 23:20 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-17 23:20 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-17 23:20 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-17 23:20 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-17 23:20 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-17 23:20 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-17 23:20 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-17 23:20 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-17 23:20 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-17 23:20 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-17 23:20 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-17 23:20 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-17 23:20 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-17 23:20 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-17 23:20 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-17 23:20 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-17 23:20 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-17 23:20 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-17 23:20 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-17 23:20 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-17 23:20 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-17 23:20 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-17 23:20 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-17 23:20 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-17 23:20 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-17 23:20 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-17 23:20 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-17 23:20 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-17 23:20 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-17 23:20 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-17 23:20 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-17 23:20 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-17 23:20 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-17 23:20 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-17 23:20 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-17 23:20 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-17 23:20 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-17 23:20 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-17 23:20 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-17 23:20 <DIR> d-------- C:\Program Files\Windows NT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-18 07:12 62 --ahs---- C:\DOCUME~1\CHRISS~1\APPLIC~1\desktop.ini
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} C:\WINDOWS\system32\jkkihfd.dll
{8F0419C3-8DA8-4A7A-AD6A-6F040F5CD547} C:\WINDOWS\system32\vtstu.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"SoundMan"="SOUNDMAN.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"aol"="\"D:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Rainlendar2"="D:\\Program Files\\Rainlendar2\\Rainlendar2.exe"
"DAEMON Tools"="\"D:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3E71DC86-4A5C-4C71-A185-EBE9AC2EB607}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkihfd

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddefe6c1-ed38-11db-895f-806d6172696f}]
Shell\AutoRun\command E:\Setup.exe

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-18 23:07:11 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-04-18 23:07

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 18 April 2007 - 10:19 AM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\SYSTEM32\jkkihfd.dll
C:\WINDOWS\system32\jjkmp.ini2

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.
Also post a new Hijackthis log please.
Posted Image
Posted Image

#9 aabeesee

aabeesee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 April 2007 - 10:27 AM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ydojqouk

*******************

Script file located at: \??\C:\pjgfeqqq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\jkkihfd.dll deleted successfully.
File C:\WINDOWS\system32\jjkmp.ini2 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



Logfile of HijackThis v1.99.1
Scan saved at 11:23:02 PM, on 4/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\WinTV\Scheduler\TitanTV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\abc.bat.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\system32\jkkihfd.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F0419C3-8DA8-4A7A-AD6A-6F040F5CD547} - C:\WINDOWS\system32\vtstu.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [aol] "D:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] D:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\Scheduler\TitanTV.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0FD0C3C-E0BD-4AC6-B98E-91A376979A97}: NameServer = 202.156.1.68,218.186.1.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkkihfd - jkkihfd.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 18 April 2007 - 10:37 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {3E71DC86-4A5C-4C71-A185-EBE9AC2EB607} - C:\WINDOWS\system32\jkkihfd.dll (file missing)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F0419C3-8DA8-4A7A-AD6A-6F040F5CD547} - C:\WINDOWS\system32\vtstu.dll (file missing)
O20 - Winlogon Notify: jkkihfd - jkkihfd.dll (file missing)

Exit Hijackthis.

************************

Find and delete:
C:\VundoFix Backups

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

************************

Your log is clean :thumbsup:
If all's ok,please do the following:

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#11 aabeesee

aabeesee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 April 2007 - 10:53 AM

Thank you very much for your swift replies! Cheers and have a great day! :D

Should i screw up anything again, I'll be back! :thumbsup:

#12 aabeesee

aabeesee
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:43 PM

Posted 18 April 2007 - 11:06 AM

Hey but after this when i try to install Nokia PC Suite I can't. Has it got something to do with this? It said Bkmrk.dll could not be registered.

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 18 April 2007 - 11:25 AM

You might want to start a new topic here regarding that issue.
All other Applications:
http://www.bleepingcomputer.com/forums/f/57/all-other-applications/
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users