Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby SnoopDogg » April 3rd, 2007, 10:17 pm

换换换换换换换换换换 Files Created Within 60 Days 换换换换换换?

C:\IO.SYS [Ver = | Size = 0 bytes | Created Date = 2/19/2007 9:07:19 PM | Attr = RHS]
C:\MSDOS.SYS [Ver = | Size = 0 bytes | Created Date = 2/19/2007 9:07:19 PM | Attr = RHS]
C:\boot.ini [Ver = | Size = 194 bytes | Created Date = 2/19/2007 8:54:49 PM | Attr = HS]
C:\CONFIG.SYS [Ver = | Size = 0 bytes | Created Date = 3/19/2007 12:25:35 AM | Attr = ]
C:\AUTOEXEC.BAT [Ver = | Size = 0 bytes | Created Date = 3/19/2007 12:25:35 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini [Ver = | Size = 62 bytes | Created Date = 3/19/2007 12:05:09 AM | Attr = HS]
C:\Documents and Settings\All Users.WINDOWS\Application Data\addr_file.html [Ver = | Size = 305 bytes | Created Date = 3/20/2007 4:07:17 AM | Attr = ]
C:\Documents and Settings\StreetBaller89\Application Data\desktop.ini [Ver = | Size = 62 bytes | Created Date = 3/29/2007 11:16:09 AM | Attr = HS]
C:\Documents and Settings\StreetBaller89\Local Settings\Application Data\IconCache.db [Ver = | Size = 2533348 bytes | Created Date = 3/29/2007 12:57:41 PM | Attr = H ]
C:\Documents and Settings\StreetBaller89\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 3584 bytes | Created Date = 4/1/2007 3:06:18 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Documents\desktop.ini [Ver = | Size = 62 bytes | Created Date = 3/19/2007 12:05:09 AM | Attr = HS]
C:\Documents and Settings\StreetBaller89\My Documents\desktop.ini [Ver = | Size = 85 bytes | Created Date = 3/29/2007 11:16:13 AM | Attr = HS]
C:\Documents and Settings\StreetBaller89\My Documents\Voon Mee Gou.doc [Ver = | Size = 25600 bytes | Created Date = 3/22/2007 3:35:15 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 7.0.lnk [Ver = | Size = 1654 bytes | Created Date = 3/19/2007 1:33:44 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk [Ver = | Size = 1516 bytes | Created Date = 3/19/2007 1:35:24 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\WinZip.lnk [Ver = | Size = 650 bytes | Created Date = 3/19/2007 1:37:56 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk [Ver = | Size = 811 bytes | Created Date = 3/19/2007 1:40:11 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Player.lnk [Ver = | Size = 709 bytes | Created Date = 3/19/2007 3:16:48 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\AntiVir PE Classic.lnk [Ver = | Size = 1669 bytes | Created Date = 3/19/2007 4:05:29 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\hamachi.lnk [Ver = | Size = 351 bytes | Created Date = 3/21/2007 6:09:25 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Windows Live Messenger.lnk [Ver = | Size = 1650 bytes | Created Date = 3/19/2007 12:33:59 AM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Shortcut to Broadband Connection.lnk [Ver = | Size = 570 bytes | Created Date = 3/29/2007 11:17:11 AM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Akon - Dont Matter.mp3 [Ver = | Size = 5996601 bytes | Created Date = 3/20/2007 12:36:38 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Akon - I Wanna You(feat.SnoopDogg.mp3 [Ver = | Size = 5268014 bytes | Created Date = 3/20/2007 1:08:52 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Frozen Throne.lnk [Ver = | Size = 444 bytes | Created Date = 3/21/2007 6:26:51 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Keane - Crystal Ball.mp3 [Ver = | Size = 7622691 bytes | Created Date = 3/20/2007 9:15:38 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\W3XMapHack120E3.exe [Ver = 1.20.0053 | Size = 151552 bytes | Created Date = 3/20/2007 1:05:03 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Bprotect.exe Blueserver [Ver = 1, 1, 0, 0 | Size = 268544 bytes | Created Date = 3/29/2007 5:32:26 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\bprotect.zip [Ver = | Size = 139728 bytes | Created Date = 3/31/2007 3:34:18 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Justin Timberlake ft. T.I. - My Love.MP3 [Ver = | Size = 7792979 bytes | Created Date = 4/1/2007 9:11:49 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Eason Chan - 富士山下.mp3 [Ver = | Size = 10385536 bytes | Created Date = 4/2/2007 9:33:15 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini [Ver = | Size = 84 bytes | Created Date = 3/19/2007 12:05:09 AM | Attr = HS]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [Ver = | Size = 1671 bytes | Created Date = 3/19/2007 1:33:44 AM | Attr = ]
C:\Documents and Settings\StreetBaller89\Start Menu\Programs\Startup\desktop.ini [Ver = | Size = 84 bytes | Created Date = 3/29/2007 11:16:09 AM | Attr = HS]
C:\WINDOWS\SET3.tmp [Ver = | Size = 1086182 bytes | Created Date = 3/19/2007 12:05:02 AM | Attr = R ]
C:\WINDOWS\SET7.tmp [Ver = | Size = 13608 bytes | Created Date = 3/19/2007 12:05:06 AM | Attr = R ]
C:\WINDOWS\ODBCINST.INI [Ver = | Size = 4161 bytes | Created Date = 3/19/2007 12:05:31 AM | Attr = ]
C:\WINDOWS\vb.ini [Ver = | Size = 36 bytes | Created Date = 3/19/2007 12:22:22 AM | Attr = ]
C:\WINDOWS\Blue Lace 16.bmp [Ver = | Size = 1272 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\Soap Bubbles.bmp [Ver = | Size = 65978 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\Coffee Bean.bmp [Ver = | Size = 17062 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\FeatherTexture.bmp [Ver = | Size = 16730 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\Zapotec.bmp [Ver = | Size = 9522 bytes | Created Date = 3/19/2007 12:21:54 AM | Attr = ]
C:\WINDOWS\Gone Fishing.bmp [Ver = | Size = 17336 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\Greenstone.bmp [Ver = | Size = 26582 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\Prairie Wind.bmp [Ver = | Size = 65954 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\Rhododendron.bmp [Ver = | Size = 17362 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\River Sumida.bmp [Ver = | Size = 26680 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\Santa Fe Stucco.bmp [Ver = | Size = 65832 bytes | Created Date = 3/19/2007 12:21:54 AM | Attr = ]
C:\WINDOWS\vbaddin.ini [Ver = | Size = 37 bytes | Created Date = 3/19/2007 12:22:22 AM | Attr = ]
C:\WINDOWS\desktop.ini [Ver = | Size = 2 bytes | Created Date = 3/19/2007 12:23:34 AM | Attr = ]
C:\WINDOWS\winnt.bmp [Ver = | Size = 48680 bytes | Created Date = 3/19/2007 12:23:34 AM | Attr = HS]
C:\WINDOWS\winnt256.bmp [Ver = | Size = 48680 bytes | Created Date = 3/19/2007 12:23:34 AM | Attr = HS]
C:\WINDOWS\control.ini [Ver = | Size = 0 bytes | Created Date = 3/19/2007 12:25:35 AM | Attr = ]
C:\WINDOWS\WindowsShell.Manifest [Ver = | Size = 749 bytes | Created Date = 3/19/2007 12:24:18 AM | Attr = RH ]
C:\WINDOWS\WMSysPrx.prx [Ver = | Size = 299552 bytes | Created Date = 3/19/2007 12:25:32 AM | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Created Date = 3/19/2007 12:28:13 AM | Attr = S]
C:\WINDOWS\REGLOCS.OLD [Ver = | Size = 8192 bytes | Created Date = 3/19/2007 12:29:07 AM | Attr = ]
C:\WINDOWS\ODBC.INI [Ver = | Size = 376 bytes | Created Date = 3/19/2007 1:31:42 AM | Attr = ]
C:\WINDOWS\cdplayer.ini [Ver = | Size = 25 bytes | Created Date = 3/19/2007 1:41:16 AM | Attr = ]
C:\WINDOWS\WMSysPr9.prx [Ver = | Size = 316640 bytes | Created Date = 3/19/2007 1:42:06 AM | Attr = ]
C:\WINDOWS\Thumbs.db [Ver = | Size = 9216 bytes | Created Date = 3/19/2007 11:07:25 PM | Attr = HS]
C:\WINDOWS\nsreg.dat [Ver = | Size = 0 bytes | Created Date = 3/30/2007 1:17:38 AM | Attr = ]
C:\WINDOWS\DUMP7791.tmp [Ver = | Size = 65536 bytes | Created Date = 3/19/2007 12:00:01 AM | Attr = ]
C:\WINDOWS\DUMP67d2.tmp [Ver = | Size = 65536 bytes | Created Date = 3/19/2007 12:00:01 AM | Attr = ]
C:\WINDOWS\System32\nvack.dll NVIDIA Corporation [Ver = 6.14.0348.0 built by: NVIDIA | Size = 6656 bytes | Created Date = 3/19/2007 12:32:50 AM | Attr = R ]
C:\WINDOWS\System32\crxgbi.exe [Ver = | Size = 19968 bytes | Created Date = 4/3/2007 11:00:40 PM | Attr = ]
C:\WINDOWS\System32\nvugart.exe NVIDIA [Ver = 1 , 0 , 0 , 30 | Size = 77824 bytes | Created Date = 3/19/2007 12:32:18 AM | Attr = R ]
C:\WINDOWS\System32\nvgart.nvu [Ver = | Size = 1431 bytes | Created Date = 3/19/2007 12:32:18 AM | Attr = R ]
C:\WINDOWS\System32\$winnt$.inf [Ver = | Size = 261 bytes | Created Date = 3/19/2007 12:03:31 AM | Attr = ]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 253472 bytes | Created Date = 3/19/2007 12:04:31 AM | Attr = ]
C:\WINDOWS\System32\nvmctl.nvu [Ver = | Size = 897 bytes | Created Date = 3/19/2007 12:32:32 AM | Attr = ]
C:\WINDOWS\System32\nvumctl.exe NVIDIA [Ver = 1 , 0 , 0 , 30 | Size = 77824 bytes | Created Date = 3/19/2007 12:32:32 AM | Attr = ]
C:\WINDOWS\System32\nvsmb.nvu [Ver = | Size = 650 bytes | Created Date = 3/19/2007 12:32:34 AM | Attr = ]
C:\WINDOWS\System32\AUTOEXEC.NT [Ver = | Size = 1688 bytes | Created Date = 3/19/2007 12:05:18 AM | Attr = ]
C:\WINDOWS\System32\CONFIG.TMP [Ver = | Size = 2577 bytes | Created Date = 3/19/2007 12:05:18 AM | Attr = ]
C:\WINDOWS\System32\spxcoins.dll Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 3/19/2007 12:05:19 AM | Attr = ]
C:\WINDOWS\System32\EqnClass.Dll Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 3/19/2007 12:05:19 AM | Attr = ]
C:\WINDOWS\System32\dgsetup.dll Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 3/19/2007 12:05:20 AM | Attr = ]
C:\WINDOWS\System32\dgrpsetu.dll Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 3/19/2007 12:05:20 AM | Attr = ]
C:\WINDOWS\System32\c_20127.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:20 AM | Attr = ]
C:\WINDOWS\System32\c_852.nls [Ver = | Size = 66594 bytes | Created Date = 3/19/2007 12:05:21 AM | Attr = ]
C:\WINDOWS\System32\c_10010.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:21 AM | Attr = ]
C:\WINDOWS\System32\c_10029.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:21 AM | Attr = ]
C:\WINDOWS\System32\c_10082.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:21 AM | Attr = ]
C:\WINDOWS\System32\c_855.nls [Ver = | Size = 66594 bytes | Created Date = 3/19/2007 12:05:23 AM | Attr = ]
C:\WINDOWS\System32\c_866.nls [Ver = | Size = 66594 bytes | Created Date = 3/19/2007 12:05:23 AM | Attr = ]
C:\WINDOWS\System32\C_28594.NLS [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:23 AM | Attr = ]
C:\WINDOWS\System32\c_737.nls [Ver = | Size = 66594 bytes | Created Date = 3/19/2007 12:05:24 AM | Attr = ]
C:\WINDOWS\System32\c_869.nls [Ver = | Size = 66594 bytes | Created Date = 3/19/2007 12:05:24 AM | Attr = ]
C:\WINDOWS\System32\c_875.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:24 AM | Attr = ]
C:\WINDOWS\System32\c_10006.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:24 AM | Attr = ]
C:\WINDOWS\System32\C_28597.NLS [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:24 AM | Attr = ]
C:\WINDOWS\System32\c_10007.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:25 AM | Attr = ]
C:\WINDOWS\System32\c_10017.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:25 AM | Attr = ]
C:\WINDOWS\System32\C_28595.NLS [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:25 AM | Attr = ]
C:\WINDOWS\System32\c_10081.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:27 AM | Attr = ]
C:\WINDOWS\System32\c_857.nls [Ver = | Size = 66594 bytes | Created Date = 3/19/2007 12:05:27 AM | Attr = ]
C:\WINDOWS\System32\c_28599.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:27 AM | Attr = ]
C:\WINDOWS\System32\c_28603.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:05:28 AM | Attr = ]
C:\WINDOWS\System32\nvenet.nvu [Ver = | Size = 1398 bytes | Created Date = 3/19/2007 12:32:40 AM | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 355086 bytes | Created Date = 3/19/2007 12:05:31 AM | Attr = ]
C:\WINDOWS\System32\c_10021.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:17:47 AM | Attr = ]
C:\WINDOWS\System32\c_862.nls [Ver = | Size = 66594 bytes | Created Date = 3/19/2007 12:17:50 AM | Attr = ]
C:\WINDOWS\System32\c_10005.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:17:50 AM | Attr = ]
C:\WINDOWS\System32\c_720.nls [Ver = | Size = 66594 bytes | Created Date = 3/19/2007 12:17:52 AM | Attr = ]
C:\WINDOWS\System32\c_708.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:17:52 AM | Attr = ]
C:\WINDOWS\System32\c_864.nls [Ver = | Size = 66594 bytes | Created Date = 3/19/2007 12:17:52 AM | Attr = ]
C:\WINDOWS\System32\c_10004.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:17:52 AM | Attr = ]
C:\WINDOWS\System32\C_28596.NLS [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:17:52 AM | Attr = ]
C:\WINDOWS\System32\xjis.nls [Ver = | Size = 28288 bytes | Created Date = 3/19/2007 12:17:55 AM | Attr = ]
C:\WINDOWS\System32\c_10001.nls [Ver = | Size = 162850 bytes | Created Date = 3/19/2007 12:17:55 AM | Attr = ]
C:\WINDOWS\System32\c_20290.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:17:55 AM | Attr = ]
C:\WINDOWS\System32\c_21027.nls [Ver = | Size = 66082 bytes | Created Date = 3/19/2007 12:17:55 AM | Attr = ]
C:\WINDOWS\System32\c_20000.nls [Ver = | Size = 180258 bytes | Created Date = 3/19/2007 12:17:55 AM | Attr = ]
C:\WINDOWS\System32\c_20932.nls [Ver = | Size = 180770 bytes | Created Date = 3/19/2007 12:17:55 AM | Attr = ]
C:\WINDOWS\System32\c_20936.nls [Ver = | Size = 173602 bytes | Created Date = 3/19/2007 12:17:55 AM | Attr = ]
C:\WINDOWS\System32\c_20949.nls [Ver = | Size = 177698 bytes | Created Date = 3/19/2007 12:17:55 AM | Attr = ]
C:\WINDOWS\System32\ksc.nls [Ver = | Size = 47066 bytes | Created Date = 3/19/2007 12:18:21 AM | Attr = ]
C:\WINDOWS\System32\c_1361.nls [Ver = | Size = 189986 bytes | Created Date = 3/19/2007 12:18:21 AM | Attr = ]
C:\WINDOWS\System32\c_10003.nls [Ver = | Size = 177698 bytes | Created Date = 3/19/2007 12:18:21 AM | Attr = ]
C:\WINDOWS\System32\c_10008.nls [Ver = | Size = 173602 bytes | Created Date = 3/19/2007 12:18:31 AM | Attr = ]
C:\WINDOWS\System32\prc.nls [Ver = | Size = 83748 bytes | Created Date = 3/19/2007 12:18:31 AM | Attr = ]
C:\WINDOWS\System32\prcp.nls [Ver = | Size = 83748 bytes | Created Date = 3/19/2007 12:18:31 AM | Attr = ]
C:\WINDOWS\System32\WINPY.MB [Ver = | Size = 1783864 bytes | Created Date = 3/19/2007 12:18:31 AM | Attr = ]
C:\WINDOWS\System32\WINSP.MB [Ver = | Size = 1564868 bytes | Created Date = 3/19/2007 12:18:32 AM | Attr = ]
C:\WINDOWS\System32\WINZM.MB [Ver = | Size = 1223500 bytes | Created Date = 3/19/2007 12:18:32 AM | Attr = ]
C:\WINDOWS\System32\PINTLPAD.HLP [Ver = | Size = 14821 bytes | Created Date = 3/19/2007 12:18:38 AM | Attr = ]
C:\WINDOWS\System32\PINTLPAE.HLP [Ver = | Size = 16254 bytes | Created Date = 3/19/2007 12:18:38 AM | Attr = ]
C:\WINDOWS\System32\big5.nls [Ver = | Size = 66728 bytes | Created Date = 3/19/2007 12:18:38 AM | Attr = ]
C:\WINDOWS\System32\bopomofo.nls [Ver = | Size = 82172 bytes | Created Date = 3/19/2007 12:18:38 AM | Attr = ]
C:\WINDOWS\System32\c_10002.nls [Ver = | Size = 195618 bytes | Created Date = 3/19/2007 12:18:38 AM | Attr = ]
C:\WINDOWS\System32\a15.tbl [Ver = | Size = 1460 bytes | Created Date = 3/19/2007 12:18:38 AM | Attr = ]
C:\WINDOWS\System32\a234.tbl [Ver = | Size = 44370 bytes | Created Date = 3/19/2007 12:18:38 AM | Attr = ]
C:\WINDOWS\System32\acode.tbl [Ver = | Size = 44370 bytes | Created Date = 3/19/2007 12:18:38 AM | Attr = ]
C:\WINDOWS\System32\msdayi.tbl [Ver = | Size = 116285 bytes | Created Date = 3/19/2007 12:18:38 AM | Attr = ]
C:\WINDOWS\System32\dayiptr.tbl [Ver = | Size = 700 bytes | Created Date = 3/19/2007 12:18:39 AM | Attr = ]
C:\WINDOWS\System32\dayiphr.tbl [Ver = | Size = 520 bytes | Created Date = 3/19/2007 12:18:39 AM | Attr = ]
C:\WINDOWS\System32\phon.tbl [Ver = | Size = 4071 bytes | Created Date = 3/19/2007 12:18:39 AM | Attr = ]
C:\WINDOWS\System32\phoncode.tbl [Ver = | Size = 43242 bytes | Created Date = 3/19/2007 12:18:39 AM | Attr = ]
C:\WINDOWS\System32\phonptr.tbl [Ver = | Size = 2714 bytes | Created Date = 3/19/2007 12:18:39 AM | Attr = ]
C:\WINDOWS\System32\lcptr.tbl [Ver = | Size = 24114 bytes | Created Date = 3/19/2007 12:18:39 AM | Attr = ]
C:\WINDOWS\System32\lcphrase.tbl [Ver = | Size = 211938 bytes | Created Date = 3/19/2007 12:18:39 AM | Attr = ]
C:\WINDOWS\System32\arphr.tbl [Ver = | Size = 110566 bytes | Created Date = 3/19/2007 12:18:39 AM | Attr = ]
C:\WINDOWS\System32\arptr.tbl [Ver = | Size = 16312 bytes | Created Date = 3/19/2007 12:18:39 AM | Attr = ]
C:\WINDOWS\System32\array30.tab [Ver = | Size = 146126 bytes | Created Date = 3/19/2007 12:18:39 AM | Attr = ]
C:\WINDOWS\System32\arrayhw.tab [Ver = | Size = 18600 bytes | Created Date = 3/19/2007 12:18:39 AM | Attr = ]
C:\WINDOWS\System32\noise.jpn [Ver = | Size = 2060 bytes | Created Date = 3/19/2007 12:18:48 AM | Attr = ]
C:\WINDOWS\System32\korwbrkr.lex [Ver = | Size = 1158818 bytes | Created Date = 3/19/2007 12:18:48 AM | Attr = ]
C:\WINDOWS\System32\noise.kor [Ver = | Size = 1486 bytes | Created Date = 3/19/2007 12:18:49 AM | Attr = ]
C:\WINDOWS\System32\sgqephac.exe [Ver = | Size = 46688 bytes | Created Date = 4/3/2007 10:17:42 PM | Attr = H ]
C:\WINDOWS\System32\wmimgmt.msc [Ver = | Size = 63488 bytes | Created Date = 3/19/2007 12:21:42 AM | Attr = ]
C:\WINDOWS\System32\msdtcprf.h [Ver = | Size = 768 bytes | Created Date = 3/19/2007 12:21:50 AM | Attr = ]
C:\WINDOWS\System32\msdtcprf.ini [Ver = | Size = 1931 bytes | Created Date = 3/19/2007 12:21:50 AM | Attr = ]
C:\WINDOWS\System32\tslabels.h [Ver = | Size = 3286 bytes | Created Date = 3/19/2007 12:21:51 AM | Attr = ]
C:\WINDOWS\System32\tslabels.ini [Ver = | Size = 13223 bytes | Created Date = 3/19/2007 12:21:51 AM | Attr = ]
C:\WINDOWS\System32\usrlogon.cmd [Ver = | Size = 1161 bytes | Created Date = 3/19/2007 12:21:51 AM | Attr = ]
C:\WINDOWS\System32\bopomofo.uce [Ver = | Size = 22984 bytes | Created Date = 3/19/2007 12:21:52 AM | Attr = ]
C:\WINDOWS\System32\gb2312.uce [Ver = | Size = 24006 bytes | Created Date = 3/19/2007 12:21:52 AM | Attr = ]
C:\WINDOWS\System32\ideograf.uce [Ver = | Size = 60458 bytes | Created Date = 3/19/2007 12:21:52 AM | Attr = ]
C:\WINDOWS\System32\kanji_1.uce [Ver = | Size = 6948 bytes | Created Date = 3/19/2007 12:21:52 AM | Attr = ]
C:\WINDOWS\System32\kanji_2.uce [Ver = | Size = 8484 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\System32\korean.uce [Ver = | Size = 12876 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\System32\shiftjis.uce [Ver = | Size = 16740 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\System32\subrange.uce [Ver = | Size = 93702 bytes | Created Date = 3/19/2007 12:21:53 AM | Attr = ]
C:\WINDOWS\System32\hticons.dll Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Created Date = 3/19/2007 12:21:57 AM | Attr = ]
C:\WINDOWS\System32\hypertrm.dll Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 489984 bytes | Created Date = 3/19/2007 12:21:57 AM | Attr = ]
C:\WINDOWS\System32\emptyregdb.dat [Ver = | Size = 21640 bytes | Created Date = 3/19/2007 12:22:48 AM | Attr = ]
C:\WINDOWS\System32\isrdbg32.dll Intel Corporation [Ver = 0.0 | Size = 28672 bytes | Created Date = 3/19/2007 12:23:30 AM | Attr = ]
C:\WINDOWS\System32\desktop.ini [Ver = | Size = 2 bytes | Created Date = 3/19/2007 12:23:34 AM | Attr = ]
C:\WINDOWS\System32\ncpa.cpl.manifest [Ver = | Size = 749 bytes | Created Date = 3/19/2007 12:24:18 AM | Attr = RH ]
C:\WINDOWS\System32\nscompat.tlb [Ver = | Size = 23392 bytes | Created Date = 3/19/2007 12:25:33 AM | Attr = ]
C:\WINDOWS\System32\nwc.cpl.manifest [Ver = | Size = 749 bytes | Created Date = 3/19/2007 12:24:18 AM | Attr = RH ]
C:\WINDOWS\System32\sapi.cpl.manifest [Ver = | Size = 749 bytes | Created Date = 3/19/2007 12:24:18 AM | Attr = RH ]
C:\WINDOWS\System32\amcompat.tlb [Ver = | Size = 16832 bytes | Created Date = 3/19/2007 12:25:33 AM | Attr = ]
C:\WINDOWS\System32\CONFIG.NT [Ver = | Size = 2577 bytes | Created Date = 3/19/2007 12:25:35 AM | Attr = ]
C:\WINDOWS\System32\wuaucpl.cpl.manifest [Ver = | Size = 749 bytes | Created Date = 3/19/2007 12:24:18 AM | Attr = RH ]
C:\WINDOWS\System32\cdplayer.exe.manifest [Ver = | Size = 749 bytes | Created Date = 3/19/2007 12:24:18 AM | Attr = RH ]
C:\WINDOWS\System32\logonui.exe.manifest [Ver = | Size = 488 bytes | Created Date = 3/19/2007 12:24:24 AM | Attr = RH ]
C:\WINDOWS\System32\WindowsLogon.manifest [Ver = | Size = 488 bytes | Created Date = 3/19/2007 12:24:24 AM | Attr = RH ]
C:\WINDOWS\System32\wmpscheme.xml [Ver = | Size = 25065 bytes | Created Date = 3/19/2007 12:25:33 AM | Attr = ]
C:\WINDOWS\System32\nvide.nvu [Ver = | Size = 894 bytes | Created Date = 3/19/2007 12:32:47 AM | Attr = ]
C:\WINDOWS\System32\nvuide.exe NVIDIA [Ver = 1 , 0 , 0 , 30 | Size = 77824 bytes | Created Date = 3/19/2007 12:32:47 AM | Attr = ]
C:\WINDOWS\System32\nvasio.dll NVIDIA Corporation [Ver = 6.14.0348.0 | Size = 30208 bytes | Created Date = 3/19/2007 12:32:50 AM | Attr = R ]
C:\WINDOWS\System32\nvopenal.dll NVIDIA Corporation [Ver = 6.14.0348.0 | Size = 44032 bytes | Created Date = 3/19/2007 12:32:50 AM | Attr = R ]
C:\WINDOWS\System32\nvuaudio.exe NVIDIA [Ver = 1 , 0 , 0 , 30 | Size = 77824 bytes | Created Date = 3/19/2007 12:32:51 AM | Attr = R ]
C:\WINDOWS\System32\OpenAL32.dll NVIDIA Corporation [Ver = 6.14.0348.0 | Size = 44032 bytes | Created Date = 3/19/2007 12:32:50 AM | Attr = R ]
C:\WINDOWS\System32\ALut.dll NVIDIA Corporation [Ver = 6.14.0348.0 | Size = 5120 bytes | Created Date = 3/19/2007 12:32:50 AM | Attr = R ]
C:\WINDOWS\System32\nvaudio.nvu [Ver = | Size = 2815 bytes | Created Date = 3/19/2007 12:32:51 AM | Attr = R ]
C:\WINDOWS\System32\NVUninst.exe NVIDIA [Ver = 1 , 0 , 0 , 30 | Size = 77824 bytes | Created Date = 3/19/2007 12:33:48 AM | Attr = ]
C:\WINDOWS\System32\NVU001.nvu [Ver = | Size = 239 bytes | Created Date = 3/19/2007 12:33:48 AM | Attr = ]
C:\WINDOWS\System32\nvinstnt.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 126976 bytes | Created Date = 3/19/2007 12:56:05 AM | Attr = R ]
C:\WINDOWS\System32\nvsvc32.exe NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 69632 bytes | Created Date = 3/19/2007 12:56:05 AM | Attr = R ]
C:\WINDOWS\System32\PerfStringBackup.TMP [Ver = | Size = 1606 bytes | Created Date = 3/19/2007 12:39:27 AM | Attr = ]
C:\WINDOWS\System32\nv4_disp.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 3180171 bytes | Created Date = 3/19/2007 12:56:05 AM | Attr = R ]
C:\WINDOWS\System32\nvoglnt.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 3764224 bytes | Created Date = 3/19/2007 12:56:06 AM | Attr = R ]
C:\WINDOWS\System32\nvcpl.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 4640768 bytes | Created Date = 3/19/2007 12:56:07 AM | Attr = R ]
C:\WINDOWS\System32\nvmctray.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 49152 bytes | Created Date = 3/19/2007 12:56:08 AM | Attr = R ]
C:\WINDOWS\System32\nview.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 835654 bytes | Created Date = 3/19/2007 12:56:08 AM | Attr = R ]
C:\WINDOWS\System32\dmcpl.exe NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 1323008 bytes | Created Date = 3/19/2007 12:56:08 AM | Attr = R ]
C:\WINDOWS\System32\nvshell.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 467016 bytes | Created Date = 3/19/2007 12:56:09 AM | Attr = R ]
C:\WINDOWS\System32\nvtuicpl.cpl NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 143360 bytes | Created Date = 3/19/2007 12:56:09 AM | Attr = R ]
C:\WINDOWS\System32\nwiz.exe NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 323584 bytes | Created Date = 3/19/2007 12:56:09 AM | Attr = R ]
C:\WINDOWS\System32\nviewimg.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 512000 bytes | Created Date = 3/19/2007 12:56:09 AM | Attr = R ]
C:\WINDOWS\System32\keystone.exe NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 286806 bytes | Created Date = 3/19/2007 12:56:09 AM | Attr = R ]
C:\WINDOWS\System32\nvrsar.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 3403776 bytes | Created Date = 3/19/2007 12:56:10 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsar.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 143360 bytes | Created Date = 3/19/2007 12:56:11 AM | Attr = R ]
C:\WINDOWS\System32\nvrscs.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 249856 bytes | Created Date = 3/19/2007 12:56:11 AM | Attr = R ]
C:\WINDOWS\System32\nvwrscs.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 159744 bytes | Created Date = 3/19/2007 12:56:11 AM | Attr = R ]
C:\WINDOWS\System32\nvrsda.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 258048 bytes | Created Date = 3/19/2007 12:56:11 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsda.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 159744 bytes | Created Date = 3/19/2007 12:56:11 AM | Attr = R ]
C:\WINDOWS\System32\nvrsde.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 266240 bytes | Created Date = 3/19/2007 12:56:11 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsde.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 176128 bytes | Created Date = 3/19/2007 12:56:11 AM | Attr = R ]
C:\WINDOWS\System32\nvrsel.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 253952 bytes | Created Date = 3/19/2007 12:56:11 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsel.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 184320 bytes | Created Date = 3/19/2007 12:56:11 AM | Attr = R ]
C:\WINDOWS\System32\nvrseng.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 258048 bytes | Created Date = 3/19/2007 12:56:12 AM | Attr = R ]
C:\WINDOWS\System32\nvwrseng.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 147456 bytes | Created Date = 3/19/2007 12:56:12 AM | Attr = R ]
C:\WINDOWS\System32\nvrses.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 258048 bytes | Created Date = 3/19/2007 12:56:12 AM | Attr = R ]
C:\WINDOWS\System32\nvwrses.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 176128 bytes | Created Date = 3/19/2007 12:56:12 AM | Attr = R ]
C:\WINDOWS\System32\nvrsesm.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 282624 bytes | Created Date = 3/19/2007 12:56:12 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsesm.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 147456 bytes | Created Date = 3/19/2007 12:56:12 AM | Attr = R ]
C:\WINDOWS\System32\nvrsfi.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 249856 bytes | Created Date = 3/19/2007 12:56:12 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsfi.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 163840 bytes | Created Date = 3/19/2007 12:56:12 AM | Attr = R ]
C:\WINDOWS\System32\nvrsfr.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 266240 bytes | Created Date = 3/19/2007 12:56:12 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsfr.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 172032 bytes | Created Date = 3/19/2007 12:56:12 AM | Attr = R ]
C:\WINDOWS\System32\nvrshe.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 3391488 bytes | Created Date = 3/19/2007 12:56:13 AM | Attr = R ]
C:\WINDOWS\System32\nvwrshe.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 139264 bytes | Created Date = 3/19/2007 12:56:13 AM | Attr = R ]
C:\WINDOWS\System32\nvrshu.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 245760 bytes | Created Date = 3/19/2007 12:56:14 AM | Attr = R ]
C:\WINDOWS\System32\nvwrshu.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 167936 bytes | Created Date = 3/19/2007 12:56:14 AM | Attr = R ]
C:\WINDOWS\System32\nvrsit.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 270336 bytes | Created Date = 3/19/2007 12:56:15 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsit.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 172032 bytes | Created Date = 3/19/2007 12:56:15 AM | Attr = R ]
C:\WINDOWS\System32\nvrsja.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 3387392 bytes | Created Date = 3/19/2007 12:56:15 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsja.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 106496 bytes | Created Date = 3/19/2007 12:56:17 AM | Attr = R ]
C:\WINDOWS\System32\nvrsko.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 3383296 bytes | Created Date = 3/19/2007 12:56:17 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsko.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 102400 bytes | Created Date = 3/19/2007 12:56:19 AM | Attr = R ]
C:\WINDOWS\System32\nvrsnl.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 262144 bytes | Created Date = 3/19/2007 12:56:19 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsnl.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 167936 bytes | Created Date = 3/19/2007 12:56:20 AM | Attr = R ]
C:\WINDOWS\System32\nvrsno.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 258048 bytes | Created Date = 3/19/2007 12:56:20 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsno.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 159744 bytes | Created Date = 3/19/2007 12:56:20 AM | Attr = R ]
C:\WINDOWS\System32\nvrspl.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 245760 bytes | Created Date = 3/19/2007 12:56:20 AM | Attr = R ]
C:\WINDOWS\System32\nvwrspl.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 163840 bytes | Created Date = 3/19/2007 12:56:20 AM | Attr = R ]
C:\WINDOWS\System32\nvrspt.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 249856 bytes | Created Date = 3/19/2007 12:56:20 AM | Attr = R ]
C:\WINDOWS\System32\nvwrspt.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 176128 bytes | Created Date = 3/19/2007 12:56:21 AM | Attr = R ]
C:\WINDOWS\System32\nvrsptb.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 266240 bytes | Created Date = 3/19/2007 12:56:21 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsptb.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 172032 bytes | Created Date = 3/19/2007 12:56:21 AM | Attr = R ]
C:\WINDOWS\System32\nvrsru.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 262144 bytes | Created Date = 3/19/2007 12:56:21 AM | Attr = R ]
C:\WINDOWS\System32\nvwrsru.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 176128 bytes | Created Date = 3/19/2007 12:56:21 AM | Attr = R ]
C:\WINDOWS\System32\nvrssk.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 245760 bytes | Created Date = 3/19/2007 12:56:21 AM | Attr = R ]
C:\WINDOWS\System32\nvwrssk.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 167936 bytes | Created Date = 3/19/2007 12:56:22 AM | Attr = R ]
C:\WINDOWS\System32\nvrssl.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 253952 bytes | Created Date = 3/19/2007 12:56:22 AM | Attr = R ]
C:\WINDOWS\System32\nvwrssl.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 155648 bytes | Created Date = 3/19/2007 12:56:22 AM | Attr = R ]
C:\WINDOWS\System32\nvrssv.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 258048 bytes | Created Date = 3/19/2007 12:56:22 AM | Attr = R ]
C:\WINDOWS\System32\nvwrssv.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 159744 bytes | Created Date = 3/19/2007 12:56:22 AM | Attr = R ]
C:\WINDOWS\System32\nvrstr.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 262144 bytes | Created Date = 3/19/2007 12:56:22 AM | Attr = R ]
C:\WINDOWS\System32\nvwrstr.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 163840 bytes | Created Date = 3/19/2007 12:56:22 AM | Attr = R ]
C:\WINDOWS\System32\nvrszhc.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 217088 bytes | Created Date = 3/19/2007 12:56:23 AM | Attr = R ]
C:\WINDOWS\System32\nvwrszhc.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 86016 bytes | Created Date = 3/19/2007 12:56:23 AM | Attr = R ]
C:\WINDOWS\System32\nvrszht.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 217088 bytes | Created Date = 3/19/2007 12:56:23 AM | Attr = R ]
C:\WINDOWS\System32\nvwrszht.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 86016 bytes | Created Date = 3/19/2007 12:56:23 AM | Attr = R ]
C:\WINDOWS\System32\pncrt.dll Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 3/19/2007 1:39:56 AM | Attr = ]
C:\WINDOWS\System32\pndx5016.dll RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 3/19/2007 1:39:57 AM | Attr = ]
C:\WINDOWS\System32\pndx5032.dll RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 3/19/2007 1:39:57 AM | Attr = ]
C:\WINDOWS\System32\rmoc3260.dll RealNetworks, Inc. [Ver = 6.0.9.2318 | Size = 176167 bytes | Created Date = 3/19/2007 1:40:06 AM | Attr = ]
C:\WINDOWS\System32\px.dll Sonic Solutions [Ver = 2.4.43.500 | Size = 372736 bytes | Created Date = 3/19/2007 3:16:41 AM | Attr = ]
C:\WINDOWS\System32\pxmas.dll Sonic Solutions [Ver = 2.4.43.500 | Size = 172032 bytes | Created Date = 3/19/2007 3:16:41 AM | Attr = ]
C:\WINDOWS\System32\pxwave.dll Sonic Solutions [Ver = 2.4.43.500 | Size = 339968 bytes | Created Date = 3/19/2007 3:16:41 AM | Attr = ]
C:\WINDOWS\System32\vxblock.dll Sonic Solutions [Ver = 1.00.62a | Size = 28672 bytes | Created Date = 3/19/2007 3:16:41 AM | Attr = ]
C:\WINDOWS\System32\pxdrv.dll Sonic Solutions [Ver = 1.01.51a | Size = 421888 bytes | Created Date = 3/19/2007 3:16:41 AM | Attr = ]
C:\WINDOWS\System32\pxhpinst.exe Sonic Solutions [Ver = 2.03.32a | Size = 61440 bytes | Created Date = 3/19/2007 3:16:41 AM | Attr = ]
C:\WINDOWS\System32\pxinsa64.exe Sonic Solutions [Ver = 2.03.32a | Size = 56320 bytes | Created Date = 3/19/2007 3:16:41 AM | Attr = ]
C:\WINDOWS\System32\pxinsi64.exe Sonic Solutions [Ver = 2.03.32a | Size = 109568 bytes | Created Date = 3/19/2007 3:16:41 AM | Attr = ]
C:\WINDOWS\System32\pxcpya64.exe Sonic Solutions [Ver = 1.00.28a | Size = 56832 bytes | Created Date = 3/19/2007 3:16:41 AM | Attr = ]
C:\WINDOWS\System32\pxcpyi64.exe Sonic Solutions [Ver = 1.00.28a | Size = 108544 bytes | Created Date = 3/19/2007 3:16:41 AM | Attr = ]
C:\WINDOWS\System32\avsda.dll H+BEDV Datentechnik GmbH [Ver = 06.30.00.02 | Size = 57344 bytes | Created Date = 3/19/2007 4:05:27 AM | Attr = ]
C:\WINDOWS\System32\CNMLM7K.DLL CANON INC. [Ver = 1.90.2.90 | Size = 140288 bytes | Created Date = 3/19/2007 9:23:49 PM | Attr = ]
C:\WINDOWS\System32\xvidvfw.dll [Ver = | Size = 180224 bytes | Created Date = 3/19/2007 3:17:20 AM | Attr = ]
C:\WINDOWS\System32\xvid.ax [Ver = | Size = 77824 bytes | Created Date = 3/19/2007 3:17:21 AM | Attr = ]
C:\WINDOWS\System32\xvidcore.dll [Ver = | Size = 761856 bytes | Created Date = 3/19/2007 3:17:21 AM | Attr = ]
C:\WINDOWS\System32\CNMVS7K.DLL [Ver = | Size = 8704 bytes | Created Date = 3/19/2007 9:23:49 PM | Attr = ]
C:\WINDOWS\System32\CNBJHLP2.CNT [Ver = | Size = 1075 bytes | Created Date = 3/22/2007 2:04:43 AM | Attr = ]
C:\WINDOWS\System32\CNBJHLP2.HLP [Ver = | Size = 33489 bytes | Created Date = 3/22/2007 2:04:43 AM | Attr = ]
C:\WINDOWS\System32\telecomes.exe [Ver = | Size = 96994 bytes | Created Date = 3/31/2007 3:43:01 AM | Attr = RHS]
C:\WINDOWS\System32\agjler.exe [Ver = | Size = 110592 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\java.exe Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 49248 bytes | Created Date = 3/27/2007 5:48:39 PM | Attr = ]
C:\WINDOWS\System32\iwuokc.exe [Ver = | Size = 79904 bytes | Created Date = 4/3/2007 11:25:59 PM | Attr = H ]
C:\WINDOWS\System32\osootzlh.exe [Ver = | Size = 13664 bytes | Created Date = 4/3/2007 11:34:53 PM | Attr = H ]
C:\WINDOWS\System32\javaw.exe Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 49250 bytes | Created Date = 3/27/2007 5:48:39 PM | Attr = ]
C:\WINDOWS\System32\javaws.exe Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 127078 bytes | Created Date = 3/27/2007 5:48:39 PM | Attr = ]
C:\WINDOWS\System32\jpicpl32.cpl Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 49265 bytes | Created Date = 3/27/2007 5:48:39 PM | Attr = ]
C:\WINDOWS\System32\uammjcp.exe [Ver = | Size = 41744 bytes | Created Date = 4/4/2007 12:40:05 AM | Attr = H ]
C:\WINDOWS\System32\gebrv.exe [Ver = | Size = 1024 bytes | Created Date = 4/4/2007 12:46:44 AM | Attr = H ]
C:\WINDOWS\System32\kcnpm.exe [Ver = | Size = 29648 bytes | Created Date = 4/4/2007 1:11:39 AM | Attr = ]
C:\WINDOWS\System32\fjsrsyiq.exe [Ver = | Size = 35552 bytes | Created Date = 4/4/2007 12:57:21 AM | Attr = H ]
C:\WINDOWS\System32\lrpag.exe [Ver = | Size = 19968 bytes | Created Date = 4/4/2007 1:13:53 AM | Attr = ]
C:\WINDOWS\System32\gbeu.exe [Ver = | Size = 29648 bytes | Created Date = 4/4/2007 1:56:41 AM | Attr = ]
C:\WINDOWS\System32\padhz.exe [Ver = | Size = 8192 bytes | Created Date = 4/4/2007 2:16:42 AM | Attr = H ]
C:\WINDOWS\System32\cygs.exe [Ver = | Size = 48128 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\fmokyhcm.exe [Ver = | Size = 48128 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\spad.exe [Ver = | Size = 48128 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\ubrrv.exe [Ver = | Size = 58880 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\pmydsq.exe [Ver = | Size = 87040 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\loqzfovh.exe [Ver = | Size = 41984 bytes | Created Date = 4/4/2007 3:20:55 AM | Attr = H ]
C:\WINDOWS\System32\pqseui.exe [Ver = | Size = 48128 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\ejnxksm.exe [Ver = | Size = 59852 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\fibfo.exe [Ver = | Size = 58880 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\qktuyc.exe [Ver = | Size = 87040 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\mgykl.exe [Ver = | Size = 58880 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\oyfkfck.exe [Ver = | Size = 87040 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\fodvue.exe [Ver = | Size = 48128 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\nffvkdkx.exe [Ver = | Size = 87040 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\zudptx.exe [Ver = | Size = 87040 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\zbhg.exe [Ver = | Size = 87040 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\cxwtgoy.exe [Ver = | Size = 87040 bytes | Created Date = 1/2/1601 4:00:00 PM | Attr = H ]
C:\WINDOWS\System32\hjrcwnqh.exe [Ver = | Size = 29648 bytes | Created Date = 4/4/2007 6:35:21 AM | Attr = ]
C:\WINDOWS\System32\ilfhc.exe [Ver = | Size = 29648 bytes | Created Date = 4/4/2007 8:00:07 AM | Attr = ]
C:\WINDOWS\System32\spoolvc.exe [Ver = | Size = 53552 bytes | Created Date = 4/4/2007 4:40:31 AM | Attr = RHS]
C:\WINDOWS\System32\dllcache\NT5INF.CAT [Ver = | Size = 453628 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\NT5.CAT [Ver = | Size = 2049999 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\NTPRINT.CAT [Ver = | Size = 1086182 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\NT5IIS.CAT [Ver = | Size = 797189 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [Ver = | Size = 399645 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\FP4.CAT [Ver = | Size = 31405 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\IMS.CAT [Ver = | Size = 13608 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\MSMSGS.CAT [Ver = | Size = 10881 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\HPCRDP.CAT [Ver = | Size = 13472 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\MW770.CAT [Ver = | Size = 37484 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\IASNT4.CAT [Ver = | Size = 8574 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [Ver = | Size = 7369 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [Ver = | Size = 7382 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\tabletpc.cat [Ver = | Size = 93044 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\mediactr.cat [Ver = | Size = 22399 bytes | Created Date = 3/19/2007 12:05:07 AM | Attr = ]
C:\WINDOWS\System32\dllcache\mplayer2.exe [Ver = | Size = 4639 bytes | Created Date = 2/19/2007 9:05:02 PM | Attr = ]
C:\WINDOWS\System32\dllcache\cap7146.sys Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 3/19/2007 12:26:17 AM | Attr = ]
C:\WINDOWS\System32\dllcache\chtskf.dll [Ver = | Size = 173568 bytes | Created Date = 3/19/2007 8:18:58 AM | Attr = ]
C:\WINDOWS\System32\dllcache\dgrpsetu.dll Digi International, Inc. [Ver = 2.3.7 | Size = 176157 bytes | Created Date = 3/19/2007 12:05:20 AM | Attr = ]
C:\WINDOWS\System32\dllcache\dgsetup.dll Digi International [Ver = v3.7.3.0 | Size = 85020 bytes | Created Date = 3/19/2007 12:05:20 AM | Attr = ]
C:\WINDOWS\System32\dllcache\eqnclass.dll Equinox Systems Inc. [Ver = 5.0u(58) | Size = 103424 bytes | Created Date = 3/19/2007 12:05:19 AM | Attr = ]
C:\WINDOWS\System32\dllcache\esucmd.dll SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 3/19/2007 12:26:29 AM | Attr = ]
C:\WINDOWS\System32\dllcache\esuimgd.dll SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 3/19/2007 12:26:29 AM | Attr = ]
C:\WINDOWS\System32\dllcache\esunid.dll SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 3/19/2007 12:26:29 AM | Attr = ]
C:\WINDOWS\System32\dllcache\fpencode.dll [Ver = | Size = 94208 bytes | Created Date = 3/19/2007 12:26:32 AM | Attr = ]
C:\WINDOWS\System32\dllcache\hanja.lex [Ver = | Size = 108827 bytes | Created Date = 3/19/2007 12:18:27 AM | Attr = ]
C:\WINDOWS\System32\dllcache\hwxjpn.dll [Ver = | Size = 13463552 bytes | Created Date = 3/19/2007 12:18:15 AM | Attr = ]
C:\WINDOWS\System32\dllcache\imekr.lex [Ver = | Size = 134339 bytes | Created Date = 3/19/2007 12:18:27 AM | Attr = ]
C:\WINDOWS\System32\dllcache\imscinst.exe [Ver = | Size = 59392 bytes | Created Date = 3/19/2007 12:18:51 AM | Attr = ]
C:\WINDOWS\System32\dllcache\imjpinst.exe [Ver = | Size = 196666 bytes | Created Date = 3/19/2007 12:18:50 AM | Attr = ]
C:\WINDOWS\System32\dllcache\isrdbg32.dll Intel Corporation [Ver = 0.0 | Size = 28672 bytes | Created Date = 3/19/2007 12:23:30 AM | Attr = ]
C:\WINDOWS\System32\dllcache\korwbrkr.lex [Ver = | Size = 1158818 bytes | Created Date = 3/19/2007 12:18:48 AM | Attr = ]
C:\WINDOWS\System32\dllcache\msinfo.dll [Ver = 7, 0, 0, 0 | Size = 348160 bytes | Created Date = 3/19/2007 12:23:36 AM | Attr = ]
C:\WINDOWS\System32\dllcache\nls302en.lex [Ver = | Size = 4399505 bytes | Created Date = 3/19/2007 12:24:00 AM | Attr = ]
C:\WINDOWS\System32\dllcache\pintlcsa.dll [Ver = | Size = 175104 bytes | Created Date = 3/19/2007 8:18:57 AM | Attr = ]
C:\WINDOWS\System32\dllcache\pinball.exe Cinematronics [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 272896 bytes | Created Date = 2/19/2007 9:03:39 PM | Attr = ]
C:\WINDOWS\System32\dllcache\rw330ext.dll Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 3/19/2007 12:27:27 AM | Attr = ]
C:\WINDOWS\System32\dllcache\rwia001.dll Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 3/19/2007 12:27:27 AM | Attr = ]
C:\WINDOWS\System32\dllcache\rwia330.dll Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 3/19/2007 12:27:27 AM | Attr = ]
C:\WINDOWS\System32\dllcache\spxcoins.dll Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 3/19/2007 12:05:19 AM | Attr = ]
C:\WINDOWS\System32\dllcache\srframe.mmf [Ver = | Size = 984 bytes | Created Date = 3/19/2007 12:23:30 AM | Attr = ]
C:\WINDOWS\System32\dllcache\nv4_mini.sys NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 1312555 bytes | Created Date = 3/19/2007 12:56:05 AM | Attr = ]
C:\WINDOWS\System32\dllcache\nv4_disp.dll NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 3180171 bytes | Created Date = 3/19/2007 12:56:05 AM | Attr = ]
C:\WINDOWS\System32\drivers\nvax.sys NVIDIA Corporation [Ver = 6.14.0348.0 built by: NVIDIA | Size = 30336 bytes | Created Date = 3/19/2007 12:32:50 AM | Attr = R ]
C:\WINDOWS\System32\drivers\nvarm.sys NVIDIA Corporation [Ver = 6.14.0348.0 built by: NVIDIA | Size = 66816 bytes | Created Date = 3/19/2007 12:32:50 AM | Attr = R ]
C:\WINDOWS\System32\drivers\nv_agp.SYS NVIDIA Corporation [Ver = 4.12.01.0334 | Size = 18688 bytes | Created Date = 3/19/2007 12:32:18 AM | Attr = R ]
C:\WINDOWS\System32\drivers\NVENET.sys NVIDIA Corporation [Ver = 4.14.01.0313 | Size = 80896 bytes | Created Date = 3/19/2007 12:32:35 AM | Attr = R ]
C:\WINDOWS\System32\drivers\jedih2rx.bin [Ver = | Size = 1024 bytes | Created Date = 3/19/2007 12:32:35 AM | Attr = R ]
C:\WINDOWS\System32\drivers\ramsed.bin [Ver = | Size = 122 bytes | Created Date = 3/19/2007 12:32:35 AM | Attr = R ]
C:\WINDOWS\System32\drivers\jedireg.pat [Ver = | Size = 42 bytes | Created Date = 3/19/2007 12:32:35 AM | Attr = R ]
C:\WINDOWS\System32\drivers\nvmcp.sys NVIDIA Corporation [Ver = 6.14.0348.0 built by: NVIDIA | Size = 908800 bytes | Created Date = 3/19/2007 12:32:50 AM | Attr = R ]
C:\WINDOWS\System32\drivers\nvapu.sys NVIDIA Corporation [Ver = 6.14.0348.0 built by: NVIDIA | Size = 286976 bytes | Created Date = 3/19/2007 12:32:50 AM | Attr = R ]
C:\WINDOWS\System32\drivers\nv4_mini.sys NVIDIA Corporation [Ver = 6.14.10.4403 | Size = 1312555 bytes | Created Date = 3/19/2007 12:56:05 AM | Attr = R ]
C:\WINDOWS\System32\drivers\PxHelp20.sys Sonic Solutions [Ver = 2.03.32a | Size = 20640 bytes | Created Date = 3/19/2007 3:16:41 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgntdd.sys AVIRA GmbH [Ver = 6.37.00.02 | Size = 34304 bytes | Created Date = 3/19/2007 4:05:27 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgntmgr.sys AVIRA GmbH [Ver = 6.37.01.01 | Size = 14848 bytes | Created Date = 3/19/2007 4:05:27 AM | Attr = ]
C:\WINDOWS\System32\drivers\hamachi.sys LogMeIn, Inc. [Ver = 6.0.0.0 | Size = 17480 bytes | Created Date = 3/21/2007 6:09:25 PM | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Created Date = 3/27/2007 5:50:25 PM | Attr = ]
C:\WINDOWS\System32\drivers\etc\hosts.msn [Ver = | Size = 10188 bytes | Created Date = 3/19/2007 12:14:15 PM | Attr = ]
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<
Advertisement
Register to Remove

Unread postby SnoopDogg » April 3rd, 2007, 10:18 pm

换换换换换换换换换换 Files Modified Within 30 Days 换换换换换换?

C:\boot.ini [Ver = | Size = 194 bytes | Modified Date = 4/4/2007 9:44:18 AM | Attr = HS]
C:\CONFIG.SYS [Ver = | Size = 0 bytes | Modified Date = 3/19/2007 12:25:36 AM | Attr = ]
C:\AUTOEXEC.BAT [Ver = | Size = 0 bytes | Modified Date = 3/19/2007 12:25:36 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini [Ver = | Size = 62 bytes | Modified Date = 3/19/2007 12:05:10 AM | Attr = HS]
C:\Documents and Settings\All Users.WINDOWS\Application Data\addr_file.html [Ver = | Size = 305 bytes | Modified Date = 3/20/2007 4:07:18 AM | Attr = ]
C:\Documents and Settings\StreetBaller89\Application Data\desktop.ini [Ver = | Size = 62 bytes | Modified Date = 3/19/2007 12:05:10 AM | Attr = HS]
C:\Documents and Settings\StreetBaller89\Local Settings\Application Data\IconCache.db [Ver = | Size = 2533348 bytes | Modified Date = 3/31/2007 7:35:40 PM | Attr = H ]
C:\Documents and Settings\StreetBaller89\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [Ver = | Size = 3584 bytes | Modified Date = 4/1/2007 3:06:20 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Documents\desktop.ini [Ver = | Size = 62 bytes | Modified Date = 3/19/2007 12:05:10 AM | Attr = HS]
C:\Documents and Settings\StreetBaller89\My Documents\desktop.ini [Ver = | Size = 85 bytes | Modified Date = 3/29/2007 11:16:22 AM | Attr = HS]
C:\Documents and Settings\StreetBaller89\My Documents\Voon Mee Gou.doc [Ver = | Size = 25600 bytes | Modified Date = 3/22/2007 3:43:02 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 7.0.lnk [Ver = | Size = 1654 bytes | Modified Date = 3/19/2007 1:33:46 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk [Ver = | Size = 1516 bytes | Modified Date = 3/19/2007 1:35:26 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\WinZip.lnk [Ver = | Size = 650 bytes | Modified Date = 3/19/2007 1:38:26 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\RealPlayer.lnk [Ver = | Size = 811 bytes | Modified Date = 3/19/2007 1:40:12 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Player.lnk [Ver = | Size = 709 bytes | Modified Date = 3/19/2007 3:16:50 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\AntiVir PE Classic.lnk [Ver = | Size = 1669 bytes | Modified Date = 3/19/2007 4:05:30 AM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\hamachi.lnk [Ver = | Size = 351 bytes | Modified Date = 3/21/2007 6:09:26 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Desktop\Windows Live Messenger.lnk [Ver = | Size = 1650 bytes | Modified Date = 3/29/2007 11:21:50 AM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Shortcut to Broadband Connection.lnk [Ver = | Size = 570 bytes | Modified Date = 3/29/2007 11:17:12 AM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Akon - Dont Matter.mp3 [Ver = | Size = 5996601 bytes | Modified Date = 3/20/2007 12:50:14 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Akon - I Wanna You(feat.SnoopDogg.mp3 [Ver = | Size = 5268014 bytes | Modified Date = 3/20/2007 8:56:36 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Frozen Throne.lnk [Ver = | Size = 444 bytes | Modified Date = 3/21/2007 6:26:52 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Keane - Crystal Ball.mp3 [Ver = | Size = 7622691 bytes | Modified Date = 3/20/2007 9:27:04 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\bprotect.zip [Ver = | Size = 139728 bytes | Modified Date = 3/31/2007 3:34:20 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Justin Timberlake ft. T.I. - My Love.MP3 [Ver = | Size = 7792979 bytes | Modified Date = 4/1/2007 9:35:38 PM | Attr = ]
C:\Documents and Settings\StreetBaller89\Desktop\Eason Chan - 富士山下.mp3 [Ver = | Size = 10385536 bytes | Modified Date = 4/2/2007 11:26:26 PM | Attr = ]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini [Ver = | Size = 84 bytes | Modified Date = 3/19/2007 12:25:40 AM | Attr = HS]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [Ver = | Size = 1671 bytes | Modified Date = 3/19/2007 1:33:46 AM | Attr = ]
C:\Documents and Settings\StreetBaller89\Start Menu\Programs\Startup\desktop.ini [Ver = | Size = 84 bytes | Modified Date = 3/19/2007 12:25:40 AM | Attr = HS]
C:\WINDOWS\system.ini [Ver = | Size = 227 bytes | Modified Date = 4/4/2007 9:44:18 AM | Attr = ]
C:\WINDOWS\win.ini [Ver = | Size = 538 bytes | Modified Date = 4/4/2007 9:44:18 AM | Attr = ]
C:\WINDOWS\ODBCINST.INI [Ver = | Size = 4161 bytes | Modified Date = 3/19/2007 12:25:26 AM | Attr = ]
C:\WINDOWS\vb.ini [Ver = | Size = 36 bytes | Modified Date = 3/19/2007 12:22:24 AM | Attr = ]
C:\WINDOWS\vbaddin.ini [Ver = | Size = 37 bytes | Modified Date = 3/19/2007 12:22:24 AM | Attr = ]
C:\WINDOWS\control.ini [Ver = | Size = 0 bytes | Modified Date = 3/19/2007 12:25:36 AM | Attr = ]
C:\WINDOWS\WindowsShell.Manifest [Ver = | Size = 749 bytes | Modified Date = 3/19/2007 12:24:20 AM | Attr = RH ]
C:\WINDOWS\WMSysPrx.prx [Ver = | Size = 299552 bytes | Modified Date = 3/19/2007 1:42:06 AM | Attr = ]
C:\WINDOWS\bootstat.dat [Ver = | Size = 2048 bytes | Modified Date = 4/4/2007 9:43:32 AM | Attr = S]
C:\WINDOWS\REGLOCS.OLD [Ver = | Size = 8192 bytes | Modified Date = 3/19/2007 12:29:08 AM | Attr = ]
C:\WINDOWS\ODBC.INI [Ver = | Size = 376 bytes | Modified Date = 3/28/2007 7:13:52 PM | Attr = ]
C:\WINDOWS\cdplayer.ini [Ver = | Size = 25 bytes | Modified Date = 3/19/2007 1:41:18 AM | Attr = ]
C:\WINDOWS\WMSysPr9.prx [Ver = | Size = 316640 bytes | Modified Date = 3/19/2007 1:42:08 AM | Attr = ]
C:\WINDOWS\Thumbs.db [Ver = | Size = 9216 bytes | Modified Date = 3/19/2007 11:07:26 PM | Attr = HS]
C:\WINDOWS\nsreg.dat [Ver = | Size = 0 bytes | Modified Date = 3/30/2007 1:17:40 AM | Attr = ]
C:\WINDOWS\DUMP7791.tmp [Ver = | Size = 65536 bytes | Modified Date = 4/1/2007 5:01:44 PM | Attr = ]
C:\WINDOWS\DUMP67d2.tmp [Ver = | Size = 65536 bytes | Modified Date = 4/4/2007 1:00:48 AM | Attr = ]
C:\WINDOWS\System32\wpa.dbl [Ver = | Size = 2206 bytes | Modified Date = 3/19/2007 12:31:12 AM | Attr = ]
C:\WINDOWS\System32\perfc009.dat [Ver = | Size = 39992 bytes | Modified Date = 3/19/2007 12:39:28 AM | Attr = ]
C:\WINDOWS\System32\perfh009.dat [Ver = | Size = 311604 bytes | Modified Date = 3/19/2007 12:39:28 AM | Attr = ]
C:\WINDOWS\System32\crxgbi.exe [Ver = | Size = 19968 bytes | Modified Date = 4/3/2007 11:00:44 PM | Attr = ]
C:\WINDOWS\System32\$winnt$.inf [Ver = | Size = 261 bytes | Modified Date = 3/19/2007 12:28:14 AM | Attr = ]
C:\WINDOWS\System32\FNTCACHE.DAT [Ver = | Size = 253472 bytes | Modified Date = 3/19/2007 11:41:06 AM | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.INI [Ver = | Size = 355086 bytes | Modified Date = 3/19/2007 12:23:06 AM | Attr = ]
C:\WINDOWS\System32\sgqephac.exe [Ver = | Size = 46688 bytes | Modified Date = 4/3/2007 10:51:02 PM | Attr = H ]
C:\WINDOWS\System32\emptyregdb.dat [Ver = | Size = 21640 bytes | Modified Date = 3/19/2007 12:22:50 AM | Attr = ]
C:\WINDOWS\System32\ncpa.cpl.manifest [Ver = | Size = 749 bytes | Modified Date = 3/19/2007 12:24:20 AM | Attr = RH ]
C:\WINDOWS\System32\nscompat.tlb [Ver = | Size = 23392 bytes | Modified Date = 3/19/2007 1:42:54 AM | Attr = ]
C:\WINDOWS\System32\nwc.cpl.manifest [Ver = | Size = 749 bytes | Modified Date = 3/19/2007 12:24:20 AM | Attr = RH ]
C:\WINDOWS\System32\sapi.cpl.manifest [Ver = | Size = 749 bytes | Modified Date = 3/19/2007 12:24:20 AM | Attr = RH ]
C:\WINDOWS\System32\amcompat.tlb [Ver = | Size = 16832 bytes | Modified Date = 3/19/2007 1:42:54 AM | Attr = ]
C:\WINDOWS\System32\CONFIG.NT [Ver = | Size = 2577 bytes | Modified Date = 3/19/2007 12:25:36 AM | Attr = ]
C:\WINDOWS\System32\wuaucpl.cpl.manifest [Ver = | Size = 749 bytes | Modified Date = 3/19/2007 12:24:20 AM | Attr = RH ]
C:\WINDOWS\System32\cdplayer.exe.manifest [Ver = | Size = 749 bytes | Modified Date = 3/19/2007 12:24:20 AM | Attr = RH ]
C:\WINDOWS\System32\logonui.exe.manifest [Ver = | Size = 488 bytes | Modified Date = 3/19/2007 12:24:26 AM | Attr = RH ]
C:\WINDOWS\System32\WindowsLogon.manifest [Ver = | Size = 488 bytes | Modified Date = 3/19/2007 12:24:26 AM | Attr = RH ]
C:\WINDOWS\System32\wmpscheme.xml [Ver = | Size = 25065 bytes | Modified Date = 3/19/2007 12:47:32 AM | Attr = ]
C:\WINDOWS\System32\NVU001.nvu [Ver = | Size = 239 bytes | Modified Date = 3/19/2007 12:33:50 AM | Attr = ]
C:\WINDOWS\System32\PerfStringBackup.TMP [Ver = | Size = 1606 bytes | Modified Date = 3/19/2007 12:39:28 AM | Attr = ]
C:\WINDOWS\System32\pncrt.dll Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 3/19/2007 1:39:58 AM | Attr = ]
C:\WINDOWS\System32\pndx5016.dll RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 3/19/2007 1:39:58 AM | Attr = ]
C:\WINDOWS\System32\pndx5032.dll RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 3/19/2007 1:39:58 AM | Attr = ]
C:\WINDOWS\System32\rmoc3260.dll RealNetworks, Inc. [Ver = 6.0.9.2318 | Size = 176167 bytes | Modified Date = 3/19/2007 1:40:08 AM | Attr = ]
C:\WINDOWS\System32\telecomes.exe [Ver = | Size = 96994 bytes | Modified Date = 3/31/2007 3:43:12 AM | Attr = RHS]
C:\WINDOWS\System32\iwuokc.exe [Ver = | Size = 79904 bytes | Modified Date = 4/3/2007 11:29:42 PM | Attr = H ]
C:\WINDOWS\System32\osootzlh.exe [Ver = | Size = 13664 bytes | Modified Date = 4/3/2007 11:52:42 PM | Attr = H ]
C:\WINDOWS\System32\uammjcp.exe [Ver = | Size = 41744 bytes | Modified Date = 4/4/2007 12:40:06 AM | Attr = H ]
C:\WINDOWS\System32\gebrv.exe [Ver = | Size = 1024 bytes | Modified Date = 4/4/2007 12:46:46 AM | Attr = H ]
C:\WINDOWS\System32\kcnpm.exe [Ver = | Size = 29648 bytes | Modified Date = 4/4/2007 1:11:42 AM | Attr = ]
C:\WINDOWS\System32\fjsrsyiq.exe [Ver = | Size = 35552 bytes | Modified Date = 4/4/2007 12:57:22 AM | Attr = H ]
C:\WINDOWS\System32\lrpag.exe [Ver = | Size = 19968 bytes | Modified Date = 4/4/2007 1:14:02 AM | Attr = ]
C:\WINDOWS\System32\gbeu.exe [Ver = | Size = 29648 bytes | Modified Date = 4/4/2007 1:56:44 AM | Attr = ]
C:\WINDOWS\System32\padhz.exe [Ver = | Size = 8192 bytes | Modified Date = 4/4/2007 2:16:44 AM | Attr = H ]
C:\WINDOWS\System32\loqzfovh.exe [Ver = | Size = 41984 bytes | Modified Date = 4/4/2007 3:20:56 AM | Attr = H ]
C:\WINDOWS\System32\hjrcwnqh.exe [Ver = | Size = 29648 bytes | Modified Date = 4/4/2007 6:35:28 AM | Attr = ]
C:\WINDOWS\System32\ilfhc.exe [Ver = | Size = 29648 bytes | Modified Date = 4/4/2007 8:00:08 AM | Attr = ]
C:\WINDOWS\System32\spoolvc.exe [Ver = | Size = 53552 bytes | Modified Date = 4/4/2007 4:40:20 AM | Attr = RHS]
C:\WINDOWS\System32\drivers\avgntdd.sys AVIRA GmbH [Ver = 6.37.00.02 | Size = 34304 bytes | Modified Date = 3/20/2007 4:07:18 AM | Attr = ]
C:\WINDOWS\System32\drivers\avgntmgr.sys AVIRA GmbH [Ver = 6.37.01.01 | Size = 14848 bytes | Modified Date = 3/20/2007 4:07:18 AM | Attr = ]
C:\WINDOWS\System32\drivers\hamachi.sys LogMeIn, Inc. [Ver = 6.0.0.0 | Size = 17480 bytes | Modified Date = 3/21/2007 6:09:26 PM | Attr = ]
C:\WINDOWS\System32\drivers\tmcomm.sys Trend Micro Inc. [Ver = 1.5.0.1052 | Size = 76560 bytes | Modified Date = 3/27/2007 5:49:24 PM | Attr = ]
C:\WINDOWS\System32\drivers\etc\hosts.msn [Ver = | Size = 10188 bytes | Modified Date = 3/28/2007 12:42:34 PM | Attr = ]

换换换换换换换换换换 File String Scan (Non-Microsoft Only) 换换?
[PEC2 , ]C:\WINDOWS\System32\dfrg.msc ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\crxgbi.exe ()
[winsync , ]C:\WINDOWS\System32\wbdbase.deu ()
[PEC2 , PECompact2 , ]C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
[aspack , ]C:\WINDOWS\System32\iwuokc.exe ()
[aspack , ]C:\WINDOWS\System32\osootzlh.exe ()
[aspack , ]C:\WINDOWS\System32\uammjcp.exe ()
[aspack , ]C:\WINDOWS\System32\gebrv.exe ()
[aspack , ]C:\WINDOWS\System32\fjsrsyiq.exe ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\lrpag.exe ()
[UPX! , UPX0 , ]C:\WINDOWS\System32\loqzfovh.exe ()
[UPX0 , WSUD , ]C:\WINDOWS\System32\dllcache\hwxjpn.dll ()
[abetterinternet.com , ]C:\WINDOWS\System32\drivers\etc\hosts.msn ()

< End of report >
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby SnoopDogg » April 3rd, 2007, 10:22 pm

Logfile of HijackThis v1.99.1
Scan saved at 10:21:57 AM, on 4/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\spoolvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\HJT\HijackThis.exe

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KeySetState] C:\Documents and Settings\StreetBaller89\Local Settings\Temp\wzf69c\KeySet.exe /keyset
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBD34D7A-E679-4044-86F1-E8E5D21D073F}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Client Debug Manager - Unknown owner - C:\WINDOWS\system32\spoolvc.exe

P/S: cmd.exe was not opened before, while or after HJT scan. I believe it's
running illegally.


http://www.thespykiller.co.uk/index.php ... 10.new#new
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby random/random » April 4th, 2007, 11:14 am

That doesn't look like the whole log, please post the rest of the log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby SnoopDogg » April 5th, 2007, 1:46 am

the rest of which log ? HJT or WinpFind ?
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby random/random » April 5th, 2007, 8:43 am

Sorry, I didn't look at the second page, unfortunately those logs have shown an extreme infestation of malware

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby SnoopDogg » April 5th, 2007, 11:13 am

Thanks for replying again...Yes indeed, im having tons of troubles with the viruses and trojans. But apart from reformatting or reinstalling, do i have another option ? For example some antivirus clean-up and stuffs... currently im using AntiVir Guard and it doesn't seem to clean very good, unlike some other programs. I was disappointed on online scans cuz they only scan and doesnt clean.

The bottom line, i juz wish that i hav another option cuz i've reinstalled for like about 4 times in the past 6 months... reformat, juz giving me a headache of where should i store my data.... :roll:
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby SnoopDogg » April 5th, 2007, 11:14 am

-addition-
Im sharing this comp with 3 other siblings
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby random/random » April 5th, 2007, 11:28 am

Thanks for replying again...Yes indeed, im having tons of troubles with the viruses and trojans. But apart from reformatting or reinstalling, do i have another option ? For example some antivirus clean-up and stuffs... currently im using AntiVir Guard and it doesn't seem to clean very good, unlike some other programs. I was disappointed on online scans cuz they only scan and doesnt clean.


Antivir is probably among the best free AVs, you could try AOL's active virus shield which is based on the Kaspersky engine, just untick the option to install the security toolbar during installation

The bottom line, i juz wish that i hav another option cuz i've reinstalled for like about 4 times in the past 6 months... reformat, juz giving me a headache of where should i store my data.... Rolling Eyes


I recommend a second or external harddrive


-addition-
Im sharing this comp with 3 other siblings


If you want to clean this computer then we can try to do so, but eveytime you post a new log I see more malware!

Copy/paste the following quote box into a new notepad (not wordpad) document. Make sure that wordwrap is turned off.

sc stop "Client Debug Manager"
sc delete "Client Debug Manager"


Save it to your Desktop as cleanup.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: cleanup.bat

Locate cleanup.bat on your Desktop and double-click it. A DOS window will open briefly and then close, this is normal

  • Download Pocket Killbox by Option^Explicit from here
  • Double-click on Killbox.exe to start Pocket Killbox
  • Select the Delete on reboot option
  • Click on All Files
  • Select the text in the below codebox and press Ctrl+C to copy it to the clipboard
    Code: Select all
    C:\WINDOWS\System32\telecomes.exe
    C:\WINDOWS\System32\agjler.exe
    C:\WINDOWS\System32\iwuokc.exe
    C:\WINDOWS\System32\osootzlh.exe
    C:\WINDOWS\System32\uammjcp.exe
    C:\WINDOWS\System32\gebrv.exe
    C:\WINDOWS\System32\kcnpm.exe
    C:\WINDOWS\System32\fjsrsyiq.exe
    C:\WINDOWS\System32\lrpag.exe
    C:\WINDOWS\System32\gbeu.exe
    C:\WINDOWS\System32\padhz.exe
    C:\WINDOWS\System32\cygs.exe
    C:\WINDOWS\System32\fmokyhcm.exe
    C:\WINDOWS\System32\spad.exe
    C:\WINDOWS\System32\ubrrv.exe
    C:\WINDOWS\System32\pmydsq.exe
    C:\WINDOWS\System32\loqzfovh.exe
    C:\WINDOWS\System32\loqzfovh.exe
    C:\WINDOWS\System32\pqseui.exe
    C:\WINDOWS\System32\ejnxksm.exe
    C:\WINDOWS\System32\fibfo.exe
    C:\WINDOWS\System32\qktuyc.exe
    C:\WINDOWS\System32\mgykl.exe
    C:\WINDOWS\System32\oyfkfck.exe
    C:\WINDOWS\System32\fodvue.exe
    C:\WINDOWS\System32\nffvkdkx.exe
    C:\WINDOWS\System32\zudptx.exe
    C:\WINDOWS\System32\zbhg.exe
    C:\WINDOWS\System32\cxwtgoy.exe
    C:\WINDOWS\System32\hjrcwnqh.exe
    C:\WINDOWS\System32\ilfhc.exe
    C:\WINDOWS\System32\spoolvc.exe
    C:\WINDOWS\System32\lrpag.exe
    C:\WINDOWS\System32\explorer.exe
    C:\WINDOWS\system32\spoolvc.exe
    C:\WINDOWS\system32\ilfhc.exe
    C:\WINDOWS\system32\csrs.exe
    C:\WINDOWS\System32\wnwavm.exe
    C:\Documents and Settings\Swee Pei\Local Settings\Temp\wz1b45\KeySet.exe
    C:\WINDOWS\System32\winupd32.exe
    
  • Go back to Pocket Killbox and click File > Paste from clipboard
  • Click on the button in Pocket Killbox that looks like thisImage
  • You will now get the prompt Files will be removed on reboot, Do you want reboot now?
  • Click Yes, this will restart your pc
  • Note: If your PC does not restart automatically, please restart it manually

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Copy the contents of the following codebox to a notepad window

Code: Select all
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced DHTML Enable]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Client Server Runtime Process]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Cryptographic Service]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KeySetState]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Lsass Center]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Service Agent]

 


Save it to the desktop as fix.reg, making sure save as type is set to all files

Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
O4 - HKCU\..\Run: [KeySetState] C:\Documents and Settings\StreetBaller89\Local Settings\Temp\wzf69c\KeySet.exe /keyset

Then close all windows except HijackThis and click Fix Checked

Our experts would like some samples of the files you are infected with

Run Suspicious File Packer

Paste the following list of bad files into the Suspicious File Packer window:

Code: Select all
C:\!killbox
C:\!killbox\*.*



Allow SFP to pack the files. This will generate a CAB archive on your desktop.

Please click here

You will be taken to a new post page (at a different forum)
In the subject box put Suspicious files for analysis

Please put your name and email in the relevant boxes. In the message portion, please paste this:
Code: Select all
Infected Files for analysis
Suspect: Rbots/downloaders
logfile: http://forum.malwareremoval.com/viewtopic.php?t=19149


Then, by the attach bar at the bottom, hit 'browse' Find this file, and hit ok:
C:\Documents and Settings\User\Desktop\requested-files[date].cab

Then click submit to upload that file. That way our experts can analyse the file

Please post a link to the topic at the other forum as a response to this topic

  • Please download F-Secure Blacklight (fsbl.exe) from here
  • Save into C:\ with a name of fsbl.exe
  • Go to Start > Run
  • Copy and paste the contents of the below codebox into the run box
    Code: Select all
    C:\fsbl.exe /expert
  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • A logfile will have been created in the C:\ drive
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG anti-spyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Post back with a link to your topic at thespykiller, a new HijackThis log, a new winPfind log, the blacklight log and the AVG-antispyware log
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby SnoopDogg » April 5th, 2007, 11:40 am

erm.. what/where is a/the clipboard ?
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby random/random » April 5th, 2007, 11:41 am

The clipboard is an area of memory where windows stores stuff when you copy stuff

Ctrl+C does the same thing as edit>copy or Right click>copy
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby SnoopDogg » April 5th, 2007, 11:45 am

i cant...
File>Paste from clipboard
doesnt work

the blank space became yellow and it says that i havnt specified any files to delete
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby random/random » April 5th, 2007, 11:48 am

Click on the white box in killbox, right click and then click paste
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm

Unread postby SnoopDogg » April 5th, 2007, 11:52 am

i only get C:\WINDOWS\System32\telecomes.exe after pasting... anyway im trying to run
SnoopDogg
Regular Member
 
Posts: 61
Joined: March 28th, 2007, 11:41 pm
Location: >_<

Unread postby random/random » April 5th, 2007, 11:55 am

In that case, instead of the kill box instructions do this:

Please download the OTMoveIt from here:
http://download.bleepingcomputer.com/ol ... MoveIt.exe
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\System32\telecomes.exe
    C:\WINDOWS\System32\agjler.exe
    C:\WINDOWS\System32\iwuokc.exe
    C:\WINDOWS\System32\osootzlh.exe
    C:\WINDOWS\System32\uammjcp.exe
    C:\WINDOWS\System32\gebrv.exe
    C:\WINDOWS\System32\kcnpm.exe
    C:\WINDOWS\System32\fjsrsyiq.exe
    C:\WINDOWS\System32\lrpag.exe
    C:\WINDOWS\System32\gbeu.exe
    C:\WINDOWS\System32\padhz.exe
    C:\WINDOWS\System32\cygs.exe
    C:\WINDOWS\System32\fmokyhcm.exe
    C:\WINDOWS\System32\spad.exe
    C:\WINDOWS\System32\ubrrv.exe
    C:\WINDOWS\System32\pmydsq.exe
    C:\WINDOWS\System32\loqzfovh.exe
    C:\WINDOWS\System32\loqzfovh.exe
    C:\WINDOWS\System32\pqseui.exe
    C:\WINDOWS\System32\ejnxksm.exe
    C:\WINDOWS\System32\fibfo.exe
    C:\WINDOWS\System32\qktuyc.exe
    C:\WINDOWS\System32\mgykl.exe
    C:\WINDOWS\System32\oyfkfck.exe
    C:\WINDOWS\System32\fodvue.exe
    C:\WINDOWS\System32\nffvkdkx.exe
    C:\WINDOWS\System32\zudptx.exe
    C:\WINDOWS\System32\zbhg.exe
    C:\WINDOWS\System32\cxwtgoy.exe
    C:\WINDOWS\System32\hjrcwnqh.exe
    C:\WINDOWS\System32\ilfhc.exe
    C:\WINDOWS\System32\spoolvc.exe
    C:\WINDOWS\System32\lrpag.exe
    C:\WINDOWS\System32\explorer.exe
    C:\WINDOWS\system32\spoolvc.exe
    C:\WINDOWS\system32\ilfhc.exe
    C:\WINDOWS\system32\csrs.exe
    C:\WINDOWS\System32\wnwavm.exe
    C:\Documents and Settings\Swee Pei\Local Settings\Temp\wz1b45\KeySet.exe
    C:\WINDOWS\System32\winupd32.exe


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • The list will be processed and the results for each line will be displayed in the right-hand pane.
  • Highlight everything in the Results window, press CTRL+C or right-click, choose Copy, right-click again and Paste it in your next reply.
  • Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
User avatar
random/random
Developer
Developer
 
Posts: 7733
Joined: December 18th, 2005, 3:30 pm
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 479 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware