Help with this annoyinh pop ups and unknown internet explorer toolbar..

Question

networkmancer -13 Light Poster

15 Years Ago

I have a problem in my desktop when i click something, something will appear (see the picture 1)

picture 1

[IMG]http://img254.imageshack.us/img254/7114/76814144mk0.jpg[/IMG]

and this insane toolbar that instantly appear in my internet explorer and this Insecure Internet activity. Threat of virus attack. see picture 2

picture2

[IMG]http://img254.imageshack.us/img254/4710/31905354rz8.jpg[/IMG]

heres my HJT log

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Users\Aldrin\Desktop\CABAL DOWNLOADER.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Java\jre6\bin\ssvagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Aldrin\Documents\Downloads\Programs\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: QXK Olive - {058E578B-3561-4D17-8CD5-0437D9E68E4B} - C:\Windows\nfavxwdbfld.dll
O2 - BHO: (no name) - {269DEFC5-27A0-4ECF-8D4A-5CB1E295F89A} - C:\Windows\system32\efcASKeb.dll
O2 - BHO: QXK Olive - {3F8EC571-356D-4AD4-BD8B-E2E3D9C9D957} - C:\Windows\nfavxwdbkwm.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: AOL Toolbar - {FB0E529A-3D2C-473E-83FE-9E56AC6CC0EB} - C:\Windows\system32\aol_bho.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: fdkowvbp - {BF7C3536-5B35-48E1-B0BD-8861EC186720} - C:\Windows\fdkowvbp.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\awtsTNge.dll,#1
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [c84eaa98] rundll32.exe "C:\Windows\system32\fpnutxcq.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O21 - SSODL: wnslvxtf - {B1BC99E8-F73F-490E-B13B-427AD8EBB8AE} - C:\Windows\wnslvxtf.dll
O21 - SSODL: eqvwamkl - {405C8D97-3302-4AE8-A714-E4F85494BB7F} - C:\Windows\eqvwamkl.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\Windows\system32\npkcsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8979 bytes

Help me plsss..

windows-virus

3 Contributors
6 Replies
267 Views
2 Days Discussion Span
Latest Post 15 Years Ago Latest Post by jholland1964

All 6 Replies

jholland1964 650 Posting Expert

15 Years Ago

First of all, for heaven's sake DON'T click to install that antispyware the pop-up offers. If by the toolbar, you mean that Yahoo one, I would be annoyed also.
We recommend you begin with all the steps on this sticky Read me before posting a request for assistance

Follow all those steps, saving any requested logs. When you have completed all the steps then post back here with all the requested logs.
There are signs of infection in your HJT log. These steps should take care of much of it. Give us those new logs and we can decide if other steps are needed.

Judy

jholland1964 650 Posting Expert

15 Years Ago

IM not dumb enough to click install the antispyware SIR..... And I dont mean that yahoo one, the "fdkowvbp" toolbar..

Obviously you felt I meant to insult you, I did not. It is a warning one normally gives, especially because so many people DO click install.
By the way, I am NOT a SIR.
Your fdkowvbp toolbar is indicative of a FakeAlert or Smitfraud Infection, your QXK Olive toolbar is indicative of a Zlob infection, your Megaupload Toolbar is also one very much a subject of debate as to whether it is safe or not. You have two entries indicative of Adware.Agent malware and you have the Trojan-Downloader.Win32.Agent loading as a start up service.
These are just SOME of the infected items showing in the HJT log, there ARE more and chances are there are many, many more which do not show. If you want to get the computer clean then begin by running the programs in the link I gave you. Be sure to TURN OFF Spyware Doctor, BitTorrent, Yahoo Messenger until this computer is clean. All are unnecessary and should not be running while clean up is taking place.
Your Java is out of date. Current version is version 6 update 7.
You also do not appear to be running a firewall, which is very important, especially since your system is definitely infected with at the very least one trojan downloader and very possibly more.

You have also left off the top part of the HJT log, the portion which would read like this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:13 PM, on 7/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

This portion is very important as it tells us WHEN the scan was run, operating system, and IE version.
This info is vital as it does help determine which programs can or should be used on the computer.
Please include this in your next log.
Boot mode: Normal

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

networkmancer -13 Light Poster · Answer 1 · 2008-08-01T08:07:34+00:00

First of all, for heaven's sake DON'T click to install that antispyware the pop-up offers. If by the toolbar, you mean that Yahoo one, I would be annoyed also.
We recommend you begin with all the steps on this sticky Read me before posting a request for assistance
Follow all those steps, saving any requested logs. When you have completed all the steps then post back here with all the requested logs.
There are signs of infection in your HJT log. These steps should take care of much of it. Give us those new logs and we can decide if other steps are needed.
Judy

IM not dumb enough to click install the antispyware SIR..... And I dont mean that yahoo one, the "fdkowvbp" toolbar..

networkmancer -13 Light Poster · Answer 2 · 2008-08-03T11:08:03+00:00

Deckard's System Scanner v20071014.68
Run by Aldrin on 2002-01-03 09:11:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2002-01-02 23:29:39 UTC - RP26 - Spyware Doctor: Cleaning Threats
2: 2002-01-02 23:05:30 UTC - RP24 - Spyware Doctor: Cleaning Threats
1: 2002-01-02 21:25:00 UTC - RP22 - Last known good configuration

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1023 MiB (1024 MiB recommended).

-- HijackThis (run as Aldrin.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:40 AM, on 1/3/2002
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32krn.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Garena\Garena.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldrin\Documents\Downloads\Programs\dss.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Aldrin\DOCUME~1\DOWNLO~1\Programs\Aldrin.exe
C:\Users\Aldrin\Documents\Downloads\Programs\windows-kb890830-v2.0.exe
c:\3c2be2ea9cd8c940a9682fcb88\mrtstub.exe
C:\Windows\system32\MRT.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: QXK Olive - {058E578B-3561-4D17-8CD5-0437D9E68E4B} - C:\Windows\nfavxwdbfld.dll
O2 - BHO: QXK Olive - {3F8EC571-356D-4AD4-BD8B-E2E3D9C9D957} - C:\Windows\nfavxwdbkwm.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: AOL Toolbar - {FB0E529A-3D2C-473E-83FE-9E56AC6CC0EB} - C:\Windows\system32\aol_bho.dll
O2 - BHO: (no name) - {FB5420FE-59B2-470C-B1C4-269C4B401F65} - C:\Windows\system32\efcASKeb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: fdkowvbp - {BF7C3536-5B35-48E1-B0BD-8861EC186720} - C:\Windows\fdkowvbp.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnolKdB.dll,#1
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [c84eaa98] rundll32.exe "C:\Windows\system32\msiaplsp.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupgames.ph/keycrypt/npkcx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O21 - SSODL: wnslvxtf - {B1BC99E8-F73F-490E-B13B-427AD8EBB8AE} - C:\Windows\wnslvxtf.dll
O21 - SSODL: eqvwamkl - {405C8D97-3302-4AE8-A714-E4F85494BB7F} - C:\Windows\eqvwamkl.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\Windows\system32\npkcsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9172 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 Pcatip - c:\windows\system32\drivers\pcatip.sys <Not Verified; VSO Software; Patin-Couffin Autoplay(tm) support driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S0 OemBiosDevice (Royalty OEM BIOS Extension) - c:\windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
S3 npkcrypt - \??\c:\windows\system32\npkcrypt.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S2 npkcsvc - c:\windows\system32\npkcsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Service>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-26 12:18:27 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{5E8950D6-9454-4717-A8EF-1F4826CAE96E}.job

-- Files created between 2001-12-03 and 2002-01-03 -----------------------------

2008-07-26 10:16:11 0 d-------- C:\Windows\system32\QuickTime
2008-07-22 01:20:29 0 d-------- C:\Users\All Users\Macromedia
2008-07-22 01:18:03 0 d-------- C:\Program Files\Macromedia
2008-07-22 01:18:03 0 d-------- C:\Program Files\Common Files\Macromedia
2008-07-22 01:17:12 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-22 01:16:44 0 d-------- C:\Windows\Downloaded Installations
2008-07-21 22:57:06 0 d-------- C:\Program Files\Xilisoft
2008-07-21 22:20:27 0 d-------- C:\Program Files\Audio MP3 Editor
2008-07-21 22:14:58 0 d-------- C:\Program Files\XviD
2008-07-21 22:14:44 398798 --a------ C:\Windows\system32\apexpmp.exe <Not Verified; IndigoSTAR Software; IndigoPerl>
2008-07-21 22:14:44 4755968 --a------ C:\Windows\system32\apexconverter.exe
2008-07-21 22:14:44 120320 --a------ C:\Windows\system32\apexchanger.exe
2008-07-21 22:14:44 109568 --a------ C:\Windows\system32\apex3gp.exe
2008-07-21 22:14:42 61440 --a------ C:\Windows\system32\cygz.dll
2008-07-21 22:14:42 1295582 --a------ C:\Windows\system32\cygwin1.dll <Not Verified; Red Hat; Cygwin>
2008-07-21 22:14:42 3138048 --a------ C:\Windows\system32\apexxbox.exe
2008-07-21 22:14:42 86016 --a------ C:\Windows\system32\AddiTunes.exe
2008-07-21 22:14:41 626688 --a------ C:\Windows\system32\NCTImageFile.dll <Not Verified; Online Media Technologies Ltd.; NCTImageFile ActiveX DLL>
2008-07-21 22:14:27 249856 --a------ C:\Windows\system32\NCTQuickTimeFile.dll <Not Verified; Online Media Technologies Company Ltd.; NCTQuickTimeFile Module>
2008-07-21 22:14:07 764416 --a------ C:\Windows\system32\NCTRMFile.dll <Not Verified; NCT Company Ltd.; NCTRMFile ActiveX DLL>
2008-07-21 22:13:47 495104 --a------ C:\Windows\system32\NCTVideoCoreM.dll <Not Verified; NCT Company Ltd.; NCTVideoCoreM ActiveX DLL>
2008-07-21 22:13:27 382464 --a------ C:\Windows\system32\NCTAVIFile.dll <Not Verified; NCT Company Ltd.; NCTAVIFile ActiveX DLL>
2008-07-21 22:13:06 780288 --a------ C:\Windows\system32\NCTVideoCompress.dll <Not Verified; NCT Company Ltd.; NCTVideoCompress ActiveX DLL>
2008-07-21 22:13:06 90112 --a------ C:\Windows\system32\NCTAudioFormatSettings3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2008-07-21 22:13:06 2846720 --a------ C:\Windows\system32\NCTAudioCompress3.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2008-07-21 22:12:53 312320 --a------ C:\Windows\system32\NCTVideoView.dll <Not Verified; Online Media Technologies Ltd.; NCTVideoView ActiveX DLL>
2008-07-21 22:12:36 188416 --a------ C:\Windows\system32\NCTVideoFile.dll <Not Verified; NCT Company Ltd.; NCTVideoFile ActiveX DLL>
2008-07-21 22:12:15 778240 --a------ C:\Windows\system32\NCTAudioCompress2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress2 Module>
2008-07-21 22:12:07 215552 --a------ C:\Windows\system32\NCTWMVFile.dll <Not Verified; NCT Company Ltd.; NCTWMVFile ActiveX DLL>
2008-07-21 22:12:06 237568 --a------ C:\Windows\system32\lame_enc.dll
2008-07-21 22:12:06 1700352 --a------ C:\Windows\system32\gdiplus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-21 22:12:03 81920 --a------ C:\Windows\system32\viscomwave.dll <Not Verified; Viscom Software; >
2008-07-21 22:12:03 147456 --a------ C:\Windows\system32\viscomqtenc.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2008-07-21 22:12:03 139264 --a------ C:\Windows\system32\viscomqtde.dll <Not Verified; Viscom Software www.viscomsoft.com; >
2008-07-21 22:12:03 0 d-------- C:\Windows\system32\RMBin
2008-07-21 22:11:53 0 d-------- C:\Program Files\Apex
2008-07-21 22:11:53 0 d-------- C:\Apex
2008-07-21 22:07:12 348160 --a------ C:\Windows\system32\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-07-21 22:07:08 0 d-------- C:\Program Files\Acoustica MP3 Audio Mixer
2008-07-21 09:05:29 0 d-------- C:\Program Files\Internet Download Manager
2008-07-21 08:00:09 0 d-------- C:\Program Files\Garena
2008-07-21 08:00:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-21 07:47:43 0 d-------- C:\Program Files\MegauploadToolbar
2008-07-21 06:32:21 0 d-------- C:\Program Files\Microsoft Works
2008-07-21 06:28:46 0 d-------- C:\Windows\PCHEALTH
2008-07-21 06:28:45 0 d-------- C:\Program Files\Microsoft.NET
2008-07-21 06:23:00 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-07-21 06:20:24 0 d-------- C:\Users\All Users\Microsoft Help
2008-07-21 06:19:46 0 dr-h----- C:\MSOCache
2008-07-21 06:17:47 0 d-------- C:\Windows\Panther
2008-07-21 06:17:31 0 d--hs---- C:\Boot
2008-07-21 05:26:12 0 d-------- C:\Program Files\DNA
2008-07-21 05:26:11 0 d-------- C:\Program Files\BitTorrent
2008-07-21 04:49:14 0 d-------- C:\Program Files\QuickFix
2008-07-21 04:41:57 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
2008-07-21 04:41:05 0 d------c- C:\Windows\system32\DRVSTORE
2008-07-20 17:51:08 0 d-------- C:\Program Files\EA SPORTS
2008-07-20 17:50:56 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-07-20 17:05:09 0 d-------- C:\Program Files\UltraISO
2008-07-20 16:53:44 0 d-------- C:\Windows\system32\Macromed
2008-07-20 16:50:18 0 d--hs---- C:\Windows\Installer
2008-07-20 15:26:41 0 d-------- C:\Program Files\Yahoo!
2008-07-20 15:26:26 0 d-------- C:\Program Files\CCleaner
2008-07-20 14:54:02 298104 --a------ C:\Windows\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-07-20 14:32:13 0 dr------- C:\Users\Aldrin\Searches
2008-07-20 14:31:52 0 dr------- C:\Users\Aldrin\Contacts
2008-07-20 14:31:45 0 dr------- C:\Users\Aldrin\Videos
2008-07-20 14:31:45 0 d--hs---- C:\Users\Aldrin\Templates
2008-07-20 14:31:45 0 d--hs---- C:\Users\Aldrin\Start Menu
2008-07-20 14:31:45 0 d--hs---- C:\Users\Aldrin\SendTo
2008-07-20 14:31:45 0 dr------- C:\Users\Aldrin\Saved Games
2008-07-20 14:31:45 0 d--hs---- C:\Users\Aldrin\Recent
2008-07-20 14:31:45 0 d--hs---- C:\Users\Aldrin\PrintHood
2008-07-20 14:31:45 0 dr------- C:\Users\Aldrin\Pictures
2008-07-20 14:31:45 1835008 --ahs---- C:\Users\Aldrin\NTUSER.DAT
2008-07-20 14:31:45 0 d--hs---- C:\Users\Aldrin\NetHood
2008-07-20 14:31:45 0 d--hs---- C:\Users\Aldrin\My Documents
2008-07-20 14:31:45 0 dr------- C:\Users\Aldrin\Music
2008-07-20 14:31:45 0 d--hs---- C:\Users\Aldrin\Local Settings
2008-07-20 14:31:45 0 dr------- C:\Users\Aldrin\Links
2008-07-20 14:31:45 0 dr------- C:\Users\Aldrin\Favorites
2008-07-20 14:31:45 0 dr------- C:\Users\Aldrin\Downloads
2008-07-20 14:31:45 0 dr------- C:\Users\Aldrin\Documents
2008-07-20 14:31:45 0 dr------- C:\Users\Aldrin\Desktop
2008-07-20 14:31:45 0 d--hs---- C:\Users\Aldrin\Cookies
2008-07-20 14:31:45 0 d--hs---- C:\Users\Aldrin\Application Data
2008-07-20 14:31:45 0 d--h----- C:\Users\Aldrin\AppData
2008-07-20 14:22:37 0 --a------ C:\Windows\system32\atiicdxx.dat
2008-07-20 14:21:25 0 d-------- C:\Windows\SoftwareDistribution
2008-07-20 14:20:36 0 d-------- C:\Windows\Debug
2008-07-20 14:20:36 0 d-------- C:\Windows\CSC
2008-07-20 14:18:50 0 d-------- C:\Windows\Prefetch
2008-07-20 14:18:34 0 d--hs---- C:\System Volume Information
2008-07-20 10:02:45 0 d-------- C:\Users\All Users\JCreator
2008-07-20 10:02:05 0 d-a------ C:\Users\All Users\TEMP
2008-07-20 10:01:47 0 d-------- C:\Program Files\Xinox Software
2008-07-20 08:43:11 243478 --a------ C:\Program Files\cabal_total.exe
2008-07-20 05:45:27 0 d-------- C:\Program Files\SD
2008-07-20 00:47:28 0 d-------- C:\Program Files\Common Files\Bcgsoft
2008-07-20 00:44:14 0 d-------- C:\Program Files\PowerCDR
2008-07-20 00:43:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-20 00:40:49 49152 -----n--- C:\Windows\system32\MultiSZ.dll <Not Verified; Ahead Software AG\r\nim Stoeckmaedle 6\r\n76307 Karlsbad, Germany\r\nFax: ++49-7248-911-888\r\ne-mail: info@nero.com; MultiSZ/ACL Installation Library>
2008-07-20 00:40:36 106496 --a------ C:\Windows\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-07-20 00:40:36 35328 --a------ C:\Windows\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-07-20 00:40:35 532480 --a------ C:\Windows\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-07-20 00:40:34 507904 --a------ C:\Windows\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-07-20 00:40:33 155648 --a------ C:\Windows\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-07-20 00:40:33 0 d-------- C:\Program Files\Ahead
2007-03-21 20:54:16 69632 --a------ C:\Windows\system32\TWUNK_32.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-03-21 20:54:16 48560 --a------ C:\Windows\system32\TWUNK_16.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-03-21 20:54:16 77312 --a------ C:\Windows\system32\TWAIN_32.DLL <Not Verified; Twain Working Group; Twain_32 Source Manager>
2006-11-02 21:00:38 0 d--hs---- C:\Users\Default\Templates
2006-11-02 21:00:38 0 d--hs---- C:\Users\Default\Start Menu
2006-11-02 21:00:38 0 d--hs---- C:\Users\Default\SendTo
2006-11-02 21:00:38 0 d--hs---- C:\Users\Default\Recent
2006-11-02 21:00:38 0 d--hs---- C:\Users\Default\PrintHood
2006-11-02 21:00:38 0 d--hs---- C:\Users\Default\NetHood
2006-11-02 21:00:38 0 d--hs---- C:\Users\Default\My Documents
2006-11-02 21:00:38 0 d--hs---- C:\Users\Default\Local Settings
2006-11-02 21:00:38 0 d--hs---- C:\Users\Default\Cookies
2006-11-02 21:00:38 0 d--hs---- C:\Users\Default\Application Data
2006-11-02 21:00:38 0 d--hs---- C:\Users\All Users\Templates
2006-11-02 21:00:38 0 d--hs---- C:\Users\All Users\Start Menu
2006-11-02 21:00:38 0 d--hs---- C:\Users\All Users\Favorites
2006-11-02 21:00:38 0 d--hs---- C:\Users\All Users\Documents
2006-11-02 21:00:38 0 d--hs---- C:\Users\All Users\Desktop
2006-11-02 21:00:38 0 d--hs---- C:\Users\All Users\Application Data
2006-11-02 21:00:38 0 d--hs---- C:\Documents and Settings
2006-11-02 20:46:43 0 d-------- C:\Windows\Setup
2006-11-02 20:46:40 0 d-------- C:\Windows\ServiceProfiles
2006-11-02 20:46:34 0 d---s---- C:\Windows\system32\Microsoft
2006-11-02 20:41:10 0 d-------- C:\Windows\WindowsMobile
2006-11-02 20:41:10 0 d-------- C:\Windows\system32\winrm
2006-11-02 20:41:10 0 d-------- C:\Windows\system32\slmgr
2006-11-02 20:41:10 0 d-------- C:\Windows\system32\en
2006-11-02 20:41:10 0 d-------- C:\Windows\system32\drivers\en-US
2006-11-02 20:41:10 0 d-------- C:\Windows\system32\Branding
2006-11-02 20:41:10 0 d-------- C:\Windows\system32\0409
2006-11-02 20:41:10 0 d-------- C:\Windows\en-US
2006-11-02 20:41:09 0 d-------- C:\Windows\system32\WCN
2006-11-02 20:41:09 0 d-------- C:\Windows\system32\Printing_Admin_Scripts
2006-11-02 20:35:51 0 d-------- C:\Windows\twain_32
2006-11-02 20:35:51 0 d-------- C:\Windows\system32\XPSViewer
2006-11-02 20:35:51 0 d-------- C:\Windows\system32\restore
2006-11-02 20:35:51 0 d-------- C:\Windows\system32\FxsTmp
2006-11-02 20:35:51 0 d-------- C:\Windows\ShellNew
2006-11-02 20:35:51 0 d-------- C:\Windows\Performance
2006-11-02 20:35:51 0 d-------- C:\Windows\ehome
2006-11-02 20:35:51 0 d-------- C:\Windows\DigitalLocker
2006-11-02 20:35:51 0 d-------- C:\Windows\addins
2006-11-02 20:35:51 0 d-------- C:\Program Files\Windows Calendar
2006-11-02 20:35:50 0 d-------- C:\Program Files\Windows Sidebar
2006-11-02 20:35:50 0 d-------- C:\Program Files\Windows Photo Gallery
2006-11-02 20:35:50 0 d-------- C:\Program Files\Windows Journal
2006-11-02 20:35:50 0 d-------- C:\Program Files\Windows Defender
2006-11-02 20:35:50 0 d-------- C:\Program Files\Windows Collaboration
2006-11-02 20:35:50 0 d-------- C:\Program Files\Reference Assemblies
2006-11-02 20:35:50 0 d-------- C:\Program Files\MSBuild
2006-11-02 20:35:50 0 d-------- C:\Program Files\Movie Maker
2006-11-02 20:35:50 0 d-------- C:\Program Files\Microsoft Games
2006-11-02 19:18:44 0 d-------- C:\Windows\winsxs
2006-11-02 19:18:44 0 d-------- C:\Windows\Web
2006-11-02 19:18:44 0 d-------- C:\Windows\tracing
2006-11-02 19:18:44 0 d-------- C:\Windows\Tasks
2006-11-02 19:18:44 0 d-------- C:\Windows\tapi
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\zh-TW
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\zh-HK
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\zh-CN
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\winevt
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\wfp
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\WDI
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\wbem
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\uk-UA
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\tr-TR
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\th-TH
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\Tasks
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\sysprep
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\sv-SE
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\sr-Latn-CS
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\spool
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\Speech
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\SMI
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\SLUI
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\sl-SI
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\sk-SK
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\setup
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\ru-RU
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\ro-RO
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\RemInst
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\ras
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\pt-PT
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\pt-BR
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\pl-PL
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\oobe
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\nl-NL
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\networklist
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\NDF
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\nb-NO
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\MUI
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\Msdtc
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\migwiz
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\migration
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\manifeststore
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\lv-LV
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\lt-LT
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\LogFiles
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\licensing
2006-11-02 19:18:43 0 d-------- C:\Windows\system32\ko-KR
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\ja-JP
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\it-IT
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\inetsrv
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\IME
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\icsxml
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\ias
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\hu-HU
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\hr-HR
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\he-IL
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\GroupPolicyUsers
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\GroupPolicy
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\fr-FR
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\fi-FI
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\et-EE
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\es-ES
2006-11-02 19:18:42 0 d-------- C:\Windows\system32\el-GR
2006-11-02 19:18:36 0 d-------- C:\Windows\System32
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\DriverStore
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\drivers
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\drivers\UMDF
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\drivers\etc
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\de-DE
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\da-DK
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\cs-CZ
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\config
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\com
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\CodeIntegrity
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\catroot2
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\catroot
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\Boot
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\bg-BG
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\ar-SA
2006-11-02 19:18:36 0 d-------- C:\Windows\system32\AdvancedInstallers
2006-11-02 19:18:36 0 d-------- C:\Windows\system
2006-11-02 19:18:36 0 d-------- C:\Windows\Speech
2006-11-02 19:18:36 0 d-------- C:\Windows\servicing
2006-11-02 19:18:36 0 d-------- C:\Windows\security
2006-11-02 19:18:36 0 d-------- C:\Windows\schemas
2006-11-02 19:18:36 0 d-------- C:\Windows\SchCache
2006-11-02 19:18:36 0 d-------- C:\Windows\Resources
2006-11-02 19:18:36 0 d-------- C:\Windows\rescache
2006-11-02 19:18:36 0 d-------- C:\Windows\Registration
2006-11-02 19:18:36 0 d-------- C:\Windows\Provisioning
2006-11-02 19:18:36 0 d-------- C:\Windows\PolicyDefinitions
2006-11-02 19:18:35 0 d-------- C:\Windows\PLA
2006-11-02 19:18:35 0 dr------- C:\Windows\Offline Web Pages
2006-11-02 19:18:35 0 d-------- C:\Windows\nap
2006-11-02 19:18:35 0 d-------- C:\Windows\MSAgent
2006-11-02 19:18:35 0 d-------- C:\Windows\ModemLogs
2006-11-02 19:18:35 0 dr--s---- C:\Windows\Media
2006-11-02 19:18:35 0 d-------- C:\Windows\Logs
2006-11-02 19:18:35 0 d-------- C:\Windows\LiveKernelReports
2006-11-02 19:18:35 0 d-------- C:\Windows\L2Schemas
2006-11-02 19:18:34 0 d-------- C:\Windows
2006-11-02 19:18:34 0 d-------- C:\Windows\inf
2006-11-02 19:18:34 0 d-------- C:\Windows\IME
2006-11-02 19:18:34 0 d-------- C:\Windows\Help
2006-11-02 19:18:34 0 d-------- C:\Windows\Globalization
2006-11-02 19:18:34 0 dr--s---- C:\Windows\Fonts
2006-11-02 19:18:34 0 d---s---- C:\Windows\Downloaded Program Files
2006-11-02 19:18:34 0 d-------- C:\Windows\Cursors
2006-11-02 19:18:34 0 d-------- C:\Windows\Branding
2006-11-02 19:18:34 0 d-------- C:\Windows\Boot
2006-11-02 19:18:34 0 d-------- C:\Windows\AppPatch
2006-11-02 19:18:34 0 dr------- C:\Users\Default\Videos
2006-11-02 19:18:34 0 d-------- C:\Users\Default\Saved Games
2006-11-02 19:18:34 0 dr------- C:\Users\Default\Pictures
2006-11-02 19:18:34 0 dr------- C:\Users\Default\Music
2006-11-02 19:18:34 0 dr------- C:\Users\Default\Links
2006-11-02 19:18:34 0 dr------- C:\Users\Default\Favorites
2006-11-02 19:18:34 0 dr------- C:\Users\Default\Downloads
2006-11-02 19:18:34 0 dr------- C:\Users\Default\Documents
2006-11-02 19:18:34 0 dr------- C:\Users\Default\Desktop
2006-11-02 19:18:33 0 dr------- C:\Users
2006-11-02 19:18:33 0 d--h----- C:\Users\Default\AppData
2006-11-02 19:18:33 0 d---s---- C:\Users\All Users\Microsoft
2006-11-02 19:18:33 0 d--h----- C:\ProgramData
2006-11-02 19:18:33 0 dr------- C:\Program Files
2006-11-02 19:18:33 0 d-------- C:\Program Files\Windows NT
2006-11-02 19:18:33 0 d-------- C:\Program Files\Windows Mail
2006-11-02 19:18:33 0 d-------- C:\Program Files\Common Files
2006-11-02 19:18:33 0 d-------- C:\Program Files\Common Files\SpeechEngines
2006-11-02 19:17:19 0 d--hs---- C:\$Recycle.Bin
2006-11-02 18:22:30 262144 --ahs---- C:\Users\Default\NTUSER.DAT
2006-11-02 16:47:18 514048 -r-hs---- C:\Windows\system32\klass.exe
2006-02-28 12:41:34 61440 --a------ C:\Windows\system32\dns-sd.exe <Not Verified; Apple Computer, Inc.; Bonjour>
2006-02-28 12:41:22 53248 --a------ C:\Windows\system32\dnssd.dll <Not Verified; Apple Computer, Inc.; Bonjour>
2005-09-12 16:13:46 233472 --a------ C:\Windows\UNRecode.exe <Not Verified; Nero AG; Nero Suite Installer>
2005-09-12 16:13:46 233472 --a------ C:\Windows\UNNeroVision.exe <Not Verified; Nero AG; Nero Suite Installer>
2005-09-12 16:13:46 233472 --a------ C:\Windows\UNNeroShowTime.exe <Not Verified; Nero AG; Nero Suite Installer>
2005-09-12 16:13:46 233472 --a------ C:\Windows\UNNeroMediaHome.exe <Not Verified; Nero AG; Nero Suite Installer>
2005-09-12 16:13:46 233472 --a------ C:\Windows\UNNeroBackItUp.exe <Not Verified; Nero AG; Nero Suite Installer>
2005-06-21 09:42:28 233555 --a------ C:\Windows\system32\npkcrypt.dll <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver Support Dll>
2005-03-15 11:26:30 40960 --a------ C:\Windows\system32\npkuninst.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Uninstaller>
2005-03-14 10:27:22 65633 --a------ C:\Windows\system32\npkagt.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Agent>
2005-02-16 15:18:04 90184 --a------ C:\Windows\system32\NeroCo.dll <Not Verified; Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: info@nero.com; Nero Burning Rom>
2005-01-28 10:23:20 37009 --a------ C:\Windows\system32\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
2004-12-27 14:16:58 21442 --a------ C:\Windows\system32\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
2004-07-26 17:16:10 802816 --a------ C:\Windows\system32\imagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2004-07-26 17:16:10 258048 --a------ C:\Windows\system32\imagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2004-07-26 17:16:10 1757184 --a------ C:\Windows\system32\imagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2004-07-09 09:43:56 368640 --a------ C:\Windows\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corporation; TwnLib4 - TwainPRO v4.0 - Utility Library>
2004-04-17 15:05:28 36864 --a------ C:\Windows\system32\ametrans.dll <Not Verified; Audio2x.com; Audio Mp3 Editor Transfer Control>
2004-03-31 17:55:24 172544 --a------ C:\Windows\system32\npkcsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Service>
2004-03-09 15:35:50 53248 --a------ C:\Windows\system32\npkpdb.dll <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Program Database DLL>
2004-03-02 12:24:00 880640 --a------ C:\Windows\system32\NCTAudioEditor2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioEditor2 ActiveX DLL>
2004-03-02 12:14:38 602112 --a------ C:\Windows\system32\NCTAudioTransform2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioTransform2 ActiveX DLL>
2004-03-02 12:14:18 458752 --a------ C:\Windows\system32\NCTAudioRecord2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioRecord2 ActiveX DLL>
2004-03-02 12:10:04 1212416 --a------ C:\Windows\system32\NCTAudioInformation2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioInformation2 ActiveX DLL>
2004-03-02 12:07:20 458752 --a------ C:\Windows\system32\NCTAudioPlayer2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioPlayer2 ActiveX DLL>
2004-03-02 12:05:56 1986560 --a------ C:\Windows\system32\NCTAudioFile2.dll <Not Verified; NCT Company Ltd.; NCTAudioFile2 ActiveX DLL>
2003-12-15 12:24:30 348160 --a------ C:\Windows\system32\NCTWMAFile2.dll <Not Verified; Online Media Technologies Ltd.; NCTWMAFile2 ActiveX DLL>
2003-12-08 12:19:32 479232 --a------ C:\Windows\system32\NCTAudioVisualization2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioVisualization2 ActiveX DLL>
2003-12-08 12:16:22 327680 --a------ C:\Windows\system32\NCTAudioGrabber2.dll <Not Verified; NCT Company Ltd.; NCTAudioGrabber2 ActiveX DLL>
2002-09-10 23:10:05 495616 --a------ C:\Windows\system32\xvid.dll
2002-06-17 10:06:10 122880 --a------ C:\Windows\system32\mwecmdlg.dll <Not Verified; mp3waveditor.com; MP3 Wav Editor Common Dialog Control>
2002-06-17 09:54:04 40960 --a------ C:\Windows\system32\mweclass.dll <Not Verified; www.mp3waveditor.com; MP3 Wav Editor SubClass Control>
2002-05-22 00:00:00 14604 --a------ C:\Windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2002-01-03 09:56:32 130432 --a------ C:\Windows\system32\pzfnir.dll
2002-01-03 09:56:28 130432 --a------ C:\Windows\system32\yffxsjac.dll
2002-01-03 09:09:07 98688 --a------ C:\Windows\system32\msiaplsp.dll
2002-01-03 09:07:03 130432 --a------ C:\Windows\system32\temcix.dll
2002-01-03 09:06:50 130432 --a------ C:\Windows\system32\tetfbjou.dll
2002-01-03 09:06:23 120960 --a------ C:\Windows\system32\cjohgx.dll
2002-01-03 09:06:22 120960 --a------ C:\Windows\system32\jmbvdayi.dll
2002-01-03 09:06:21 120960 --a------ C:\Windows\system32\zkipla.dll
2002-01-03 09:06:05 120960 --a------ C:\Windows\system32\aqmuyten.dll
2002-01-03 09:03:22 328151 --ahs---- C:\Windows\system32\GhNorBeg.ini2
2002-01-03 09:03:02 322816 --a------ C:\Windows\system32\geBroNhG.dll
2002-01-03 08:58:48 120960 --a------ C:\Windows\system32\ofvbba.dll
2002-01-03 08:58:48 120960 --a------ C:\Windows\system32\brcswstd.dll
2002-01-03 08:58:14 34688 --a------ C:\Windows\system32\opnolKdB.dll
2002-01-03 08:57:38 99712 -----n--- C:\Windows\system32\lnpxoivq.dll
2002-01-03 08:31:58 0 d-------- C:\Users\All Users\Nero
2002-01-03 08:31:58 0 d-------- C:\Program Files\Common Files\Nero
2002-01-03 08:29:49 120960 --a------ C:\Windows\system32\zzryft.dll
2002-01-03 08:29:44 120960 --a------ C:\Windows\system32\keqsivxn.dll
2002-01-03 08:19:25 0 --a------ C:\end
2002-01-03 08:06:17 4682 --a------ C:\Windows\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2002-01-03 08:05:09 0 d-------- C:\Program Files\Common Files\INCA Shared
2002-01-03 08:04:08 0 d-------- C:\Program Files\e-Games
2002-01-03 07:51:41 99712 --a------ C:\Windows\system32\btnohiyu.dll
2002-01-03 07:51:36 120960 --a------ C:\Windows\system32\xvggqe.dll
2002-01-03 07:51:28 120960 --a------ C:\Windows\system32\dvmbscwk.dll
2002-01-03 07:46:06 120960 --a------ C:\Windows\system32\jhbshp.dll
2002-01-03 07:45:59 120960 --a------ C:\Windows\system32\xxbrrrbl.dll
2002-01-03 07:41:40 120960 --a------ C:\Windows\system32\uqzqax.dll
2002-01-03 07:41:30 120960 --a------ C:\Windows\system32\cbfhlfqc.dll
2002-01-03 07:41:03 120448 --a------ C:\Windows\system32\cfrqmr.dll
2002-01-03 07:41:00 120448 --a------ C:\Windows\system32\gesnjrrg.dll
2002-01-03 07:40:37 120960 --a------ C:\Windows\system32\iwnacr.dll
2002-01-03 07:40:33 120960 --a------ C:\Windows\system32\qjenmled.dll
2002-01-03 07:37:58 326505 --ahs---- C:\Windows\system32\psYIlUvw.ini2
2002-01-03 07:37:45 323840 --a------ C:\Windows\system32\wvUlIYsp.dll
2002-01-03 07:37:32 326505 --ahs---- C:\Windows\system32\KUBdffhk.ini2
2002-01-03 07:37:20 323328 --a------ C:\Windows\system32\khffdBUK.dll
2002-01-03 07:36:58 120960 --a------ C:\Windows\system32\acrwcl.dll
2002-01-03 07:36:47 120960 --a------ C:\Windows\system32\gidmejge.dll
2002-01-03 07:35:39 120960 --a------ C:\Windows\system32\housnb.dll
2002-01-03 07:35:27 120960 --a------ C:\Windows\system32\uosuvomc.dll
2002-01-03 07:11:31 99712 --a------ C:\Windows\system32\smmsaglm.dll
2002-01-03 07:08:28 328789 --ahs---- C:\Windows\system32\beKSAcfe.ini2
2002-01-03 07:08:14 323328 --a------ C:\Windows\system32\efcASKeb.dll
2002-01-03 07:06:55 34688 --a------ C:\Windows\system32\xxYqoLBS.dll
2002-01-03 07:04:49 99712 --a------ C:\Windows\system32\gufuqgdx.dll
2002-01-03 07:02:40 120960 --a------ C:\Windows\system32\rtvmxr.dll
2002-01-03 07:02:40 120960 --a------ C:\Windows\system32\cinoasav.dll
2002-01-03 06:55:17 120960 --a------ C:\Windows\system32\wcqzbk.dll
2002-01-03 06:55:11 120960 --a------ C:\Windows\system32\iunifivn.dll
2002-01-03 06:47:58 0 d-------- C:\Program Files\Spyware Doctor
2002-01-03 06:08:23 18944 --a------ C:\Windows\system32\aol2tbl.dll
2002-01-03 06:08:04 0 -rahs---- C:\MSDOS.SYS
2002-01-03 06:08:04 0 -rahs---- C:\IO.SYS
2002-01-03 06:08:04 171136 -rahs---- C:\grldr
2002-01-03 06:08:03 0 --a------ C:\Windows\nsreg.dat
2002-01-03 06:08:02 306688 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2002-01-03 06:07:09 18944 --a------ C:\Windows\system32\aol_bho.dll
2002-01-03 06:05:55 18944 --a------ C:\Windows\system32\aoltoolbar.dll
2002-01-03 06:02:45 120960 --a------ C:\Windows\system32\ywfdmf.dll
2002-01-03 06:02:35 120960 --a------ C:\Windows\system32\cctiqnir.dll
2002-01-03 05:58:51 18944 --a------ C:\Windows\system32\aoltbl.dll
2002-01-03 05:57:39 18944 --a------ C:\Windows\system32\aol_tbl.dll
2002-01-03 05:52:46 99456 -----n--- C:\Windows\system32\tymynywr.dll
2002-01-03 05:52:29 0 d-------- C:\VundoFix Backups
2002-01-03 05:50:41 120960 --a------ C:\Windows\system32\upvpqm.dll
2002-01-03 05:50:34 120960 --a------ C:\Windows\system32\wbgtdegy.dll
2002-01-03 05:46:03 120960 --a------ C:\Windows\system32\lrumqwlw.dll
2002-01-03 05:46:03 120960 --a------ C:\Windows\system32\ilblgy.dll
2002-01-03 05:28:40 325449 --ahs---- C:\Windows\system32\nnVyxGgh.ini2
2002-01-03 05:28:21 323840 --a------ C:\Windows\system32\hgGxyVnn.dll
2002-01-03 05:26:05 99456 -----n--- C:\Windows\system32\hhultgtq.dll
2002-01-03 05:21:20 80 --ah----- C:\Windows\system32\HsInfo.dat
2002-01-03 05:20:04 327204 --ahs---- C:\Windows\system32\AaKlllRu.ini2
2002-01-02 19:48:05 0 d-------- C:\Users\All Users\FLEXnet
2002-01-02 14:31:46 0 d-------- C:\Users\All Users\Adobe
2002-01-02 14:30:57 0 d-------- C:\Program Files\Bonjour
2002-01-02 14:17:46 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2002-01-02 14:13:37 0 d-------- C:\Program Files\Common Files\Adobe
2002-01-02 14:10:00 34688 --a------ C:\Windows\system32\yaYoNDuR.dll
2002-01-02 14:05:00 339968 --a------ C:\Windows\nfavxwdbfld.dll
2002-01-02 14:04:59 94208 --a------ C:\Windows\elqw.exe
2002-01-02 12:04:10 94208 --a------ C:\Windows\elkr.exe
2002-01-02 12:04:09 229376 --a------ C:\Windows\wnslvxtf.dll
2002-01-02 12:04:09 405504 --a------ C:\Windows\nfavxwdbkwm.dll
2002-01-02 12:04:09 86016 --a------ C:\Windows\grswptdl.exe
2002-01-02 12:04:09 192512 --a------ C:\Windows\fdkowvbp.dll
2002-01-02 12:04:09 180224 --a------ C:\Windows\eqvwamkl.dll
2002-01-02 08:49:51 0 d-------- C:\Users\All Users\Yahoo!
2002-01-02 08:38:17 0 d-------- C:\Program Files\Common Files\Java
2002-01-02 07:43:55 25586 --a------ C:\aem8.dat
2002-01-02 07:43:03 417792 --a------ C:\Windows\system32\NCTAudioDisplay2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioDisplay2 ActiveX DLL>
2002-01-02 07:43:03 2084864 --a------ C:\Windows\system32\NCTAudioDesign2.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioDesign2 ActiveX DLL>
2002-01-02 07:43:02 835584 --a------ C:\Windows\system32\NCTAudioCDGrabber2.dll <Not Verified; NCT; NCTAudioCDGrabber2 ActiveX DLL>
2002-01-02 07:42:56 0 d-------- C:\Program Files\Audio Edit Magic
2002-01-02 00:28:24 0 d-------- C:\Program Files\Java
2002-01-01 01:40:23 0 d-------- C:\Program Files\ZTekWare
2002-01-01 01:38:18 0 d-------- C:\Windows\system32\appmgmt
2002-01-01 01:35:32 0 d-------- C:\Program Files\DirectISO
2002-01-01 00:33:14 0 d-------- C:\Windows\system32\vso_loc
2002-01-01 00:33:14 0 d-------- C:\Windows\system32\iosubsys
2002-01-01 00:33:09 25696 --a------ C:\Windows\system32\drivers\PcAtip.sys <Not Verified; VSO Software; Patin-Couffin Autoplay(tm) support driver>
2002-01-01 00:33:09 0 d-------- C:\Program Files\vso
2002-01-01 00:29:38 0 d-------- C:\Program Files\Nero
2002-01-01 00:29:38 0 d-------- C:\Program Files\Common Files\Ahead
2002-01-01 00:20:03 0 d-------- C:\Program Files\Perfect World

-- Find3M Report ---------------------------------------------------------------

2008-07-26 10:21:30 0 d-------- C:\Users\Aldrin\AppData\Roaming\Macromedia
2008-07-21 07:59:40 0 d-------- C:\Users\Aldrin\AppData\Roaming\InstallShield
2008-07-21 07:47:43 0 d-------- C:\Users\Aldrin\AppData\Roaming\MegauploadToolbar
2008-07-21 04:32:11 0 d-------- C:\Users\Aldrin\AppData\Roaming\WinRAR
2008-07-20 10:02:45 0 d-------- C:\Users\Aldrin\AppData\Roaming\JCreator
2008-07-20 06:20:29 0 d-------- C:\Users\Aldrin\AppData\Roaming\IDM
2008-07-20 05:27:40 0 d-------- C:\Users\Aldrin\AppData\Roaming\Mozilla
2006-11-02 20:49:43 174 --ahs---- C:\Program Files\desktop.ini
2002-01-03 09:44:10 0 d--h----- C:\Users\Aldrin\AppData\Roaming\IFLTemp
2002-01-03 09:18:16 0 d-------- C:\Users\Aldrin\AppData\Roaming\DNA
2002-01-03 09:02:55 0 d-------- C:\Users\Aldrin\AppData\Roaming\DMCache
2002-01-03 08:59:03 0 d-------- C:\Users\Aldrin\AppData\Roaming\RF Online Crimson Dawn
2002-01-03 08:05:12 0 d-------- C:\Users\Aldrin\AppData\Roaming\Nero
2002-01-03 07:33:36 0 d-------- C:\Users\Aldrin\AppData\Roaming\BitTorrent
2002-01-03 06:47:58 0 d-------- C:\Users\Aldrin\AppData\Roaming\PC Tools
2002-01-03 05:46:32 0 d-------- C:\Users\Aldrin\AppData\Roaming\Adobe
2002-01-02 08:46:50 0 d-------- C:\Users\Aldrin\AppData\Roaming\Yahoo!

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

-- End of Deckard's System Scanner: finished at 2002-01-03 09:19:42 ------------

Its still in my computer. I follow already Read me before posting a request for assistance.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 3 · 2008-08-03T15:00:48+00:00

IM not dumb enough to click install the antispyware SIR.....

Still got infected though :icon_wink:

==

Please download DAFT and save it to your desktop:

Double-click the daft.exe icon. Read the disclaimer and click OK.
Click on the Scan button.
Place a checkmark next to the following entries:
.js
Click the Fix button.
Re-scan and save a logfile. By default, it will save as daft.txt.

Post the contents of that logfile with your next post.

=====

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 4 · 2008-08-03T20:06:10+00:00

Obviously something going on with this computer...take a look at the dates on the scan logs;
First HJT posted; There is NO date.
Second the Deckards log;
Deckard's System Scanner v20071014.68
Run by Aldrin on 2002-01-03 09:11:57
Computer is in Normal Mode.
Third HJT log;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:40 AM, on 1/3/2002
Fourth also from the Deckard's Log;
-- Scheduled Tasks -------------------------------------------------------------

2008-07-26 12:18:27 420 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{5E8950D6-9454-4717-A8EF-1F4826CAE96E}.job

Fifth from that Same Deckard's Log;
-- Files created between 2001-12-03 and 2002-01-03
Finally;
-- Find3M Report ---------------------------------------------------------------
There are seven files with 2008 Creation dates
One file with 2006
and the rest with 2002
Ending with this;
-- End of Deckard's System Scanner: finished at 2002-01-03 09:19:42 ------------

Help with this annoyinh pop ups and unknown internet explorer toolbar..

Recommended Answers Collapse Answers

All 6 Replies

Recommended Answers