View Full Version : Please Help !!!!!
nishikamae
2007-10-13, 09:27
I Don't Know what 2 do . I'm not good at english very much before i post this topic i tried to read about the deal but i don't understand much ... take a look at this log file thank you very much
Logfile of HijackThis v1.99.1
Scan saved at 14:23:30, on 13/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Hi nishikamae
Rename HijackThis.exe to nishikamae.exe and post back a fresh HijackThis log, please :)
nishikamae
2007-10-14, 15:49
Thank You ... Here is a new log file
Logfile of HijackThis v1.99.1
Scan saved at 20:51:31, on 14/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\SeUpdateDb.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\runonce.exe
C:\Program Files\HijackThis\nishikamae.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Hi
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post:
- a fresh HijackThis log
- combofix report
nishikamae
2007-10-14, 16:45
Here is a new HijackThis log file ....
Logfile of HijackThis v1.99.1
Scan saved at 21:46:05, on 14/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\xlavra3.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\nishikamae.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKLM\..\Run: [smcss] C:\WINDOWS\smcss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
nishikamae
2007-10-14, 16:47
Here is a combofix log file thank you.
ComboFix 07-10-11.1 - user 10/14/2007 21:39:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.353 [GMT -12:00]
Running from: C:\Documents and Settings\user\Desktop\Fix\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\Desktop\internet.lnk
C:\Program Files\WinAble
.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 09:39 153,642 ----a-w C:\WINDOWS\smcss.exe
2007-10-15 09:39 153,642 ----a-w C:\Installer.exe
2007-10-15 09:37 --------- d-----w C:\Program Files\ViStart
2007-10-15 09:34 350 ----a-w C:\sccfg.sys
2007-10-14 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 02:50 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-13 09:15 109 ----a-w C:\Program Files\AudiLog.txt
2007-10-13 08:16 4 ----a-w C:\Program Files\VERSION.CFG
2007-10-13 08:16 --------- d-----w C:\Program Files\ABM
2007-10-13 07:28 --------- d-----w C:\Program Files\Opera
2007-10-13 07:27 --------- d-----w C:\Program Files\Netscape
2007-10-13 06:59 --------- d-----w C:\Documents and Settings\user\Application Data\Netscape
2007-10-13 06:46 --------- d-----w C:\Program Files\Viewpoint
2007-10-13 06:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 06:44 --------- d-----w C:\Program Files\Java
2007-10-13 06:42 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-13 06:41 --------- d-----w C:\Program Files\Common Files\Real
2007-10-13 06:40 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-13 06:40 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-13 05:59 --------- d-----w C:\Program Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-13 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-13 04:41 88,205 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-13 04:41 84,621 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-13 04:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-13 04:35 --------- d-----w C:\Program Files\Camfrog
2007-10-13 04:29 --------- d-----w C:\Program Files\Lavasoft
2007-10-13 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-13 03:30 16,384 ----a-w C:\WINDOWS\xlavra3.exe
2007-10-13 03:21 340,992 ----a-w C:\WINDOWS\system32\lasse.exe
2007-10-12 12:26 3,606 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-12 06:09 16,384 ----a-w C:\WINDOWS\xlavra2.exe
2007-10-11 03:31 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
2007-10-10 06:41 1,354,240 ----a-w C:\Program Files\Audition.exe
2007-10-08 11:53 --------- d-----w C:\Program Files\DATA
2007-10-08 11:52 --------- d-----w C:\Program Files\SCRIPT
2007-10-01 02:56 --------- d-----w C:\Program Files\WinPcap
2007-10-01 02:56 --------- d-----w C:\Documents and Settings\user\Application Data\Orbit
2007-10-01 01:24 --------- d-----w C:\Program Files\IE7Pro
2007-10-01 01:24 --------- d-----w C:\Documents and Settings\user\Application Data\IE7pro
2007-09-29 07:04 --------- d-----w C:\Program Files\Bug Doctor
2007-09-21 08:52 13,924 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-09-18 10:59 465,816 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-09-17 09:32 4,608 ----a-w C:\WINDOWS\chkdsk32_.exe
2007-09-17 08:55 --------- d-----w C:\Documents and Settings\user\Application Data\ViStart
2007-09-17 08:37 --------- d-----w C:\Program Files\VisualTooltip
2007-09-17 08:37 --------- d-----w C:\Program Files\Vista Sidebar
2007-09-17 08:37 --------- d-----w C:\Program Files\ViOrb
2007-09-17 08:37 --------- d-----w C:\Program Files\Styler
2007-09-17 08:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 08:37 --------- d-----w C:\Program Files\LClock
2007-09-17 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-17 08:05 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-09-17 07:51 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft
2007-09-17 07:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-09 06:38 --------- d-----w C:\Program Files\iTunes
2007-09-09 06:37 --------- d-----w C:\Program Files\iPod
2007-09-09 06:36 --------- d-----w C:\Program Files\Apple Software Update
2007-09-08 08:50 64,168 ----a-w C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-09-05 09:34 --------- d-----w C:\Program Files\Google
2007-09-03 23:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-03 13:58 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-03 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-03 02:16 --------- d-----w C:\Program Files\Real
2007-08-25 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-08-23 06:12 --------- d-----w C:\Program Files\AML Products
2007-08-20 13:50 --------- d-----w C:\Program Files\thriXXX
2007-08-20 02:25 --------- d-----w C:\Documents and Settings\user\Application Data\MegauploadToolbar
2007-08-19 01:47 --------- d-----w C:\Program Files\MegauploadToolbar
2007-06-27 09:38 178,999 ----a-w C:\Documents and Settings\user\dodolook020.exe
2007-03-28 06:16 462,848 ----a-w C:\Program Files\patcher.exe
2006-07-21 08:15 361 ----a-w C:\Program Files\AX.bat
2005-12-26 11:48 294 ----a-w C:\Program Files\macro.txt
2005-12-23 14:45 102,400 ----a-w C:\Program Files\TaskKeyHookWD.dll
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp2.dat
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp.dat
2005-10-13 10:37 8,038 ----a-w C:\Program Files\icon4.ico
2005-10-13 10:31 7,782 ----a-w C:\Program Files\icon3.ico
2004-11-10 05:31 372,736 ----a-w C:\Program Files\ijl15.dll
2004-10-18 08:04 161,280 ----a-w C:\Program Files\fmod.dll
2001-11-23 23:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@Fri 10-12-2007_ 0.48.34.32 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 10,191 2007-10-13 06:46:10 C:\WINDOWS\mozver.dat
----a-w 516,096 2006-05-25 07:17:22 C:\WINDOWS\Downloaded Program Files\ThaiGameStart.dll
----a-r 24,640 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\AdsLokUU.Dll
----a-r 104,024 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\BBCpl.dll
----a-r 71,256 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\condl.dll
----a-r 99,928 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\consl.dll
----a-r 132,696 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\coptcpl.dll
----a-r 71,232 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\csscan.exe
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\EntSrv.dll
----a-r 11,840 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\entvutil.exe
----a-r 194,136 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4837_shutil.dll
----a-r 24,664 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4842_McShield.DLL
----a-r 144,960 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4843_Mcshield.exe
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4844_naiann.dll
----a-r 263,768 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4845_NaiEvent.dll
----a-r 54,872 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4853_VsTskMgr.exe
----a-r 13,912 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4856_scan32.exe
----a-r 79,448 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4861_mcupdate.exe
----a-r 104,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftcfg.dll
----a-r 41,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftl.dll
----a-r 25,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\lockdown.dll
----a-r 58,968 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\logparser.exe
----a-r 16,472 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVDetect.DLL
----a-r 19,032 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVSCV.DLL
----a-r 28,224 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShield.dll
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShieldPerfData.dll
----a-r 34,368 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\Mcvssnmp.dll
----a-r 83,520 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfa.dll
----a-r 64,360 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfa.dll
----a-r 72,264 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopa.dll
----a-r 34,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopk.sys
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehida.dll
----a-r 46,656 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidin.exe
----a-r 170,408 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidk.sys
----a-r 18,496 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mferkda.dll
----a-r 52,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfetdik.sys
----a-r 132,672 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus.dll
----a-r 226,880 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus2.dll
----a-r 75,328 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NaEvent.Dll
----a-r 333,496 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCExtMgr.dll
----a-r 464,560 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCScan.dll
----a-r 35,416 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\OASCpl.dll
----a-r 263,744 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScanOTLK.Dll
----a-r 11,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScnCfg32.Exe
----a-r 67,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScriptCl.dll
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\scriptsv.dll
----a-r 112,216 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\shstat.exe
----a-r 243,288 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsodscpl.dll
----a-r 83,544 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\VSPlugin.dll
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsupdcpl.dll
----a-r 102,400 2007-10-13 06:14:59 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w 278,528 2007-10-13 06:40:44 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5032.dll
----a-w 185,688 2007-10-13 06:41:26 C:\WINDOWS\system32\rmoc3260.dll
----a-w 237,936 2004-01-07 23:21:24 C:\WINDOWS\system32\unicows.dll
----a-w 16,384 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
--sha-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
----a-w 189,712 2007-09-13 04:19:48 C:\WINDOWS\system32\drivers\klif.sys
----a-w 72,712 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfeavfk.sys
----a-w 34,184 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfebopk.sys
----a-w 171,240 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfehidk.sys
----a-w 52,200 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfetdik.sys
----a-w 65,099 2007-10-14 04:42:25 C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin
----a-w 65,099 2007-10-14 04:42:45 C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin
----a-w 2,115,816 2007-06-11 20:34:34 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 190,696 2007-06-11 20:34:40 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
----a-w 45,218 2007-10-13 07:42:13 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
----a-w 81,472 2007-10-13 05:51:05 C:\WINDOWS\system32\Restore\rstrlog.dat
.
----a-r 102,400 2007-09-09 06:38:13 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w 278,528 2007-09-03 02:15:24 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5032.dll
----a-w 185,688 2007-09-03 02:15:31 C:\WINDOWS\system32\rmoc3260.dll
----a-w 16,384 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 2,078,344 2006-06-23 01:44:58 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 81,736 2007-10-12 06:53:50 C:\WINDOWS\system32\Restore\rstrlog.dat
.
nishikamae
2007-10-14, 16:47
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
"Cmaudio"="cmicnfg.cpl" []
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [02/25/2006 11:41 AM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [08/06/2004 05:01 PM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/01/2006 05:22 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/06/2006 06:37 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"EzTruehitNews"="C:\Program Files\SmartAdviser\EZAD\svchost.exe" [08/04/2006 04:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"KILLMS32DLL"="C:\WINDOWS\killgodzilla.vbs" []
"C:\WINDOWS\Config\wr-1-312.exe"="C:\WINDOWS\Config\wr-1-312.exe" []
"Disk Check"="C:\WINDOWS\chkdsk32_.exe" [09/16/2007 09:32 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [08/13/2007 08:50 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/12/2007 06:40 PM]
"C:\WINDOWS\Config\load.exe"="C:\WINDOWS\Config\load.exe" []
"smcss"="C:\WINDOWS\smcss.exe" [10/14/2007 09:39 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 AM]
"UIWatcher"="C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [08/18/2006 06:48 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/04/2007 10:37 PM]
"viwc"="C:\WINDOWS\system32\viwc.exe" [06/26/2007 05:13 AM]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [06/25/2007 11:28 PM]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [06/21/2007 11:41 PM]
"lasse"="C:\WINDOWS\system32\lasse.exe" [10/12/2007 03:21 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"msnsc"=C:\WINDOWS\system32\msnsc.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2544-02-13 15:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\sulimo.dat
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
R0 tcvso;tcvs;C:\WINDOWS\system32\DRIVERS\tcvso.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 SunkFilt62;Alcor Micro Corp - 6362;\??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys
S3 LRMINIPORT;LanRoad PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\lrpppoe.sys
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\qcusbser.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158d48b7-6e07-11db-bf97-0011955e5ccb}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{214d781f-344c-11dc-809c-0011955e5ccb}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killgodzilla.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{215ec143-6503-11dc-80f8-0011955e5ccb}]
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killgodzilla.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e38b571-612f-11dc-80eb-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6bc398-7a1d-11dc-97bd-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c79e3d-6043-11dc-80e8-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d573b05f-7f89-11db-bfb4-0011955e5ccb}]
Auto\command - AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ctrmode]
C:\WINDOWS\ctrmode.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\smcss]
C:\WINDOWS\smcss.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 09:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-15 09:37:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-15 03:58:45 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD0036B7-583C-403A-8D07-416CC9A5A565}.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 21:43:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\winamp.ini
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\Wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log
C:\WINDOWS\WMFDist11Uninst.log
C:\WINDOWS\wmp
C:\WINDOWS\wmp11.log
C:\WINDOWS\wmp11Uninst.log
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\Wudf01000Inst.log
C:\WINDOWS\xlavra2.exe
C:\WINDOWS\xlavra3.exe
C:\WINDOWS\xptools.ini
C:\WINDOWS\yhl.dll
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
C:\WINDOWS\_MSRSTRT.EXE
scan completed successfully
hidden files: 25
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\Config\\wr-1-312.exe"="C:\\WINDOWS\\Config\\wr-1-312.exe"
"C:\\WINDOWS\\Config\\load.exe"="C:\\WINDOWS\\Config\\load.exe"
.
Completion time: 10/14/2007 21:45:00
.
--- E O F ---
Hi
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
Please click this link-->Jotti (http://virusscan.jotti.org/)
When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
C:\WINDOWS\xlavra3.exe
Repeat step for these:
C:\WINDOWS\system32\lasse.exe
C:\WINDOWS\smcss.exe
C:\WINDOWS\chkdsk32_.exe
C:\Documents and Settings\user\dodolook020.exe
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
nishikamae
2007-10-14, 17:41
Scanner results for C:\WINDOWS\xlavra3.exe
Scan taken on 14 Oct 2007 15:17:10 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Downloader.Agent.TYK
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Agent.eao
Fortinet Found W32/Agent.EAO!tr.dldr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Agent.eao
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Scanner results for C:\WINDOWS\system32\lasse.exe
Scan taken on 14 Oct 2007 15:24:51 (GMT)
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found IRC/BackDoor.SdBot3.TSJ
BitDefender Found BehavesLike:Win32.ExplorerHijack (probable variant)
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found SDBot.gen9
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found Mal/Basine-C
VirusBuster Found nothing
VBA32 Found nothing
Scanner results for C:\WINDOWS\smcss.exe
Scan taken on 14 Oct 2007 15:29:25 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:VB-FEW
AVG Antivirus Found BackDoor.Generic8.HUS
BitDefender Found Backdoor.Agent.YWI
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Win32.HLLW.SpyBot
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found Win32/IRCBot.AAB
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Win32.HLLW.SpyBot
Scanner results for C:\WINDOWS\chkdsk32_.exe
Scan taken on 14 Oct 2007 15:32:20 (GMT)
A-Squared Found nothing
AntiVir Found TR/Dldr.VB.bai.2
ArcaVir Found nothing
Avast Found Win32:VB-FBZ
AVG Antivirus Found Downloader.Generic6.MKC
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found Trojan.Click.4037
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.VB.bai
Fortinet Found W32/VB.BAI!tr.dldr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.VB.bai
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found W32/DLoader.DTZZ
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found Trojan-Downloader.Win32.VB.bai
Scanner results for C:\Documents and Settings\user\dodolook020.exe
Scan taken on 14 Oct 2007 15:36:25 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Adware-gen.
AVG Antivirus Found nothing
BitDefender Found Trojan.Cinmeng.A, Generic.Adw.Cinmus.2.D099F095, Adware.Cinmus.F
ClamAV Found Trojan.Dropper-1805
CPsecure Found AdWare.W32.Cinmus.G
Dr.Web Found Adware.Cinmus
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found not-a-virus:AdWare.Win32.Cinmus.po (4, 1, 400), not-a-virus:AdWare.Win32.Cinmus.j (4, 1, 400)
Fortinet Found Adware/Cinmus
Kaspersky Anti-Virus Found not-a-virus:AdWare.Win32.Cinmus.po, not-a-virus:AdWare.Win32.Cinmus.j
NOD32 Found a variant of Win32/Adware.Cinmus application
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found AdWare.Win32.Cinmus.j
Thank You very Much
Hi
One or more of the identified infections is a backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.
Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.
nishikamae
2007-10-14, 20:43
From ur reply i dont' understand much but i think u told me that i should fomat my com and reinstall a new window but i don't know what 2 do
nishikamae
2007-10-14, 20:45
i prefer 2 clean this cause right now i think format is the last option 2 choose thank you very much
Hi
I mean by my previous reply that you have backdoors, rootkits and bots in your computer which all risk your privacy.
If you have used credit card and/or online bank via this computer I highly recommend to reformat (i can give you instructions for that).
Let me know your final decision :)
nishikamae
2007-10-15, 09:08
If i reformat this com my file or everything i strored will be delete right? so about the financial transection on this computer i will not do it
can u help me clean this computer thank you very much...
Hi
"If i reformat this com my file or everything i strored will be delete right?"
Yes.
Then we continue this way:
Download suspicious file packer from here (http://www.safer-networking.org/files/sfp.zip)
Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop
C:\WINDOWS\xlavra3.exe
C:\WINDOWS\system32\lasse.exe
C:\WINDOWS\smcss.exe
C:\WINDOWS\chkdsk32_.exe
C:\Documents and Settings\user\dodolook020.exe
Go to spykiller (http://www.thespykiller.co.uk/index.php?PHPSESSID=d65884362fbc872b70e1a9a9a7e13700&board=1.0)
Press new topic, make threads title "Files for Shaba"
Include to your message a link to here, then attach the cab/zip file to your message and post the topic
If you cant locate it through the browse button just copy/paste the filename and path.
Let me know when you have done, we'll continue then :)
nishikamae
2007-10-15, 15:51
i have done it thank you
Hi
Let's check this next:
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
nishikamae
2007-10-15, 18:24
here is a report log file from sdfix
SDFix: Version 1.109
Run by user on Mon 10/15/2007 at 11:04 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\VBXTCT32.DLL - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Mon 25 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 7 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 23 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 7 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Sun 2 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv04.tmp"
Sun 2 Sep 2007 2,391,944 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\40c2135ce9cffcf3bdfeed14e0704266\BITA8.tmp"
Mon 3 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a877011d990fb4875b54ce0706b47f90\BIT5.tmp"
Finished!
nishikamae
2007-10-15, 18:27
everytime i boot my window my internet explorer alway link 2 the web uspellitwrong i don't understand why and how i turn it off or delete it thank you again
here is a HijackThis log file thank you
Logfile of HijackThis v1.99.1
Scan saved at 23:29:04, on 15/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\dravic.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KILLMS32DLL] C:\WINDOWS\killgodzilla.vbs
O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [lasse] C:\WINDOWS\system32\lasse.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Hi
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\smcss.exe
C:\WINDOWS\chkdsk32_.exe
C:\Documents and Settings\user\dodolook020.exe
C:\WINDOWS\system32\sulimo.dat
Rootkit::
C:\WINDOWS\xlavra2.exe
C:\WINDOWS\xlavra3.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lasse"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KILLMS32DLL"=-
"C:\WINDOWS\Config\wr-1-312.exe"=-
"C:\WINDOWS\Config\load.exe"=-
"smcss"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{158d48b7-6e07-11db-bf97-0011955e5ccb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{214d781f-344c-11dc-809c-0011955e5ccb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{215ec143-6503-11dc-80f8-0011955e5ccb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e38b571-612f-11dc-80eb-0011955e5ccb}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d573b05f-7f89-11db-bfb4-0011955e5ccb}]
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
nishikamae
2007-10-15, 19:45
Here is a Combofix log file
ComboFix 07-10-11.1 - user 10/16/2007 0:29:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.372 [GMT -12:00]
Running from: C:\Documents and Settings\user\Desktop\Fix\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\Fix\CFScript.txt
* Created a new restore point
FILE::
C:\Documents and Settings\user\dodolook020.exe
C:\WINDOWS\chkdsk32_.exe
C:\WINDOWS\smcss.exe
C:\WINDOWS\system32\sulimo.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\Desktop\internet.lnk
C:\Documents and Settings\user\dodolook020.exe
C:\Program Files\WinAble
C:\WINDOWS\chkdsk32_.exe
C:\WINDOWS\smcss.exe
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\_000008_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\_000011_.tmp.dll
C:\WINDOWS\system32\4_exception.nls
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\sulimo.dat
C:\WINDOWS\xlavra2.exe
C:\WINDOWS\xlavra3.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\runtime
((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 12:41 --------- d-----w C:\Program Files\ViStart
2007-10-16 11:48 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-16 11:26 20,992 ----a-w C:\WINDOWS\dravic.exe
2007-10-15 15:47 153,642 ----a-w C:\Installer.exe
2007-10-14 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 02:50 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-13 09:15 109 ----a-w C:\Program Files\AudiLog.txt
2007-10-13 08:16 4 ----a-w C:\Program Files\VERSION.CFG
2007-10-13 08:16 --------- d-----w C:\Program Files\ABM
2007-10-13 07:28 --------- d-----w C:\Program Files\Opera
2007-10-13 07:27 --------- d-----w C:\Program Files\Netscape
2007-10-13 06:59 --------- d-----w C:\Documents and Settings\user\Application Data\Netscape
2007-10-13 06:46 --------- d-----w C:\Program Files\Viewpoint
2007-10-13 06:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 06:44 --------- d-----w C:\Program Files\Java
2007-10-13 06:42 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-13 06:41 --------- d-----w C:\Program Files\Common Files\Real
2007-10-13 05:59 --------- d-----w C:\Program Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-13 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-13 04:41 88,205 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-13 04:41 84,621 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-13 04:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-13 04:35 --------- d-----w C:\Program Files\Camfrog
2007-10-13 04:29 --------- d-----w C:\Program Files\Lavasoft
2007-10-13 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-11 03:31 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
2007-10-10 06:41 1,354,240 ----a-w C:\Program Files\Audition.exe
2007-10-08 11:53 --------- d-----w C:\Program Files\DATA
2007-10-08 11:52 --------- d-----w C:\Program Files\SCRIPT
2007-10-01 02:56 --------- d-----w C:\Program Files\WinPcap
2007-10-01 02:56 --------- d-----w C:\Documents and Settings\user\Application Data\Orbit
2007-10-01 01:24 --------- d-----w C:\Program Files\IE7Pro
2007-10-01 01:24 --------- d-----w C:\Documents and Settings\user\Application Data\IE7pro
2007-09-29 07:04 --------- d-----w C:\Program Files\Bug Doctor
2007-09-21 08:52 13,924 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-09-18 10:59 465,816 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-09-17 08:55 --------- d-----w C:\Documents and Settings\user\Application Data\ViStart
2007-09-17 08:37 --------- d-----w C:\Program Files\VisualTooltip
2007-09-17 08:37 --------- d-----w C:\Program Files\Vista Sidebar
2007-09-17 08:37 --------- d-----w C:\Program Files\ViOrb
2007-09-17 08:37 --------- d-----w C:\Program Files\Styler
2007-09-17 08:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 08:37 --------- d-----w C:\Program Files\LClock
2007-09-17 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-17 08:05 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-09-17 07:51 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft
2007-09-17 07:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-09 06:38 --------- d-----w C:\Program Files\iTunes
2007-09-09 06:37 --------- d-----w C:\Program Files\iPod
2007-09-09 06:36 --------- d-----w C:\Program Files\Apple Software Update
2007-09-08 08:50 64,168 ----a-w C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-09-05 09:34 --------- d-----w C:\Program Files\Google
2007-09-03 23:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-03 13:58 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-03 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-03 02:16 --------- d-----w C:\Program Files\Real
2007-08-25 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-08-23 06:12 --------- d-----w C:\Program Files\AML Products
2007-08-20 13:50 --------- d-----w C:\Program Files\thriXXX
2007-08-20 02:25 --------- d-----w C:\Documents and Settings\user\Application Data\MegauploadToolbar
2007-08-19 01:47 --------- d-----w C:\Program Files\MegauploadToolbar
2007-03-28 06:16 462,848 ----a-w C:\Program Files\patcher.exe
2006-07-21 08:15 361 ----a-w C:\Program Files\AX.bat
2005-12-26 11:48 294 ----a-w C:\Program Files\macro.txt
2005-12-23 14:45 102,400 ----a-w C:\Program Files\TaskKeyHookWD.dll
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp2.dat
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp.dat
2005-10-13 10:37 8,038 ----a-w C:\Program Files\icon4.ico
2005-10-13 10:31 7,782 ----a-w C:\Program Files\icon3.ico
2004-11-10 05:31 372,736 ----a-w C:\Program Files\ijl15.dll
2004-10-18 08:04 161,280 ----a-w C:\Program Files\fmod.dll
2001-11-23 23:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
nishikamae
2007-10-15, 19:48
((((((((((((((((((((((((((((( snapshot@Fri 10-12-2007_ 0.48.34.32 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,429,504 2005-10-15 09:07:16 C:\WINDOWS\explorer(2).exe
----a-w 10,191 2007-10-13 06:46:10 C:\WINDOWS\mozver.dat
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
----a-w 539,136 2006-11-27 15:17:10 C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
----a-w 433,664 2006-11-27 15:17:10 C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
----a-w 549,888 2007-05-17 11:25:21 C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe
----a-w 122,880 2006-10-16 17:14:17 C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
----a-w 536,576 2006-12-26 13:18:55 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
----a-w 180,224 2006-12-26 13:18:55 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
----a-w 200,704 2006-12-26 17:18:56 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
----a-w 102,400 2006-12-26 13:18:55 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB927802\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe
----a-w 333,824 2006-12-19 18:47:14 C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spuninst.exe
----a-w 2,854,400 2007-04-18 16:14:43 C:\WINDOWS\$hf_mig$\KB927891\SP2QFE\msi31.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
----a-w 8,458,752 2006-12-19 21:50:10 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
----a-w 135,168 2006-12-19 21:50:10 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
----a-w 248,320 2006-12-19 16:10:56 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\xpsp3res.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB928843\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB928843\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB928843\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
----a-w 292,864 2007-03-17 13:45:03 C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
----a-w 185,344 2007-02-05 20:19:14 C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe
----a-w 2,137,600 2007-02-28 09:53:04 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
----a-w 2,059,392 2007-02-28 13:15:58 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
----a-w 2,017,280 2007-02-28 09:15:59 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:21 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe
----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
----a-w 144,896 2007-04-25 20:32:22 C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
----a-w 1,104,896 2007-06-26 06:06:12 C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
----a-w 765,952 2007-07-12 23:28:55 C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
-c----w 537,088 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB918118$\msftedit.dll
-c----w 431,616 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB918118$\riched20.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB918118$\spuninst\updspapi.dll
-c----w 41,984 2004-08-03 23:56:42 C:\WINDOWS\$NtUninstallKB920213$\agentdp2.dll
-c----w 57,344 2005-10-13 21:35:58 C:\WINDOWS\$NtUninstallKB920213$\agentdpv.dll
-c----w 256,512 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe
-c----w 90,624 2006-06-23 08:47:05 C:\WINDOWS\$NtUninstallKB920213$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26
nishikamae
2007-10-15, 19:50
C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB920213$\spuninst\updspapi.dll
-c----w 553,472 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB921503$\oleaut32.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB921503$\spuninst\updspapi.dll
-c----w 2,330,624 2005-11-06 21:13:34 C:\WINDOWS\$NtUninstallKB923689$\wmvcore.dll
-c----w 213,216 2005-06-28 17:23:24 C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 17:23:53 C:\WINDOWS\$NtUninstallKB923689$\spuninst\updspapi.dll
-c----w 58,880 2001-08-23 13:00:00 C:\WINDOWS\$NtUninstallKB923980$\nwapi32.dll
-c----w 144,384 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll
-c----w 163,584 2004-08-03 22:02:24 C:\WINDOWS\$NtUninstallKB923980$\nwrdr.sys
-c----w 65,024 2005-10-12 17:21:04 C:\WINDOWS\$NtUninstallKB923980$\nwwks.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB923980$\spuninst\updspapi.dll
-c----w 721,920 2005-10-14 17:17:44 C:\WINDOWS\$NtUninstallKB924270$\lsasrv.dll
-c----w 336,896 2006-07-14 15:41:56 C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll
-c----w 132,096 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB924270$\wkssvc.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB924270$\spuninst\updspapi.dll
-c----w 924,432 2001-08-23 13:00:00 C:\WINDOWS\$NtUninstallKB924667$\mfc40u.dll
-c----w 1,024,000 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB924667$\mfc42u.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB924667$\spuninst\updspapi.dll
-c----w 498,205 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB925398_WMP64$\dxmasf.dll
-c----w 246,302 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB925398_WMP64$\strmdll.dll
-c----w 213,216 2005-06-28 22:23:26 C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 22:23:54 C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\updspapi.dll
-c----w 280,064 2006-01-16 21:39:16 C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll
-c----w 39,936 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll
-c----w 577,024 2005-10-13 21:36:14 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
-c----w 1,839,360 2005-11-08 23:13:40 C:\WINDOWS\$NtUninstallKB925902$\win32k.sys
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB925902$\spuninst\updspapi.dll
-c----w 819,200 2005-05-23 15:48:52 C:\WINDOWS\$NtUninstallKB926251$\setup_wm.exe
-c----w 213,216 2005-06-28 22:23:26 C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 22:23:54 C:\WINDOWS\$NtUninstallKB926251$\spuninst\updspapi.dll
-c----w 713,216 2005-11-23 17:41:46 C:\WINDOWS\$NtUninstallKB926255$\sxs.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926255$\spuninst\updspapi.dll
-c----w 117,760 2001-08-23 13:00:00 C:\WINDOWS\$NtUninstallKB926436$\oledlg.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926436$\spuninst\updspapi.dll
-c----w 536,576 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msado15.dll
-c----w 180,224 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msadomd.dll
-c----w 200,704 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msadox.dll
-c----w 102,400 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msjro.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927779$\spuninst\updspapi.dll
-c----w 333,312 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB927802$\wiaservc.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB927802$\spuninst\updspapi.dll
-c----w 2,890,240 2006-02-21 17:22:12 C:\WINDOWS\$NtUninstallKB927891$\msi.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\updspapi.dll
-c----w 28,024,832 2006-07-13 13:33:28 C:\WINDOWS\$NtUninstallKB928255$\shell32.dll
-c----w 134,656 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB928255$\shsvcs.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB928255$\spuninst\updspapi.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB928843$\spuninst\updspapi.dll
-c----w 430,080 2006-04-09 13:35:50 C:\WINDOWS\$NtUninstallKB930178$\winsrv.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB930178$\spuninst\updspapi.dll
-c----w 574,976 2005-11-28 20:19:58 C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB930916$\spuninst\updspapi.dll
-c----w 185,344 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB931261$\upnphost.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931261$\spuninst\updspapi.dll
-c----w 2,027,008 2006-03-16 09:09:40 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
-c----w 2,147,840 2006-03-16 09:34:02 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931784$\spuninst\updspapi.dll
-c----w 57,344 2006-10-12 13:54:18 C:\WINDOWS\$NtUninstallKB932168$\agentdpv.dll
-c----w 57,344 2006-10-12 13:54:18 C:\WINDOWS\$NtUninstallKB932168$\agentdpv.dll.000
-c----w 248,320 2006-10-16 10:29:15 C:\WINDOWS\$NtUninstallKB932168$\xpsp3res.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB932168$
\spuninst\updspapi.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933360$\spuninst\updspapi.dll
-c----w 582,144 2006-01-16 21:39:34 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 985,088 2006-07-05 10:57:10 C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB935839$\spuninst\updspapi.dll
-c----w 144,896 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB935840$\schannel.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB935840$\spuninst\updspapi.dll
-c----w 1,084,416 2006-09-13 05:01:56 C:\WINDOWS\$NtUninstallKB936021$\msxml3.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB936021$\spuninst\updspapi.dll
-c----w 209,280 2005-10-15 11:48:26 C:\WINDOWS\$NtUninstallKB936357$\update.sys
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB936357$\spuninst\updspapi.dll
-c----w 5,533,696 2006-04-11 19:35:02 C:\WINDOWS\$NtUninstallKB936782_WMP10$\wmp.dll
-c----w 213,216 2005-06-28 22:23:26 C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 22:23:54 C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\updspapi.dll
-c----w 1,429,504 2005-10-15 09:07:16 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB938828$\spuninst\updspapi.dll
-c----w 282,112 2007-03-08 15:48:36
C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll
-c----w 282,112 2007-03-08 15:48:36 C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll.000
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB938829$\spuninst\updspapi.dll
-c----w 679,424 2006-04-11 16:33:42 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:39 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:47 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
----a-w 516,096 2006-05-25 07:17:22 C:\WINDOWS\Downloaded Program Files\ThaiGameStart.dll
------w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
------w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
----a-w 163,328 2007-10-16 02:38:55 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 10,686,464 2007-10-16 11:03:32 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
----a-w 208,896 2007-10-16 11:03:32 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-10-16 02:38:55 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 10,686,464 2007-10-16 11:03:14 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
----a-w 208,896 2007-10-16 11:03:14 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
-c----w 765,952 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
-c----w 123,904 2006-11-07 15:26:24 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-18 00:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 131,584 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-18 00:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 54,784 2006-11-07 15:26:28 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 152,064 2006-11-07 15:26:56 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 229,376 2006-11-07 15:27:02 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2006-11-07 15:25:14 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 380,928 2006-10-18 00:27:56 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 382,976 2006-11-07 15:27:10 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,049,280 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 43,008 2006-11-07 15:26:28 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 266,752 2006-10-18 00:57:20 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,312 2006-11-07 15:26:32 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 622,080 2006-10-18 01:04:40 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,136 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 458,752 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 50,688 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,786,752 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 475,648 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 192,000 2006-10-18 01:05:10 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 670,720 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 101,376 2006-10-18 01:04:46 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2006-10-18 01:05:22 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,162,240 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 356,352 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 818,688 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:39 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-r 24,640 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\AdsLokUU.Dll
----a-r 104,024 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\BBCpl.dll
----a-r 71,256 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\condl.dll
----a-r 99,928 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\consl.dll
----a-r 132,696 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\coptcpl.dll
----a-r 71,232 2007-02-23 08:50:00
nishikamae
2007-10-15, 19:52
C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\csscan.exe
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\EntSrv.dll
----a-r 11,840 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\entvutil.exe
----a-r 194,136 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4837_shutil.dll
----a-r 24,664 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4842_McShield.DLL
----a-r 144,960 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4843_Mcshield.exe
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4844_naiann.dll
----a-r 263,768 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4845_NaiEvent.dll
----a-r 54,872 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4853_VsTskMgr.exe
----a-r 13,912 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4856_scan32.exe
----a-r 79,448 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4861_mcupdate.exe
----a-r 104,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftcfg.dll
----a-r 41,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftl.dll
----a-r 25,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\lockdown.dll
----a-r 58,968 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\logparser.exe
----a-r 16,472 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVDetect.DLL
----a-r 19,032 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVSCV.DLL
----a-r 28,224 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShield.dll
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShieldPerfData.dll
----a-r 34,368 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\Mcvssnmp.dll
----a-r 83,520 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfa.dll
----a-r 64,360 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfa.dll
----a-r 72,264 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopa.dll
----a-r 34,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopk.sys
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehida.dll
----a-r 46,656 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidin.exe
----a-r 170,408 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidk.sys
----a-r 18,496 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mferkda.dll
----a-r 52,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfetdik.sys
----a-r 132,672 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus.dll
----a-r 226,880 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus2.dll
----a-r 75,328 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NaEvent.Dll
----a-r 333,496 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCExtMgr.dll
----a-r 464,560 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCScan.dll
----a-r 35,416 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\OASCpl.dll
----a-r 263,744 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScanOTLK.Dll
----a-r 11,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScnCfg32.Exe
----a-r 67,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScriptCl.dll
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\scriptsv.dll
----a-r 112,216 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\shstat.exe
----a-r 243,288 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsodscpl.dll
----a-r 83,544 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\VSPlugin.dll
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsupdcpl.dll
----a-r 102,400 2007-10-13 06:14:59 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-r 32,768 2007-10-16 11:48:59 C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
----a-w 42,496 2006-10-12 13:54:18 C:\WINDOWS\msagent\agentdp2.dll
----a-w 256,512 2006-10-12 11:54:07 C:\WINDOWS\msagent\agentsvr.exe
----a-w 819,200 2006-10-03 01:30:10 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\setup_wm.exe
----a-w 13,536 2005-06-28 22:20:24 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\spmsg.dll
----a-w 213,216 2005-06-28 22:23:26 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\spuninst.exe
----a-w 716,000 2005-06-28 22:24:52 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\update\update.exe
----a-w 371,424 2005-06-28 22:23:54 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\spuninst.exe
----a-w 1,104,896 2007-06-26 06:08:16 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\SP2GDR\msxml3.dll
----a-w 1,104,896 2007-06-26 06:06:12 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\SP2QFE\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieapfltr.dat
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\msfeedsbs.dll
----a-w 3,584,512 2007-08-21 03:34:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55
nishikamae
2007-10-15, 19:53
C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\SP2GDR\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:31
C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:47 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 13,536 2005-06-28 17:20:23 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\spmsg.dll
----a-w 213,216 2005-06-28 17:23:24 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\spuninst.exe
----a-w 2,330,624 2006-12-07 04:14:51 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\Emerald\WMVCORE.DLL
----a-w 716,000 2005-06-28 17:24:51 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\update\Update.exe
----a-w 371,424 2005-06-28 17:23:53 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\update\updspapi.dll
----a-w 2,374,472 2006-12-07 05:29:34 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP10L\WMVCORE.DLL
----a-w 2,362,184 2006-12-07 06:40:49 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP10NL\Wmvcore.dll
----a-w 2,071,368 2006-12-07 08:04:44 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP9L\WMVCORE.DLL
----a-w 2,174,976 2006-12-08 05:02:24 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP9NL\WMVCORE.DLL
----a-w 10,592 2007-10-16 11:58:33 C:\WINDOWS\SoftwareDistribution\EventCache\{47444182-2AD6-4630-85C2-9214EFC33EDA}.bin
----a-w 92,504 2007-07-31 07:19:20
nishikamae
2007-10-15, 19:55
C:\WINDOWS\system32\cdm.dll
----a-w 498,742 2006-08-22 16:05:26 C:\WINDOWS\system32\dxmasf.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 1,170,952 2007-10-16 12:00:52 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 282,112 2007-06-19 13:37:21 C:\WINDOWS\system32\gdi32(2)(2).dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 679,424 2006-04-11 16:33:42 C:\WINDOWS\system32\inetcomm(2).dll
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
----a-w 986,112 2007-04-16 16:07:27 C:\WINDOWS\system32\kernel32.dll
----a-w 340,992 2007-10-13 03:21:00 C:\WINDOWS\system32\lasse.exe
----a-w 726,528 2006-08-17 12:37:49 C:\WINDOWS\system32\lsasrv.dll
----a-w 40,960 2007-03-08 15:48:36 C:\WINDOWS\system32\mf3216.dll
----a-w 927,504 2006-11-01 19:17:45 C:\WINDOWS\system32\mfc40u.dll
----a-w 1,024,000 2004-08-03 23:56:44 C:\WINDOWS\system32\mfc42u(2).dll
----a-w 18,089,592 2007-09-28 10:19:40 C:\WINDOWS\system32\MRT.exe
----a-w 537,088 2004-08-03 23:56:44 C:\WINDOWS\system32\msftedit(2).dll
----a-w 2,854,400 2007-04-18 16:12:23 C:\WINDOWS\system32\msi(2)(2).dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 499,712 2007-10-13 06:40:45 C:\WINDOWS\system32\msvcp71.dll
----a-w 348,160 2007-10-13 06:40:45 C:\WINDOWS\system32\msvcr71.dll
----a-w 1,275,392 2007-05-09 03:03:04 C:\WINDOWS\system32\msxml4.dll
----a-w 1,320,800 2007-05-16 03:43:10 C:\WINDOWS\system32\msxml6.dll
----a-w 271,224 2007-07-31 07:19:10 C:\WINDOWS\system32\mucltui.dll
----a-w 207,736 2007-07-31 07:19:04 C:\WINDOWS\system32\muweb.dll
----a-w 337,408 2006-08-17 12:37:49 C:\WINDOWS\system32\netapi32(2)(2).dll
----a-w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 64,000 2006-10-13 12:41:38 C:\WINDOWS\system32\nwapi32.dll
----a-w 142,336 2006-10-13 12:41:38 C:\WINDOWS\system32\nwprovau.dll
----a-w 65,536 2006-10-13 12:41:38 C:\WINDOWS\system32\nwwks.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 549,376 2007-05-17 11:28:05 C:\WINDOWS\system32\oleaut32.dll
----a-w 122,880 2006-10-16 16:15:00 C:\WINDOWS\system32\oledlg.dll
----a-w 278,528 2007-10-13 06:40:44 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5032.dll
----a-w 431,616 2004-08-03 23:56:46 C:\WINDOWS\system32\riched20(2).dll
----a-w 185,688 2007-10-13 06:41:26 C:\WINDOWS\system32\rmoc3260.dll
----a-w 144,896 2007-04-25 14:21:15 C:\WINDOWS\system32\schannel.dll
----a-w 8,453,632 2006-12-19 21:52:18 C:\WINDOWS\system32\shell32(2)(2).dll
----a-w 134,656 2006-12-19 21:52:18 C:\WINDOWS\system32\shsvcs(2)(2).dll
----a-w 246,814 2006-08-21 21:52:08 C:\WINDOWS\system32\strmdll.dll
----a-w 713,216 2006-10-19 13:59:58 C:\WINDOWS\system32\sxs(2)(2).dll
------w 60,416 2007-07-18 12:42:22 C:\WINDOWS\system32\tzchange.exe
----a-w 237,936 2004-01-07 23:21:24 C:\WINDOWS\system32\unicows.dll
----a-w 185,344 2007-02-05 20:17:02 C:\WINDOWS\system32\upnphost.dll
----a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\system32\user32(2)(2).dll
----a-w 333,312 2004-08-03 23:56:48 C:\WINDOWS\system32\wiaservc(3).dll
----a-w 1,843,968 2007-03-08 13:49:49 C:\WINDOWS\system32\win32k.sys
----a-w 292,864 2007-03-17 13:43:01 C:\WINDOWS\system32\winsrv(2)(2).dll
----a-w 132,096 2006-08-17 12:37:49 C:\WINDOWS\system32\wkssvc.dll
----a-w 5,537,792 2007-04-30 20:20:24 C:\WINDOWS\system32\wmp.dll
----a-w 549,720 2007-07-31 07:19:36 C:\WINDOWS\system32\wuapi.dll
----a-w 53,080 2007-07-31 07:19:16 C:\WINDOWS\system32\wuauclt.exe
----a-w 1,712,984 2007-07-31 07:19:42 C:\WINDOWS\system32\wuaueng.dll
----a-w 325,976 2007-07-31 07:19:32 C:\WINDOWS\system32\wucltui.dll
----a-w 33,624 2007-07-31 07:18:40 C:\WINDOWS\system32\wups(2)(2).dll
----a-w 33,624 2007-07-31 07:18:40 C:\WINDOWS\system32\wups.dll
----a-w 43,352 2007-07-31 07:19:12 C:\WINDOWS\system32\wups2(2)(2).dll
----a-w 43,352 2007-07-31 07:19:12 C:\WINDOWS\system32\wups2.dll
----a-w 203,096 2007-07-31 07:19:28 C:\WINDOWS\system32\wuweb.dll
----a-w 16,384 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
--sha-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local
Settings\Temporary Internet Files\Content.IE5\index.dat
-c--a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c----w 42,496 2006-10-12 13:54:18 C:\WINDOWS\system32\dllcache\agentdp2.dll
-c----w 57,344 2006-10-12 13:54:18 C:\WINDOWS\system32\dllcache\agentdpv.dll
-c----w 256,512 2006-10-12 11:54:07 C:\WINDOWS\system32\dllcache\agentsvr.exe
-c----w 498,742 2006-08-22 16:05:26 C:\WINDOWS\system32\dllcache\dxmasf.dll
-c--a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\system32\dllcache\explorer.exe
-c--a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 282,112 2007-06-19 13:37:21 C:\WINDOWS\system32\dllcache\gdi32.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c--a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c----w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-08-21 06:25:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 986,112 2007-04-16 16:07:27 C:\WINDOWS\system32\dllcache\kernel32.dll
-c----w 726,528 2006-08-17 12:37:49 C:\WINDOWS\system32\dllcache\lsasrv.dll
-c----w 40,960 2007-03-08 15:48:36 C:\WINDOWS\system32\dllcache\mf3216.dll
-c----w 927,504 2006-11-01 19:17:45 C:\WINDOWS\system32\dllcache\mfc40u.dll
-c----w 981,760 2006-12-14 13:45:53 C:\WINDOWS\system32\dllcache\mfc42u.dll
-c----w 536,576 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msado15.dll
-c----w 180,224 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msadomd.dll
-c----w 200,704 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msadox.dll
-c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c----w 539,136 2006-11-27 14:54:06 C:\WINDOWS\system32\dllcache\msftedit.dll
-c--a-w 3,584,512 2007-08-21 03:34:42 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 102,400 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msjro.dll
-c--a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 1,104,896 2007-06-26 06:08:16 C:\WINDOWS\system32\dllcache\msxml3.dll
-c----w 337,408 2006-08-17 12:37:49 C:\WINDOWS\system32\dllcache\netapi32.dll
-c----w 574,976 2007-02-09 11:23:36 C:\WINDOWS\system32\dllcache\ntfs.sys
-c----w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
-c----w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
-c----w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\system32\dllcache\ntkrpamp.exe
-c----w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
-c----w 64,000 2006-10-13 12:41:38 C:\WINDOWS\system32\dllcache\nwapi32.dll
-c----w 142,336 2006-10-13 12:41:38 C:\WINDOWS\system32\dllcache\nwprovau.dll
-c----w 163,456 2006-10-13 10:39:12 C:\WINDOWS\system32\dllcache\nwrdr.sys
-c----w 65,536 2006-10-13 12:41:38 C:\WINDOWS\system32\dllcache\nwwks.dll
-c----w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 549,376 2007-05-17 11:28:05 C:\WINDOWS\system32\dllcache\oleaut32.dll
-c----w 122,880 2006-10-16 16:15:00 C:\WINDOWS\system32\dllcache\oledlg.dll
-c----w 433,152 2006-11-27 14:54:06 C:\WINDOWS\system32\dllcache\riched20.dll
-c----w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\dllcache\rpcrt4.dll
-c----w 144,896 2007-04-25 14:21:15 C:\WINDOWS\system32\dllcache\schannel.dll
-c--a-w 8,453,632 2006-12-19 21:52:18 C:\WINDOWS\system32\dllcache\shell32.dll
-c----w 134,656 2006-12-19 21:52:18 C:\WINDOWS\system32\dllcache\shsvcs.dll
-c----w 246,814 2006-08-21 21:52:08 C:\WINDOWS\system32\dllcache\strmdll.dll
-c----w 713,216 2006-10-19 13:59:58 C:\WINDOWS\system32\dllcache\sxs.dll
-c----w 364,160 2007-04-23 10:14:23 C:\WINDOWS\system32\dllcache\update.sys
-c----w 185,344 2007-02-05 20:17:02 C:\WINDOWS\system32\dllcache\upnphost.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 578,048 2007-03-08 15:48:36 C:\WINDOWS\system32\dllcache\user32.dll
-c--a-w 765,952 2007-07-12 23:31:54 C:\WINDOWS\system32\dllcache\vgx.dll
-c--a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 333,824 2006-12-19 18:16:47 C:\WINDOWS\system32\dllcache\wiaservc.dll
-c----w 1,843,968 2007-03-08 13:49:49 C:\WINDOWS\system32\dllcache\win32k.sys
-c--a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
-c----w 292,864 2007-03-17 13:43:01 C:\WINDOWS\system32\dllcache\winsrv.dll
-c----w 132,096 2006-08-17 12:37:49 C:\WINDOWS\system32\dllcache\wkssvc.dll
-c----w 2,330,624 2006-12-07 04:14:51 C:\WINDOWS\system32\dllcache\wmvcore.dll
----a-w 189,712 2007-09-13 04:19:48 C:\WINDOWS\system32\drivers\klif.sys
----a-w 72,712 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfeavfk.sys
----a-w 34,184 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfebopk.sys
----a-w 171,240 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfehidk.sys
----a-w 52,200 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfetdik.sys
----a-w 574,976 2007-02-09 11:23:36 C:\WINDOWS\system32\drivers\ntfs.sys
----a-w 163,456 2006-10-13 10:39:12 C:\WINDOWS\system32\drivers\nwrdr.sys
----a-w 364,160 2007-04-23 10:14:23 C:\WINDOWS\system32\drivers\update.sys
----a-w 65,099 2007-10-14 04:42:25 C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin
----a-w 65,099 2007-10-14 04:42:45 C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin
----a-w 2,115,816 2007-06-11 20:34:34 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 190,696 2007-06-11 20:34:40 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
----a-w 45,218 2007-10-13 07:42:13 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
----a-w 36,680 2007-10-16 12:08:36 C:\WINDOWS\system32\Restore\rstrlog.dat
----a-w 33,624 2007-07-31 07:18:40 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
----a-w 43,352 2007-07-31 07:19:12 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
----a-w 82,432 2007-04-18 22:36:40 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
----a-w 1,275,392 2007-05-09 03:06:44 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
----a-w 74,802 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
----a-w 995,383 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
----a-w 1,011,774 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
----a-w 401,462 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
.
----a-w 7,970,816 2007-07-08 03:32:09 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 147,456 2007-07-08 03:32:09 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-r 102,400 2007-09-09 06:38:13 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w 41,984 2004-08-03 23:56:42 C:\WINDOWS\msagent\agentdp2.dll
----a-w 256,512 2004-08-03 23:56:48 C:\WINDOWS\msagent\agentsvr.exe
----a-w 75,544 2005-10-12 09:00:16 C:\WINDOWS\system32\cdm.dll
----a-w 498,205 2004-08-03 23:56:44 C:\WINDOWS\system32\dxmasf.dll
----a-w 131,584 2006-11-08 09:03:36 C:\WINDOWS\system32\extmgr.dll
----a-w 1,170,952 2007-09-17 08:42:55 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 54,784 2006-11-07 15:26:28 C:\WINDOWS\system32\ie4uinit.exe
----a-w 152,064 2006-11-07 15:26:56 C:\WINDOWS\system32\ieakeng.dll
----a-w 229,376 2006-11-07 15:27:02 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2006-11-07 15:25:14 C:\WINDOWS\system32\ieakui.dll
----a-w 382,976 2006-11-07 15:27:10 C:\WINDOWS\system32\iedkcs32.dll
----a-w 43,008 2006-11-07 15:26:28 C:\WINDOWS\system32\iernonce.dll
----a-w 13,312 2006-11-07 15:26:32 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,136 2006-11-08 09:03:36 C:\WINDOWS\system32\jsproxy.dll
----a-w 985,088 2006-07-05 10:57:10 C:\WINDOWS\system32\kernel32.dll
----a-w 721,920 2005-10-14 17:17:44 C:\WINDOWS\system32\lsasrv.dll
----a-w 39,936 2004-08-03 23:56:44 C:\WINDOWS\system32\mf3216.dll
----a-w 924,432 2001-08-23 13:00:00 C:\WINDOWS\system32\mfc40u.dll
----a-w 9,639,336 2006-10-04 20:03:45 C:\WINDOWS\system32\MRT.exe
----a-w 192,000 2006-10-18 01:05:10 C:\WINDOWS\system32\msrating.dll
----a-w 670,720 2006-11-08 09:03:36 C:\WINDOWS\system32\mstime.dll
----a-w 499,712 2003-03-19 10:14:52 C:\WINDOWS\system32\msvcp71.dll
----a-w 348,160 2003-02-21 16:42:22 C:\WINDOWS\system32\msvcr71.dll
----a-w 1,245,184 2006-09-13 05:51:42 C:\WINDOWS\system32\msxml4.dll
----a-w 1,334,032 2006-09-02 00:08:02 C:\WINDOWS\system32\msxml6.dll
----a-w 127,208 2005-05-26 16:16:24 C:\WINDOWS\system32\mucltui.dll
----a-w 208,248 2007-04-17 10:43:40 C:\WINDOWS\system32\muweb.dll
----a-w 2,027,008 2006-03-16 09:09:40 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,147,840 2006-03-16 09:34:02 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 58,880 2001-08-23 13:00:00 C:\WINDOWS\system32\nwapi32.dll
----a-w 144,384 2004-08-03 23:56:46 C:\WINDOWS\system32\nwprovau.dll
----a-w 65,024 2005-10-12 17:21:04 C:\WINDOWS\system32\nwwks.dll
----a-w 101,376 2006-10-18 01:04:46 C:\WINDOWS\system32\occache.dll
----a-w 553,472 2004-08-03 23:56:46 C:\WINDOWS\system32\oleaut32.dll
----a-w 117,760 2001-08-23 13:00:00 C:\WINDOWS\system32\oledlg.dll
----a-w 278,528 2007-09-03 02:15:24 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5032.dll
----a-w 185,688 2007-09-03 02:15:31 C:\WINDOWS\system32\rmoc3260.dll
----a-w 144,896 2004-08-03 23:56:46 C:\WINDOWS\system32\schannel.dll
----a-w 246,302 2004-08-03 23:56:46 C:\WINDOWS\system32\strmdll.dll
----a-w 185,344 2004-08-03 23:56:48 C:\WINDOWS\system32\upnphost.dll
----a-w 1,839,360 2005-11-08 23:13:40 C:\WINDOWS\system32\win32k.sys
----a-w 132,096 2004-08-03 23:56:48 C:\WINDOWS\system32\wkssvc.dll
----a-w 5,533,696 2006-04-11 19:35:02 C:\WINDOWS\system32\wmp.dll
----a-w 428,824 2005-10-12 09:00:24 C:\WINDOWS\system32\wuapi.dll
----a-w 124,184 2005-10-12 09:00:24 C:\WINDOWS\system32\wuauclt.exe
----a-w 1,343,768 2005-10-12 09:00:26 C:\WINDOWS\system32\wuaueng.dll
----a-w 127,256 2005-10-12 09:00:26 C:\WINDOWS\system32\wucltui.dll
----a-w 41,240 2005-10-12 09:00:26 C:\WINDOWS\system32\wups.dll
----a-w 18,200 2005-10-12 09:00:26 C:\WINDOWS\system32\wups2.dll
----a-w 173,536 2005-10-12 09:00:26 C:\WINDOWS\system32\wuweb.dll
----a-w 16,384 2002-01-08 06:52:05 C:\WINDOWS\system32
nishikamae
2007-10-15, 19:56
\config\systemprofile\Cookies\index.dat
----a-w 32,768 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
-c--a-w 123,904 2006-11-07 15:26:24 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2006-10-18 00:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 131,584 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 54,784 2006-11-07 15:26:28 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 152,064 2006-11-07 15:26:56 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 229,376 2006-11-07 15:27:02 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2006-11-07 15:25:14 C:\WINDOWS\system32\dllcache\ieakui.dll
-c--a-w 382,976 2006-11-07 15:27:10 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c--a-w 43,008 2006-11-07 15:26:28 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 622,080 2006-10-18 01:04:40 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 27,136 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 985,088 2006-07-05 10:57:10 C:\WINDOWS\system32\dllcache\kernel32.dll
-c--a-w 3,577,856 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 475,648 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 192,000 2006-10-18 01:05:10 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 670,720 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 1,084,416 2006-09-13 05:01:56 C:\WINDOWS\system32\dllcache\msxml3.dll
-c----w 336,896 2006-07-14 15:41:56 C:\WINDOWS\system32\dllcache\netapi32.dll
-c----w 101,376 2006-10-18 01:04:46 C:\WINDOWS\system32\dllcache\occache.dll
-c--a-w 8,453,632 2006-07-13 13:33:27 C:\WINDOWS\system32\dllcache\shell32.dll
-c----w 105,984 2006-10-18 01:05:22 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,162,240 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\urlmon.dll
-c--a-w 765,952 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\VGX.dll
-c--a-w 231,424 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 818,688 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\wininet.dll
----a-w 574,976 2005-11-28 20:19:58 C:\WINDOWS\system32\drivers\ntfs.sys
----a-w 163,584 2004-08-03 22:02:24 C:\WINDOWS\system32\drivers\nwrdr.sys
----a-w 209,280 2005-10-15 11:48:26 C:\WINDOWS\system32\drivers\update.sys
----a-w 2,078,344 2006-06-23 01:44:58 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 81,736 2007-10-12 06:53:50 C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
"Cmaudio"="cmicnfg.cpl" []
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [02/25/2006 11:41 AM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [08/06/2004 05:01 PM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/01/2006 05:22 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/06/2006 06:37 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"EzTruehitNews"="C:\Program Files\SmartAdviser\EZAD\svchost.exe" [08/04/2006 04:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"C:\WINDOWS\Config\wr-1-312.exe"="C:\WINDOWS\Config\wr-1-312.exe" []
"Disk Check"="C:\WINDOWS\chkdsk32_.exe" []
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [08/13/2007 08:50 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/12/2007 06:40 PM]
"C:\WINDOWS\Config\load.exe"="C:\WINDOWS\Config\load.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 AM]
"UIWatcher"="C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [08/18/2006 06:48 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/04/2007 10:37 PM]
"viwc"="C:\WINDOWS\system32\viwc.exe" [06/26/2007 05:13 AM]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [06/25/2007 11:28 PM]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [06/21/2007 11:41 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"msnsc"=C:\WINDOWS\system32\msnsc.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2544-02-13 15:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\sulimo.dat
R0 tcvso;tcvs;C:\WINDOWS\system32\DRIVERS\tcvso.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 SunkFilt62;Alcor Micro Corp - 6362;\??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys
S3 LRMINIPORT;LanRoad PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\lrpppoe.sys
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\qcusbser.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6bc398-7a1d-11dc-97bd-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c79e3d-6043-11dc-80e8-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ctrmode]
C:\WINDOWS\ctrmode.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\smcss]
C:\WINDOWS\smcss.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 09:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-16 12:43:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-16 04:52:53 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD0036B7-583C-403A-8D07-416CC9A5A565}.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 00:41:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\winamp.ini
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\Wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log
C:\WINDOWS\WMFDist11Uninst.log
C:\WINDOWS\wmp
C:\WINDOWS\wmp11.log
C:\WINDOWS\wmp11Uninst.log
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\Wudf01000Inst.log
C:\WINDOWS\xptools.ini
C:\WINDOWS\yhl.dll
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
C:\WINDOWS\_MSRSTRT.EXE
scan completed successfully
hidden files: 23
*************************************************************************
nishikamae
2007-10-15, 19:57
Here is a Logfile of HijackThis
Logfile of HijackThis
v1.99.1
Scan saved at 0:45:43, on 16/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Hi
First we'll need to backup registry:
Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ctrmode]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\smcss]
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif
Doubleclick fix.reg, press Yes and ok.
(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)
Open HijackThis, click do a system scan only and checkmark these:
O4 - HKLM\..\Run: [C:\WINDOWS\Config\wr-1-312.exe] C:\WINDOWS\Config\wr-1-312.exe
O4 - HKLM\..\Run: [Disk Check] C:\WINDOWS\chkdsk32_.exe
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
Close all windows including browser and press fix checked.
Reboot.
Post a fresh HijackThis log.
nishikamae
2007-10-15, 20:21
Here is a Logfile of HijackThis ... Thank You
Logfile of HijackThis v1.99.1
Scan saved at 1:24:29, on 16/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
nishikamae
2007-10-15, 21:02
Now my window media player can't run and message from IE alway pop up about script error from fire fox googletoolbar what should i do thank you
Hi
"Now my window media player can't run and message from IE alway pop up about script error from fire fox googletoolbar what should i do thank you"
Well we try to fix a bit later.
Like I already said you were badly infected so that can be caused malware.
Boot in safe mode.
Open HijackThis, click do a system scan only and checkmark this:
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
Close all windows including browser and press fix checked.
Reboot.
Post a fresh HijackThis log.
nishikamae
2007-10-16, 08:42
Here is aLogfile of HijackThis Thank You
Logfile of HijackThis v1.99.1
Scan saved at 13:45:07, on 16/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Hi
Let's try this again:
Open notepad and copy/paste the text in the quotebox below into it:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
nishikamae
2007-10-16, 09:27
After running program it doesn't me 2 reboot but it ask me to browse and send a zip file but i didn't send it
Here is log file of combofix thank you
ComboFix 07-10-11.1 - user 10/16/2007 14:18:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.374 [GMT -12:00]
Running from: C:\Documents and Settings\user\Desktop\Fix\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\Desktop\internet.lnk
.
((((((((((((((((((((((((( Files Created from 2007-09-17 to 2007-10-17 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-17 01:42 --------- d-----w C:\Program Files\ViStart
2007-10-16 14:11 109 ----a-w C:\Program Files\AudiLog.txt
2007-10-16 12:45 16,384 ----a-w C:\WINDOWS\xlavra3.exe
2007-10-16 11:48 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-16 11:26 20,992 ----a-w C:\WINDOWS\dravic.exe
2007-10-15 15:47 153,642 ----a-w C:\Installer.exe
2007-10-14 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 02:50 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-13 08:16 4 ----a-w C:\Program Files\VERSION.CFG
2007-10-13 08:16 --------- d-----w C:\Program Files\ABM
2007-10-13 07:28 --------- d-----w C:\Program Files\Opera
2007-10-13 07:27 --------- d-----w C:\Program Files\Netscape
2007-10-13 06:59 --------- d-----w C:\Documents and Settings\user\Application Data\Netscape
2007-10-13 06:46 --------- d-----w C:\Program Files\Viewpoint
2007-10-13 06:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 06:44 --------- d-----w C:\Program Files\Java
2007-10-13 06:42 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-13 06:41 --------- d-----w C:\Program Files\Common Files\Real
2007-10-13 06:40 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-13 06:40 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-13 05:59 --------- d-----w C:\Program Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-13 04:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-13 04:41 88,205 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-13 04:41 84,621 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-13 04:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-13 04:35 --------- d-----w C:\Program Files\Camfrog
2007-10-13 04:29 --------- d-----w C:\Program Files\Lavasoft
2007-10-13 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-13 03:21 340,992 ----a-w C:\WINDOWS\system32\lasse.exe
2007-10-12 12:26 3,606 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-11 03:31 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
2007-10-10 06:41 1,354,240 ----a-w C:\Program Files\Audition.exe
2007-10-08 11:53 --------- d-----w C:\Program Files\DATA
2007-10-08 11:52 --------- d-----w C:\Program Files\SCRIPT
2007-10-01 02:56 --------- d-----w C:\Program Files\WinPcap
2007-10-01 02:56 --------- d-----w C:\Documents and Settings\user\Application Data\Orbit
2007-10-01 01:24 --------- d-----w C:\Program Files\IE7Pro
2007-10-01 01:24 --------- d-----w C:\Documents and Settings\user\Application Data\IE7pro
2007-09-29 07:04 --------- d-----w C:\Program Files\Bug Doctor
2007-09-21 08:52 13,924 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-09-18 10:59 465,816 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-09-17 08:55 --------- d-----w C:\Documents and Settings\user\Application Data\ViStart
2007-09-17 08:37 --------- d-----w C:\Program Files\VisualTooltip
2007-09-17 08:37 --------- d-----w C:\Program Files\Vista Sidebar
2007-09-17 08:37 --------- d-----w C:\Program Files\ViOrb
2007-09-17 08:37 --------- d-----w C:\Program Files\Styler
2007-09-17 08:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 08:37 --------- d-----w C:\Program Files\LClock
2007-09-17 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-17 08:05 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-09-17 07:51 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft
2007-09-17 07:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-09 06:38 --------- d-----w C:\Program Files\iTunes
2007-09-09 06:37 --------- d-----w C:\Program Files\iPod
2007-09-09 06:36 --------- d-----w C:\Program Files\Apple Software Update
2007-09-08 08:50 64,168 ----a-w C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-09-05 09:34 --------- d-----w C:\Program Files\Google
2007-09-03 23:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-03 13:58 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-03 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-03 02:16 --------- d-----w C:\Program Files\Real
2007-08-25 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-08-23 06:12 --------- d-----w C:\Program Files\AML Products
2007-08-20 13:50 --------- d-----w C:\Program Files\thriXXX
2007-08-20 02:25 --------- d-----w C:\Documents and Settings\user\Application Data\MegauploadToolbar
2007-08-19 01:47 --------- d-----w C:\Program Files\MegauploadToolbar
2007-07-31 07:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 07:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 07:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 07:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 07:19 43,352 ----a-w C:\WINDOWS\system32\wups2(2)(2).dll
2007-07-31 07:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 07:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 07:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 07:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 07:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 07:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 07:18 33,624 ----a-w C:\WINDOWS\system32\wups(2)(2).dll
2007-03-28 06:16 462,848 ----a-w C:\Program Files\patcher.exe
2006-07-21 08:15 361 ----a-w C:\Program Files\AX.bat
2005-12-26 11:48 294 ----a-w C:\Program Files\macro.txt
2005-12-23 14:45 102,400 ----a-w C:\Program Files\TaskKeyHookWD.dll
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp2.dat
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp.dat
2005-10-13 10:37 8,038 ----a-w C:\Program Files\icon4.ico
2005-10-13 10:31 7,782 ----a-w C:\Program Files\icon3.ico
2004-11-10 05:31 372,736 ----a-w C:\Program Files\ijl15.dll
2004-10-18 08:04 161,280 ----a-w C:\Program Files\fmod.dll
2001-11-23 23:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( snapshot@Fri 10-12-2007_ 0.48.34.32 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,429,504 2005-10-15 09:07:16 C:\WINDOWS\explorer(2).exe
----a-w 10,191 2007-10-13 06:46:10 C:\WINDOWS\mozver.dat
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
----a-w 539,136 2006-11-27 15:17:10 C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
----a-w 433,664 2006-11-27 15:17:10 C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
----a-w 549,888 2007-05-17 11:25:21 C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe
----a-w 122,880 2006-10-16 17:14:17 C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
----a-w 536,576 2006-12-26 13:18:55 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
----a-w 180,224 2006-12-26 13:18:55 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
----a-w 200,704 2006-12-26 17:18:56 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
----a-w 102,400 2006-12-26 13:18:55 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB927802\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe
----a-w 333,824 2006-12-19 18:47:14 C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spuninst.exe
----a-w 2,854,400 2007-04-18 16:14:43 C:\WINDOWS\$hf_mig$\KB927891\SP2QFE\msi31.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
----a-w 8,458,752 2006-12-19 21:50:10 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
----a-w 135,168 2006-12-19 21:50:10 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
----a-w 248,320 2006-12-19 16:10:56 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\xpsp3res.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB928843\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB928843\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB928843\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
----a-w 292,864 2007-03-17 13:45:03 C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
----a-w 185,344 2007-02-05 20:19:14 C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe
----a-w 2,137,600 2007-02-28 09:53:04 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
----a-w 2,059,392 2007-02-28 13:15:58 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
----a-w 2,017,280 2007-02-28 09:15:59 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:21 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe
----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
----a-w 144,896 2007-04-25 20:32:22 C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
----a-w 1,104,896 2007-06-26 06:06:12 C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
----a-w 765,952 2007-07-12 23:28:55 C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10
nishikamae
2007-10-16, 09:28
C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
-c----w 537,088 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB918118$\msftedit.dll
-c----w 431,616 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB918118$\riched20.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB918118$\spuninst\updspapi.dll
-c----w 41,984 2004-08-03 23:56:42
C:\WINDOWS\$NtUninstallKB920213$\agentdp2.dll
-c----w 57,344 2005-10-13 21:35:58 C:\WINDOWS\$NtUninstallKB920213$\agentdpv.dll
-c----w 256,512 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe
-c----w 90,624 2006-06-23 08:47:05 C:\WINDOWS\$NtUninstallKB920213$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB920213$\spuninst\updspapi.dll
-c----w 553,472 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB921503$\oleaut32.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB921503$\spuninst\updspapi.dll
-c----w 2,330,624 2005-11-06 21:13:34 C:\WINDOWS\$NtUninstallKB923689$\wmvcore.dll
-c----w 213,216 2005-06-28 17:23:24 C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 17:23:53 C:\WINDOWS\$NtUninstallKB923689$\spuninst\updspapi.dll
-c----w 58,880 2001-08-23 13:00:00 C:\WINDOWS\$NtUninstallKB923980$\nwapi32.dll
-c----w 144,384 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll
-c----w 163,584 2004-08-03 22:02:24 C:\WINDOWS\$NtUninstallKB923980$\nwrdr.sys
-c----w 65,024 2005-10-12 17:21:04 C:\WINDOWS\$NtUninstallKB923980$\nwwks.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB923980$\spuninst\updspapi.dll
-c----w 721,920 2005-10-14 17:17:44 C:\WINDOWS\$NtUninstallKB924270$\lsasrv.dll
-c----w 336,896 2006-07-14 15:41:56 C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll
-c----w 132,096 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB924270$\wkssvc.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB924270$\spuninst\updspapi.dll
-c----w 924,432 2001-08-23 13:00:00 C:\WINDOWS\$NtUninstallKB924667$\mfc40u.dll
-c----w 1,024,000 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB924667$\mfc42u.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB924667$\spuninst\updspapi.dll
-c----w 498,205 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB925398_WMP64$\dxmasf.dll
-c----w 246,302 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB925398_WMP64$\strmdll.dll
-c----w 213,216 2005-06-28 22:23:26 C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 22:23:54 C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\updspapi.dll
-c----w 280,064 2006-01-16 21:39:16 C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll
-c----w 39,936 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll
-c----w 577,024 2005-10-13 21:36:14 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
-c----w 1,839,360 2005-11-08 23:13:40 C:\WINDOWS\$NtUninstallKB925902$\win32k.sys
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB925902$\spuninst\updspapi.dll
-c----w 819,200 2005-05-23 15:48:52 C:\WINDOWS\$NtUninstallKB926251$\setup_wm.exe
-c----w 213,216 2005-06-28 22:23:26 C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 22:23:54 C:\WINDOWS\$NtUninstallKB926251$\spuninst\updspapi.dll
-c----w 713,216 2005-11-23 17:41:46 C:\WINDOWS\$NtUninstallKB926255$\sxs.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926255$\spuninst\updspapi.dll
-c----w 117,760 2001-08-23 13:00:00 C:\WINDOWS\$NtUninstallKB926436$\oledlg.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926436$\spuninst\updspapi.dll
-c----w 536,576 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msado15.dll
-c----w 180,224 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msadomd.dll
-c----w 200,704 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msadox.dll
-c----w 102,400 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msjro.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927779$\spuninst\updspapi.dll
-c----w 333,312 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB927802$\wiaservc.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB927802$\spuninst\updspapi.dll
-c----w 2,890,240 2006-02-21 17:22:12 C:\WINDOWS\$NtUninstallKB927891$\msi.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\updspapi.dll
-c----w 28,024,832 2006-07-13 13:33:28 C:\WINDOWS\$NtUninstallKB928255$\shell32.dll
-c----w 134,656 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB928255$\shsvcs.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB928255$\spuninst\updspapi.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB928843$\spuninst\updspapi.dll
-c----w 430,080 2006-04-09 13:35:50 C:\WINDOWS\$NtUninstallKB930178$\winsrv.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB930178$\spuninst\updspapi.dll
-c----w 574,976 2005-11-28 20:19:58 C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB930916$\spuninst\updspapi.dll
-c----w 185,344 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB931261$\upnphost.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931261$\spuninst\updspapi.dll
-c----w 2,027,008 2006-03-16 09:09:40 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
-c----w 2,147,840 2006-03-16 09:34:02 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931784$\spuninst\updspapi.dll
-c----w 57,344 2006-10-12 13:54:18 C:\WINDOWS\$NtUninstallKB932168$\agentdpv.dll
-c----w 57,344 2006-10-12 13:54:18 C:\WINDOWS\$NtUninstallKB932168$\agentdpv.dll.000
-c----w 248,320 2006-10-16 10:29:15 C:\WINDOWS\$NtUninstallKB932168$\xpsp3res.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB932168$\spuninst\updspapi.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933360$\spuninst\updspapi.dll
-c----w 582,144 2006-01-16 21:39:34 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 985,088 2006-07-05 10:57:10 C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB935839$\spuninst\updspapi.dll
-c----w 144,896 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB935840$\schannel.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB935840$\spuninst\updspapi.dll
-c----w 1,084,416 2006-09-13 05:01:56 C:\WINDOWS\$NtUninstallKB936021$\msxml3.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB936021$\spuninst\updspapi.dll
-c----w 209,280 2005-10-15 11:48:26 C:\WINDOWS\$NtUninstallKB936357$\update.sys
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB936357$\spuninst\updspapi.dll
-c----w 5,533,696 2006-04-11 19:35:02 C:\WINDOWS\$NtUninstallKB936782_WMP10$\wmp.dll
-c----w 213,216 2005-06-28 22:23:26 C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 22:23:54 C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\updspapi.dll
-c----w 1,429,504 2005-10-15 09:07:16 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB938828$\spuninst\updspapi.dll
-c----w 282,112 2007-03-08 15:48:36 C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll
-c----w 282,112 2007-03-08 15:48:36 C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll.000
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB938829$\spuninst\updspapi.dll
-c----w 679,424 2006-04-11 16:33:42 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:39 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:47 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
----a-w 516,096 2006-05-25 07:17:22 C:\WINDOWS\Downloaded Program Files\ThaiGameStart.dll
------w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
------w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
----a-w 163,328 2007-10-16 02:38:55 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 10,686,464 2007-10-16 11:03:32 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
----a-w 208,896 2007-10-16 11:03:32 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-10-16 02:38:55 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 10,686,464 2007-10-16 11:03:14 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
----a-w 208,896 2007-10-16 11:03:14 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
-c----w 765,952 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
-c----w 123,904 2006-11-07 15:26:24 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-18 00:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 131,584 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-18 00:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 54,784 2006-11-07 15:26:28 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 152,064 2006-11-07 15:26:56 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 229,376 2006-11-07 15:27:02 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2006-11-07 15:25:14 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 380,928 2006-10-18 00:27:56 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 382,976 2006-11-07 15:27:10 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,049,280 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 43,008 2006-11-07 15:26:28 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 266,752 2006-10-18 00:57:20 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,312 2006-11-07 15:26:32 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 622,080 2006-10-18 01:04:40 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,136 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 458,752 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 50,688 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,786,752 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 475,648 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 192,000 2006-10-18 01:05:10 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 670,720 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 101,376 2006-10-18 01:04:46 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2006-10-18 01:05:22 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,162,240 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 356,352 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 818,688 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:39 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
nishikamae
2007-10-16, 09:29
----a-r 24,640 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\AdsLokUU.Dll
----a-r 104,024 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\BBCpl.dll
----a-r 71,256 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\condl.dll
----a-r 99,928 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\consl.dll
----a-r 132,696 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\coptcpl.dll
----a-r 71,232 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\csscan.exe
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\EntSrv.dll
----a-r 11,840 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\entvutil.exe
----a-r 194,136 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4837_shutil.dll
----a-r 24,664 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4842_McShield.DLL
----a-r 144,960 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4843_Mcshield.exe
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4844_naiann.dll
----a-r 263,768 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4845_NaiEvent.dll
----a-r 54,872 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4853_VsTskMgr.exe
----a-r 13,912 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4856_scan32.exe
----a-r 79,448 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4861_mcupdate.exe
----a-r 104,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftcfg.dll
----a-r 41,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftl.dll
----a-r 25,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\lockdown.dll
----a-r 58,968 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\logparser.exe
----a-r 16,472 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVDetect.DLL
----a-r 19,032 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVSCV.DLL
----a-r 28,224 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShield.dll
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShieldPerfData.dll
----a-r 34,368 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\Mcvssnmp.dll
----a-r 83,520 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfa.dll
----a-r 64,360 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfa.dll
----a-r 72,264 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopa.dll
----a-r 34,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopk.sys
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehida.dll
----a-r 46,656 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidin.exe
----a-r 170,408 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidk.sys
----a-r 18,496 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mferkda.dll
----a-r 52,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfetdik.sys
----a-r 132,672 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus.dll
----a-r 226,880 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus2.dll
----a-r 75,328 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NaEvent.Dll
----a-r 333,496 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCExtMgr.dll
----a-r 464,560 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCScan.dll
----a-r 35,416 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\OASCpl.dll
----a-r 263,744 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScanOTLK.Dll
----a-r 11,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScnCfg32.Exe
----a-r 67,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScriptCl.dll
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\scriptsv.dll
----a-r 112,216 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\shstat.exe
----a-r 243,288 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsodscpl.dll
----a-r 83,544 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\VSPlugin.dll
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsupdcpl.dll
----a-r 102,400 2007-10-13 06:14:59 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-r 32,768 2007-10-16 11:48:59 C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
----a-w 42,496 2006-10-12 13:54:18 C:\WINDOWS\msagent\agentdp2.dll
----a-w 256,512 2006-10-12 11:54:07 C:\WINDOWS\msagent\agentsvr.exe
----a-w 819,200 2006-10-03 01:30:10 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\setup_wm.exe
----a-w 13,536 2005-06-28 22:20:24 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\spmsg.dll
----a-w 213,216 2005-06-28 22:23:26 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\spuninst.exe
----a-w 716,000 2005-06-28 22:24:52 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\update\update.exe
----a-w 371,424 2005-06-28 22:23:54 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\spuninst.exe
----a-w 1,104,896 2007-06-26 06:08:16 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\SP2GDR\msxml3.dll
----a-w 1,104,896 2007-06-26 06:06:12 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\SP2QFE\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieapfltr.dat
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\msfeedsbs.dll
----a-w 3,584,512 2007-08-21 03:34:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\SP2GDR\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56
nishikamae
2007-10-16, 09:30
C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:47 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 13,536 2005-06-28 17:20:23 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\spmsg.dll
----a-w 213,216 2005-06-28 17:23:24
C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\spuninst.exe
----a-w 2,330,624 2006-12-07 04:14:51 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\Emerald\WMVCORE.DLL
----a-w 716,000 2005-06-28 17:24:51 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\update\Update.exe
----a-w 371,424 2005-06-28 17:23:53 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\update\updspapi.dll
----a-w 2,374,472 2006-12-07 05:29:34
C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP10L\WMVCORE.DLL
----a-w 2,362,184 2006-12-07 06:40:49 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP10NL\Wmvcore.dll
----a-w 2,071,368 2006-12-07 08:04:44 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP9L\WMVCORE.DLL
----a-w 2,174,976 2006-12-08 05:02:24 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP9NL\WMVCORE.DLL
----a-w 10,592 2007-10-16 11:58:33 C:\WINDOWS\SoftwareDistribution\EventCache\{47444182-2AD6-4630-85C2-9214EFC33EDA}.bin
----a-w 498,742 2006-08-22 16:05:26 C:\WINDOWS\system32\dxmasf.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 1,170,952 2007-10-16 12:00:52 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 282,112 2007-06-19 13:37:21 C:\WINDOWS\system32\gdi32(2)(2).dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 679,424 2006-04-11 16:33:42 C:\WINDOWS\system32\inetcomm(2).dll
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
----a-w 986,112 2007-04-16 16:07:27 C:\WINDOWS\system32\kernel32.dll
----a-w 726,528 2006-08-17 12:37:49 C:\WINDOWS\system32\lsasrv.dll
----a-w 40,960 2007-03-08 15:48:36 C:\WINDOWS\system32\mf3216.dll
----a-w 927,504 2006-11-01 19:17:45 C:\WINDOWS\system32\mfc40u.dll
----a-w 1,024,000 2004-08-03 23:56:44 C:\WINDOWS\system32\mfc42u(2).dll
----a-w 18,089,592 2007-09-28 10:19:40 C:\WINDOWS\system32\MRT.exe
----a-w 537,088 2004-08-03 23:56:44 C:\WINDOWS\system32\msftedit(2).dll
----a-w 2,854,400 2007-04-18 16:12:23 C:\WINDOWS\system32\msi(2)(2).dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 1,275,392 2007-05-09 03:03:04 C:\WINDOWS\system32\msxml4.dll
----a-w 1,320,800 2007-05-16 03:43:10 C:\WINDOWS\system32\msxml6.dll
----a-w 337,408 2006-08-17 12:37:49 C:\WINDOWS\system32\netapi32(2)(2).dll
----a-w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 64,000 2006-10-13 12:41:38 C:\WINDOWS\system32\nwapi32.dll
----a-w 142,336 2006-10-13 12:41:38 C:\WINDOWS\system32\nwprovau.dll
----a-w 65,536 2006-10-13 12:41:38 C:\WINDOWS\system32\nwwks.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 549,376 2007-05-17 11:28:05 C:\WINDOWS\system32\oleaut32.dll
----a-w 122,880 2006-10-16 16:15:00 C:\WINDOWS\system32\oledlg.dll
----a-w 278,528 2007-10-13 06:40:44 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5032.dll
----a-w 431,616 2004-08-03 23:56:46 C:\WINDOWS\system32\riched20(2).dll
----a-w 185,688 2007-10-13 06:41:26 C:\WINDOWS\system32\rmoc3260.dll
----a-w 144,896 2007-04-25 14:21:15 C:\WINDOWS\system32\schannel.dll
----a-w 8,453,632 2006-12-19 21:52:18 C:\WINDOWS\system32\shell32(2)(2).dll
----a-w 134,656 2006-12-19 21:52:18 C:\WINDOWS\system32\shsvcs(2)(2).dll
----a-w 246,814 2006-08-21 21:52:08 C:\WINDOWS\system32\strmdll.dll
----a-w 7,849 2007-10-16 12:33:54 C:\WINDOWS\system32\sulimo.dat
----a-w 713,216 2006-10-19 13:59:58 C:\WINDOWS\system32\sxs(2)(2).dll
------w 60,416 2007-07-18 12:42:22 C:\WINDOWS\system32\tzchange.exe
----a-w 237,936 2004-01-07 23:21:24 C:\WINDOWS\system32\unicows.dll
----a-w 185,344 2007-02-05 20:17:02 C:\WINDOWS\system32\upnphost.dll
----a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\system32\user32(2)(2).dll
----a-w 333,312 2004-08-03 23:56:48 C:\WINDOWS\system32\wiaservc(3).dll
----a-w 1,843,968 2007-03-08 13:49:49 C:\WINDOWS\system32\win32k.sys
----a-w 292,864 2007-03-17 13:43:01 C:\WINDOWS\system32\winsrv(2)(2).dll
----a-w 132,096 2006-08-17 12:37:49 C:\WINDOWS\system32\wkssvc.dll
----a-w 5,537,792 2007-04-30 20:20:24 C:\WINDOWS\system32\wmp.dll
----a-w 16,384 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
--sha-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c--a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c----w 42,496 2006-10-12 13:54:18 C:\WINDOWS\system32\dllcache\agentdp2.dll
-c----w 57,344 2006-10-12 13:54:18 C:\WINDOWS\system32\dllcache\agentdpv.dll
-c----w 256,512 2006-10-12 11:54:07 C:\WINDOWS\system32\dllcache\agentsvr.exe
-c----w 498,742 2006-08-22 16:05:26 C:\WINDOWS\system32\dllcache\dxmasf.dll
-c--a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\system32\dllcache\explorer.exe
-c--a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 282,112 2007-06-19 13:37:21 C:\WINDOWS\system32\dllcache\gdi32.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c--a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c----w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-08-21 06:25:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 986,112 2007-04-16 16:07:27 C:\WINDOWS\system32\dllcache\kernel32.dll
-c----w 726,528 2006-08-17 12:37:49 C:\WINDOWS\system32\dllcache\lsasrv.dll
-c----w 40,960 2007-03-08 15:48:36 C:\WINDOWS\system32\dllcache\mf3216.dll
-c----w 927,504 2006-11-01 19:17:45 C:\WINDOWS\system32\dllcache\mfc40u.dll
-c----w 981,760 2006-12-14 13:45:53 C:\WINDOWS\system32\dllcache\mfc42u.dll
-c----w 536,576 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msado15.dll
-c----w 180,224 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msadomd.dll
-c----w 200,704 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msadox.dll
-c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c----w 539,136 2006-11-27 14:54:06 C:\WINDOWS\system32\dllcache\msftedit.dll
-c--a-w 3,584,512 2007-08-21 03:34:42 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 102,400 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msjro.dll
-c--a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 1,104,896 2007-06-26 06:08:16 C:\WINDOWS\system32\dllcache\msxml3.dll
-c----w 337,408 2006-08-17 12:37:49 C:\WINDOWS\system32\dllcache\netapi32.dll
-c----w 574,976 2007-02-09 11:23:36 C:\WINDOWS\system32\dllcache\ntfs.sys
-c----w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
-c----w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
-c----w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\system32\dllcache\ntkrpamp.exe
-c----w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
-c----w 64,000 2006-10-13 12:41:38 C:\WINDOWS\system32\dllcache\nwapi32.dll
-c----w 142,336 2006-10-13 12:41:38 C:\WINDOWS\system32\dllcache\nwprovau.dll
-c----w 163,456 2006-10-13 10:39:12 C:\WINDOWS\system32\dllcache\nwrdr.sys
-c----w 65,536 2006-10-13 12:41:38 C:\WINDOWS\system32\dllcache\nwwks.dll
-c----w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 549,376 2007-05-17 11:28:05 C:\WINDOWS\system32\dllcache\oleaut32.dll
-c----w 122,880 2006-10-16 16:15:00 C:\WINDOWS\system32\dllcache\oledlg.dll
-c----w 433,152 2006-11-27 14:54:06 C:\WINDOWS\system32\dllcache\riched20.dll
-c----w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\dllcache\rpcrt4.dll
-c----w 144,896 2007-04-25 14:21:15 C:\WINDOWS\system32\dllcache\schannel.dll
-c--a-w 8,453,632 2006-12-19 21:52:18 C:\WINDOWS\system32\dllcache\shell32.dll
-c----w 134,656 2006-12-19 21:52:18 C:\WINDOWS\system32\dllcache\shsvcs.dll
-c----w 246,814 2006-08-21 21:52:08 C:\WINDOWS\system32\dllcache\strmdll.dll
-c----w 713,216 2006-10-19 13:59:58 C:\WINDOWS\system32\dllcache\sxs.dll
-c----w 364,160 2007-04-23 10:14:23 C:\WINDOWS\system32\dllcache\update.sys
-c----w 185,344 2007-02-05 20:17:02 C:\WINDOWS\system32\dllcache\upnphost.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 578,048 2007-03-08 15:48:36 C:\WINDOWS\system32\dllcache\user32.dll
-c--a-w 765,952 2007-07-12 23:31:54 C:\WINDOWS\system32\dllcache\vgx.dll
-c--a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 333,824 2006-12-19 18:16:47 C:\WINDOWS\system32\dllcache\wiaservc.dll
-c----w 1,843,968 2007-03-08 13:49:49 C:\WINDOWS\system32\dllcache\win32k.sys
-c--a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
-c----w 292,864 2007-03-17 13:43:01 C:\WINDOWS\system32\dllcache\winsrv.dll
-c----w 132,096 2006-08-17 12:37:49 C:\WINDOWS\system32\dllcache\wkssvc.dll
-c----w 2,330,624 2006-12-07 04:14:51 C:\WINDOWS\system32\dllcache\wmvcore.dll
----a-w 189,712 2007-09-13 04:19:48 C:\WINDOWS\system32\drivers\klif.sys
----a-w 72,712 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfeavfk.sys
----a-w 34,184 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfebopk.sys
----a-w 171,240 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfehidk.sys
----a-w 52,200 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfetdik.sys
----a-w 574,976 2007-02-09 11:23:36 C:\WINDOWS\system32\drivers\ntfs.sys
----a-w 163,456 2006-10-13 10:39:12 C:\WINDOWS\system32\drivers\nwrdr.sys
----a-w 364,160 2007-04-23 10:14:23 C:\WINDOWS\system32\drivers\update.sys
----a-w 65,099 2007-10-14 04:42:25 C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin
----a-w 65,099 2007-10-14 04:42:45 C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin
----a-w 2,115,816 2007-06-11 20:34:34 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 190,696 2007-06-11 20:34:40 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
----a-w 45,218 2007-10-13 07:42:13 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
----a-w 36,680 2007-10-16 12:08:36 C:\WINDOWS\system32\Restore\rstrlog.dat
----a-w 33,624 2007-07-31 07:18:40 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
----a-w 43,352 2007-07-31 07:19:12 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
----a-w 82,432 2007-04-18 22:36:40 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
----a-w 1,275,392 2007-05-09 03:06:44 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
----a-w 74,802 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
----a-w 995,383 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
----a-w 1,011,774 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
----a-w 401,462 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
.
nishikamae
2007-10-16, 09:31
----a-w 7,970,816 2007-07-08 03:32:09 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 147,456 2007-07-08 03:32:09 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-r 102,400 2007-09-09 06:38:13 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w 41,984 2004-08-03 23:56:42 C:\WINDOWS\msagent\agentdp2.dll
----a-w 256,512 2004-08-03 23:56:48 C:\WINDOWS\msagent\agentsvr.exe
----a-w 498,205 2004-08-03 23:56:44 C:\WINDOWS\system32\dxmasf.dll
----a-w 131,584 2006-11-08 09:03:36 C:\WINDOWS\system32\extmgr.dll
----a-w 1,170,952 2007-09-17 08:42:55 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 54,784 2006-11-07 15:26:28 C:\WINDOWS\system32\ie4uinit.exe
----a-w 152,064 2006-11-07 15:26:56 C:\WINDOWS\system32\ieakeng.dll
----a-w 229,376 2006-11-07 15:27:02 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2006-11-07 15:25:14 C:\WINDOWS\system32\ieakui.dll
----a-w 382,976 2006-11-07 15:27:10 C:\WINDOWS\system32\iedkcs32.dll
----a-w 43,008 2006-11-07 15:26:28 C:\WINDOWS\system32\iernonce.dll
----a-w 13,312 2006-11-07 15:26:32 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,136 2006-11-08 09:03:36 C:\WINDOWS\system32\jsproxy.dll
----a-w 985,088 2006-07-05 10:57:10 C:\WINDOWS\system32\kernel32.dll
----a-w 721,920 2005-10-14 17:17:44 C:\WINDOWS\system32\lsasrv.dll
----a-w 39,936 2004-08-03 23:56:44 C:\WINDOWS\system32\mf3216.dll
----a-w 924,432 2001-08-23 13:00:00 C:\WINDOWS\system32\mfc40u.dll
----a-w 9,639,336 2006-10-04 20:03:45 C:\WINDOWS\system32\MRT.exe
----a-w 192,000 2006-10-18 01:05:10 C:\WINDOWS\system32\msrating.dll
----a-w 670,720 2006-11-08 09:03:36 C:\WINDOWS\system32\mstime.dll
----a-w 1,245,184 2006-09-13 05:51:42 C:\WINDOWS\system32\msxml4.dll
----a-w 1,334,032 2006-09-02 00:08:02 C:\WINDOWS\system32\msxml6.dll
----a-w 2,027,008 2006-03-16 09:09:40 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,147,840 2006-03-16 09:34:02 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 58,880 2001-08-23 13:00:00 C:\WINDOWS\system32\nwapi32.dll
----a-w 144,384 2004-08-03 23:56:46 C:\WINDOWS\system32\nwprovau.dll
----a-w 65,024 2005-10-12 17:21:04 C:\WINDOWS\system32\nwwks.dll
----a-w 101,376 2006-10-18 01:04:46 C:\WINDOWS\system32\occache.dll
----a-w 553,472 2004-08-03 23:56:46 C:\WINDOWS\system32\oleaut32.dll
----a-w 117,760 2001-08-23 13:00:00 C:\WINDOWS\system32\oledlg.dll
----a-w 278,528 2007-09-03 02:15:24 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5032.dll
----a-w 185,688 2007-09-03 02:15:31 C:\WINDOWS\system32\rmoc3260.dll
----a-w 144,896 2004-08-03 23:56:46 C:\WINDOWS\system32\schannel.dll
----a-w 246,302 2004-08-03 23:56:46 C:\WINDOWS\system32\strmdll.dll
----a-w 7,849 2007-10-12 06:26:24 C:\WINDOWS\system32\sulimo.dat
----a-w 185,344 2004-08-03 23:56:48 C:\WINDOWS\system32\upnphost.dll
----a-w 1,839,360 2005-11-08 23:13:40 C:\WINDOWS\system32\win32k.sys
----a-w 132,096 2004-08-03 23:56:48 C:\WINDOWS\system32\wkssvc.dll
----a-w 5,533,696 2006-04-11 19:35:02 C:\WINDOWS\system32\wmp.dll
----a-w 16,384 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
-c--a-w 123,904 2006-11-07 15:26:24 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2006-10-18 00:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 131,584 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 54,784 2006-11-07 15:26:28 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 152,064 2006-11-07 15:26:56 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 229,376 2006-11-07 15:27:02 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2006-11-07 15:25:14 C:\WINDOWS\system32\dllcache\ieakui.dll
-c--a-w 382,976 2006-11-07 15:27:10 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c--a-w 43,008 2006-11-07 15:26:28 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 622,080 2006-10-18 01:04:40 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 27,136 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 985,088 2006-07-05 10:57:10 C:\WINDOWS\system32\dllcache\kernel32.dll
-c--a-w 3,577,856 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 475,648 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 192,000 2006-10-18 01:05:10 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 670,720 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 1,084,416 2006-09-13 05:01:56 C:\WINDOWS\system32\dllcache\msxml3.dll
-c----w 336,896 2006-07-14 15:41:56 C:\WINDOWS\system32\dllcache\netapi32.dll
-c----w 101,376 2006-10-18 01:04:46 C:\WINDOWS\system32\dllcache\occache.dll
-c--a-w 8,453,632 2006-07-13 13:33:27 C:\WINDOWS\system32\dllcache\shell32.dll
-c----w 105,984 2006-10-18 01:05:22 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,162,240 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\urlmon.dll
-c--a-w 765,952 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\VGX.dll
-c--a-w 231,424 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 818,688 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\wininet.dll
----a-w 574,976 2005-11-28 20:19:58 C:\WINDOWS\system32\drivers\ntfs.sys
----a-w 163,584 2004-08-03 22:02:24 C:\WINDOWS\system32\drivers\nwrdr.sys
----a-w 209,280 2005-10-15 11:48:26 C:\WINDOWS\system32\drivers\update.sys
----a-w 2,078,344 2006-06-23 01:44:58 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 81,736 2007-10-12 06:53:50 C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
"Cmaudio"="cmicnfg.cpl" []
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [02/25/2006 11:41 AM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [08/06/2004 05:01 PM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/01/2006 05:22 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/06/2006 06:37 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"EzTruehitNews"="C:\Program Files\SmartAdviser\EZAD\svchost.exe" [08/04/2006 04:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [08/13/2007 08:50 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/12/2007 06:40 PM]
"C:\WINDOWS\Config\load.exe"="C:\WINDOWS\Config\load.exe" []
nishikamae
2007-10-16, 09:32
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 AM]
"UIWatcher"="C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [08/18/2006 06:48 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/04/2007 10:37 PM]
"viwc"="C:\WINDOWS\system32\viwc.exe" [06/26/2007 05:13 AM]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [06/25/2007 11:28 PM]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [06/21/2007 11:41 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"msnsc"=C:\WINDOWS\system32\msnsc.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2544-02-13 15:01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\sulimo.dat
R0 tcvso;tcvs;C:\WINDOWS\system32\DRIVERS\tcvso.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 SunkFilt62;Alcor Micro Corp - 6362;\??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys
S3 LRMINIPORT;LanRoad PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\lrpppoe.sys
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\qcusbser.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6bc398-7a1d-11dc-97bd-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c79e3d-6043-11dc-80e8-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 09:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-17 01:44:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-16 04:52:53 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD0036B7-583C-403A-8D07-416CC9A5A565}.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 14:21:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\winamp.ini
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\Wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log
C:\WINDOWS\WMFDist11Uninst.log
C:\WINDOWS\wmp
C:\WINDOWS\wmp11.log
C:\WINDOWS\wmp11Uninst.log
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\Wudf01000Inst.log
C:\WINDOWS\xlavra3.exe
C:\WINDOWS\xptools.ini
C:\WINDOWS\yhl.dll
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
C:\WINDOWS\_MSRSTRT.EXE
scan completed successfully
hidden files: 24
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\Config\\load.exe"="C:\\WINDOWS\\Config\\load.exe"
.
Completion time: 10/16/2007 14:23:22
C:\ComboFix2.txt ... 10/16/2007 12:43 AM
C:\ComboFix3.txt ... 10/14/2007 09:45 PM
.
--- E O F ---
nishikamae
2007-10-16, 09:33
Logfile of HijackThis v1.99.1
Scan saved at 14:37:11, on 16/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Hi
I have to say that your situation doesn't look good.
Some rootkits files have come back.
We can of course continue cleaning process if you like.
nishikamae
2007-10-16, 09:50
OH.. How bad is it . If i continue cleaning it's will cause everything worse
Hi
No but I can't guarantee that we get you clean.
If you like to continue, we must do further research.
nishikamae
2007-10-16, 15:39
I would like 2 continue cleanning . Thank You For Your Help Very Very Much
Hi
* Download GMER from
here (http://www.gmer.net/gmer.zip):
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.
Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.
nishikamae
2007-10-16, 16:47
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-10-16 21:49:19
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT d347bus.sys ZwClose
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwCreateFile
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwOpenFile
SSDT d347bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryDirectoryFile
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryInformationProcess
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwSetInformationFile
SSDT d347bus.sys ZwSetSystemPowerState
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRenameKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwTerminateProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution
Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection
---- Kernel code sections - GMER 1.0.13 ----
.text ntoskrnl.exe!ZwYieldExecution 80509014 7 Bytes JMP B8DD988E \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 805793A1 7 Bytes JMP B8DD9864 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtCreateFile 8057D3C4 5 Bytes JMP B8DD9850 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057E2A3 5 Bytes JMP B8DD98BA \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtMapViewOfSection 8057E71B 7 Bytes JMP B8DD98A4 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwSetValueKey 8057FF13 7 Bytes JMP B8DD9826 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwTerminateProcess 8058C399 5 Bytes JMP B8DD983C \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwDeleteValueKey 805969F3 7 Bytes JMP B8DD9810 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwDeleteKey 80598177 7 Bytes JMP B8DD97E4 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwCreateProcess 805C0BF0 5 Bytes JMP B8DD987A \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwRenameKey 8065410B 7 Bytes JMP B8DD97FA \SystemRoot\system32\drivers\mfehidk.sys
---- User code sections - GMER 1.0.13 ----
.text C:\WINDOWS\system32\svchost.exe[176] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A80FE5
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A80F77
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A80F92
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A8006C
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A80FAF
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A80051
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A800C9
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A800A2
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A80F55
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A80F66
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00A80109
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00A80FCA
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00A8000A
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00A80091
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00A8002C
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00A8001B
.text C:\WINDOWS\system32\svchost.exe[176] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00A800E4
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A70FDE
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A70F8D
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A70FEF
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A70025
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A70FA8
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A70FC3
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\svchost.exe[176] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A7004A
.text C:\Program Files\MSN Messenger\usnsvc.exe[504] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00650429
.text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004B0429
.text C:\WINDOWS\system32\winlogon.exe[576] WS2_32.dll!connect 71AB406A 5 Bytes JMP 004B0536
.text C:\WINDOWS\system32\winlogon.exe[576] WS2_32.dll!send 71AB428A 5 Bytes JMP 004B05E0
.text C:\WINDOWS\system32\winlogon.exe[576] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 004B0553
.text C:\WINDOWS\system32\services.exe[628] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 005B0429
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F70FEF
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F70F68
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F7005D
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F70040
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F70F8D
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F70FA8
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F7007A
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F70F32
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!
nishikamae
2007-10-16, 16:48
CreateProcessW 7C802332 5 Bytes JMP 00F700BA
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F7009F
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00F700CB
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00F7002F
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00F7000A
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00F70F4D
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00F70FB9
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\system32\services.exe[628] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00F70F17
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F6002C
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F6007A
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F6001B
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F60069
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F60058
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F60FE5
.text C:\WINDOWS\system32\services.exe[628] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F60047
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!connect 71AB406A 5 Bytes JMP 005B0536
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!send 71AB428A 5 Bytes JMP 005B05E0
.text C:\WINDOWS\system32\services.exe[628] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 005B0553
.text C:\WINDOWS\system32\services.exe[628] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00F40FEF
.text C:\WINDOWS\system32\services.exe[628] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00F40FDE
.text C:\WINDOWS\system32\services.exe[628] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00F40FC3
.text C:\WINDOWS\system32\services.exe[628] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00F40FB2
.text C:\WINDOWS\system32\lsass.exe[640] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EB0000
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00EB00BC
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00EB00A1
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EB0084
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EB0073
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00EB0047
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00EB0F8F
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00EB00D7
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EB00E8
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EB0F4F
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00EB0F3E
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00EB0058
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00EB0011
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00EB0FAC
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00EB0036
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00EB0FE5
.text C:\WINDOWS\system32\lsass.exe[640] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00EB0F6A
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00DF0FD4
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00DF006C
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00DF0FE5
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00DF001B
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00DF0051
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00DF0040
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00DF000A
.text C:\WINDOWS\system32\lsass.exe[640] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00DF0FB9
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00DC0FE5
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006B0536
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!send
71AB428A 5 Bytes JMP 006B05E0
.text C:\WINDOWS\system32\lsass.exe[640] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 006B0553
.text C:\WINDOWS\system32\lsass.exe[640] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00DD0FEF
.text C:\WINDOWS\system32\lsass.exe[640] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00DD0FDE
.text C:\WINDOWS\system32\lsass.exe[640] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00DD000A
.text C:\WINDOWS\system32\lsass.exe[640] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00DD001B
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B30FE5
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B30062
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B30F6D
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B30047
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B30F94
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B30FAF
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B30089
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B30F41
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B30F26
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B300B5
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00B30F01
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00B30036
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00B30F52
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00B3001B
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00B30FCA
.text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00B300A4
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B20040
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B200AC
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B2002F
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B20FEF
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B2009B
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B20076
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B2000A
.text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B20065
nishikamae
2007-10-16, 16:49
.text C:\WINDOWS\system32\svchost.exe[808] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AF0000
.text C:\WINDOWS\system32\svchost.exe[808] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006B0536
.text C:\WINDOWS\system32\svchost.exe[808] WS2_32.dll!send 71AB428A 5 Bytes JMP 006B05E0
.text C:\WINDOWS\system32\svchost.exe[808] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 006B0553
.text C:\WINDOWS\system32\svchost.exe[808] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[808] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00B00FDB
.text C:\WINDOWS\system32\svchost.exe[808] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00B00FCA
.text C:\WINDOWS\system32\svchost.exe[808] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00B00025
.text C:\WINDOWS\system32\svchost.exe[864] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CB0FEF
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CB0F66
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CB0F77
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CB0051
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CB0036
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CB0025
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CB009D
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CB0F55
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CB00C2
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CB0F29
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00CB0F0E
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00CB0F9E
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00CB0FDE
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00CB0076
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00CB0FB9
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00CB0014
.text C:\WINDOWS\system32\svchost.exe[864] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00CB0F44
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00CA0FE5
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00CA006C
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00CA0036
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00CA001B
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00CA0FAF
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00CA0051
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00CA000A
.text C:\WINDOWS\system32\svchost.exe[864] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00CA0FCA
.text C:\WINDOWS\system32\svchost.exe[864] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C7000A
.text C:\WINDOWS\system32\svchost.exe[864] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006B0536
.text C:\WINDOWS\system32\svchost.exe[864] WS2_32.dll!send 71AB428A 5 Bytes JMP 006B05E0
.text C:\WINDOWS\system32\svchost.exe[864] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 006B0553
.text C:\WINDOWS\system32\svchost.exe[864] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[864] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00C80014
.text C:\WINDOWS\system32\svchost.exe[864] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00C80025
.text C:\WINDOWS\system32\svchost.exe[864] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00C80FD4
.text C:\Program Files\Windows Defender\MsMpEng.exe[940] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00580429
.text C:\Program Files\Windows Defender\MsMpEng.exe[940] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00580536
.text C:\Program Files\Windows Defender\MsMpEng.exe[940] WS2_32.dll!send 71AB428A 5 Bytes JMP 005805E0
.text C:\Program Files\Windows Defender\MsMpEng.exe[940] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00580553
.text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01EF0000
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01EF0F52
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01EF0F6D
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01EF0051
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01EF0F94
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01EF0036
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01EF007F
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01EF0F37
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01EF009A
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01EF0F0B
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 01EF00AB
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 01EF0FAF
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01EF0011
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 01EF0062
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 01EF0FC0
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 01EF0FDB
.text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 01EF0F1C
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01EE0022
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01EE0047
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01EE0011
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01EE0000
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01EE0F8A
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01EE0F9B
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01EE0FEF
.text C:\WINDOWS\System32\svchost.exe[1016] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01EE0FB6
.text C:\WINDOWS\System32\svchost.exe[1016] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01CF000A
.text C:\WINDOWS\System32\svchost.exe[1016] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006B0536
.text C:\WINDOWS\System32\svchost.exe[1016] WS2_32.dll!send 71AB428A 5 Bytes JMP 006B05E0
.text C:\WINDOWS\System32\svchost.exe[1016] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 006B0553
.text C:\WINDOWS\System32\svchost.exe[1016] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 01D00FEF
.text C:\WINDOWS\System32\svchost.exe[1016] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 01D00FD4
.text C:\WINDOWS\System32\svchost.exe[1016] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 01D00014
.text C:\WINDOWS\System32\svchost.exe[1016] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 01D00FC3
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AD0F7C
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AD007B
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AD0F97
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AD004A
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AD0FB2
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AD00A9
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AD0098
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AD0F32
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AD00CB
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00AD00E6
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00AD0039
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00AD0F61
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00AD0FC3
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00AD0FDE
.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00AD00BA
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00AC0036
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00AC0F83
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00AC001B
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00AC0F94
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00AC0FAF
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00AC0FC0
.text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A90FEF
.text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006B0536
.text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!send 71AB428A 5 Bytes JMP 006B05E0
.text C:\WINDOWS\system32\svchost.exe[1140] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 006B0553
.text C:\WINDOWS\system32\svchost.exe[1140] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[1140] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00AA0FD4
.text C:\WINDOWS\system32\svchost.exe[1140] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00AA0FC3
.text C:\WINDOWS\system32\svchost.exe[1140] wininet.dll!InternetOpenUrlW
nishikamae
2007-10-16, 16:50
77215A51 5 Bytes JMP 00AA0FA8
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006B0429
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B60F4E
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B60F5F
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B60F7C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B60F8D
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B60FB9
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B60F2C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B60F3D
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B600AA
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B60099
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00B600BB
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00B60FA8
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00B60FE5
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes J
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00B60025
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00B60FD4
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 00B60F1B
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A40036
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A4008E
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A4001B
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A4000A
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A4007D
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A4006C
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A40051
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!connect 71AB406A 5 Bytes JMP 006B0536
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!send 71AB428A 5 Bytes JMP 006B05E0
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 006B0553
.text C:\WINDOWS\system32\svchost.exe[1212] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1212] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 00A20FD4
.text C:\WINDOWS\system32\svchost.exe[1212] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 00A20FC3
.text C:\WINDOWS\system32\svchost.exe[1212] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 00A20FA8
.text C:\WINDOWS\system32\spoolsv.exe[1332] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00930429
.text C:\WINDOWS\system32\spoolsv.exe[1332] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00930536
.text C:\WINDOWS\system32\spoolsv.exe[1332] WS2_32.dll!send 71AB428A 5 Bytes JMP 009305E0
.text C:\WINDOWS\system32\spoolsv.exe[1332] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00930553
.text C:\Documents and Settings\user\Desktop\gmer.exe[1344] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A00429
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00250FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00250F74
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00250073
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00250062
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00250FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00250FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00250F43
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00250095
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 002500D2
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 002500B7
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00250F28
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00250051
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 00250014
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00250084
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 00250040
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 0025002F
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 002500A6
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00340FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0034006C
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0034002C
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0034001B
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00340051
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00340FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00340000
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00340FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!DialogBoxParamW 77D5737A 5 Bytes JMP 00C55415 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!DialogBoxIndirectParamW 77D6204B 5 Bytes JMP 00DEC510 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!MessageBoxIndirectA 77D6A062 5 Bytes JMP 00DEC491 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!DialogBoxParamA 77D6B124 5 Bytes JMP 00DEC4D5 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!MessageBoxExW 77D80540 5 Bytes JMP 00DEC3D9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!MessageBoxExA 77D80564 5 Bytes JMP 00DEC413 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!DialogBoxIndirectParamA 77D86CB5 5 Bytes JMP 00DEC54B C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] USER32.dll!MessageBoxIndirectW 77D9609B 5 Bytes JMP 00DEC44D C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 01F10000
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 01F10FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 01F10FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 01F10FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 024E0000
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ws2_32.dll!connect 71AB406A 5 Bytes JMP 003C0536
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ws2_32.dll!send 71AB428A 5 Bytes JMP 003C05E0
.text C:\Program Files\Internet Explorer\iexplore.exe[1368] ws2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 003C0553
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1440] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00680429
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1440] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00680536
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1440] WS2_32.dll!send 71AB428A 5 Bytes JMP 006805E0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1440] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00680553 MP 00B6005E
nishikamae
2007-10-16, 16:51
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00710429
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01B50FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01B50F69
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01B50F7A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01B50054
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01B50F97
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01B50FB2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01B50F3D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01B50F4E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01B500CC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01B500BB
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 01B500DD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 01B50039
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 01B50FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 01B50079
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 01B5001E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 01B50FCD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 01B500AA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01B40FAF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01B40F8A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01B40FCA
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01B40000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01B40051
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01B40036
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01B40FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01B4001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01B1000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00710536
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] WS2_32.dll!send 71AB428A 5 Bytes JMP 007105E0
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00710553
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 01B20FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 01B20FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 01B20FC3
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1512] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 01B20014
.text C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[1568] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00690429
.text C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[1568] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00690536
.text C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[1568] WS2_32.dll!send 71AB428A 5 Bytes JMP 006905E0
.text C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe[1568] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00690553
.text C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe[1620] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00700429
.text C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe[1620] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00700536
.text C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe[1620] WS2_32.dll!send 71AB428A 5 Bytes JMP 007005E0
.text C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe[1620] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00700553
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00710429
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateFileA 7C801A24 3 Bytes JMP 010C0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateFileA + 4 7C801A28 1 Byte [ 84 ]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!VirtualProtectEx 7C801A5D 1 Byte [ E9 ]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!VirtualProtectEx + 2 7C801A5F 1 Byte [ F4 ]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!VirtualProtectEx + 4 7C801A61 1 Byte [ 84 ]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!VirtualProtect 7C801AD0 3 Bytes JMP 010C0F72
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!VirtualProtect + 4 7C801AD4 1 Byte [ 84 ]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 010C004C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryExA 7C801D4F 3 Bytes JMP 010C0F83
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryExA + 4 7C801D53 1 Byte [ 84 ]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryA 7C801D77 3 Bytes JMP 010C0FB9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryA + 4 7C801D7B 1 Byte [ 84 ]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!GetStartupInfoW 7C801E50 3 Bytes JMP 010C0F35
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!GetStartupInfoW + 4 7C801E54 1 Byte [ 84 ]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 010C007D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateProcessW 7C802332 3 Bytes JMP 010C00BA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateProcessW + 4 7C802336 1 Byte [ 84 ]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateProcessA 7C802367 3 Bytes JMP 010C00A9
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateProcessA + 4 7C80236B 1 Byte [ 84 ]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!GetProcAddress 7C80ADC0 3 Bytes JMP 010C0F06
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!GetProcAddress + 4 7C80ADC4 1 Byte [ 84 ]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryW 7C80AE6B 3 Bytes JMP 010C0F9E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!LoadLibraryW + 4 7C80AE6F 1 Byte [ 84 ]
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 010C001B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 010C0F50
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 010C0FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 010C0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 010C008E
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 010B0036
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 010B0062
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 010B0025
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 010B0FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 010B0FA5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 010B0FC0
.text C:\Program Files\McAfee\Common
nishikamae
2007-10-16, 16:53
Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 010B000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 010B0047
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01080000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00710536
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] WS2_32.dll!send 71AB428A 5 Bytes JMP 007105E0
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00710553
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] wininet.dll!InternetOpenA 771CA6DD 5 Bytes JMP 0109000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] wininet.dll!InternetOpenW 771CAFC2 5 Bytes JMP 01090FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] wininet.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 01090FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1632] wininet.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 01090025
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1668] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009C0429
.text C:\WINDOWS\system32\nvsvc32.exe[1940] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00720429
.text C:\WINDOWS\system32\nvsvc32.exe[1940] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00720536
.text C:\WINDOWS\system32\nvsvc32.exe[1940] WS2_32.dll!send 71AB428A 5 Bytes JMP 007205E0
.text C:\WINDOWS\system32\nvsvc32.exe[1940] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00720553
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1976] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009A0429
.text C:\WINDOWS\System32\alg.exe[2088] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 005B0429
.text C:\WINDOWS\System32\alg.exe[2088] WS2_32.dll!connect 71AB406A 5 Bytes JMP 005B0536
.text C:\WINDOWS\System32\alg.exe[2088] WS2_32.dll!send 71AB428A 5 Bytes JMP 005B05E0
.text C:\WINDOWS\System32\alg.exe[2088] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 005B0553
.text C:\Program Files\iPod\bin\iPodService.exe[2736] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00690429
.text C:\Program Files\iTunes\iTunes.exe[2924] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003B0429
.text C:\Program Files\iTunes\iTunes.exe[2924] WS2_32.dll!connect 71AB406A 5 Bytes JMP 003B0536
.text C:\Program Files\iTunes\iTunes.exe[2924] WS2_32.dll!send 71AB428A 5 Bytes JMP 003B05E0
.text C:\Program Files\iTunes\iTunes.exe[2924] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 003B0553
.text C:\WINDOWS\Explorer.EXE[3148] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00990429
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0087
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A006C
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F92
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FC0
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0098
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F50
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00D8
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F35
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 001A0F1A
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 001A0051
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 001A0F77
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 001A002C
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 001A0FDB
.text C:\WINDOWS\Explorer.EXE[3148] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 001A00B3
.text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FC3
.text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0029005E
.text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290FDE
.text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290FA1
.text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290043
.text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290FEF
.text C:\WINDOWS\Explorer.EXE[3148] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FB2
.text C:\WINDOWS\Explorer.EXE[3148] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 002C0FEF
.text C:\WINDOWS\Explorer.EXE[3148] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 002C0FDE
.text C:\WINDOWS\Explorer.EXE[3148] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 002C000A
.text C:\WINDOWS\Explorer.EXE[3148] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 002C0FB9
.text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 015B0000
.text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00990536
.text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!send 71AB428A 5 Bytes JMP 009905E0
.text C:\WINDOWS\Explorer.EXE[3148] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00990553
.text C:\WINDOWS\system32\wuauclt.exe[3224] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00880429
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B000A
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0082
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F97
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0FA8
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0FB9
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0047
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F68
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B00B0
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B00D2
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0F39
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 001B00ED
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 001B0FCA
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreateFileW 7C810780 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 001B0093
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 001B0036
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 001B0025
.text C:\WINDOWS\system32\wuauclt.exe[3224] kernel32.dll!WinExec 7C8615B5 5 Bytes JMP 001B00C1
.text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 002B002C
.text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 002B0F91
.text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 002B001B
.text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 002B004E
.text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 002B0FAC
.text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 002B000A
.text C:\WINDOWS\system32\wuauclt.exe[3224] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 002B003D
.text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[3516] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00890429
.text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[3552] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009A0429
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[3560] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003B0429
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[3560] WS2_32.dll!connect 71AB406A 5 Bytes JMP 003B0536
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[3560] WS2_32.dll!send 71AB428A 5 Bytes JMP 003B05E0
.text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[3560] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 003B0553
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3588] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003A0429
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A20429
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 00250FE5
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00250058
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00250F63
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00250F7E
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00250047
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00250FA5
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00250F1A
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00250F35
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 00250087
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00250EEE
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!GetProcAddress 7C80ADC0 5 Bytes JMP 00250ED3
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!LoadLibraryW 7C80AE6B 5 Bytes JMP 00250036
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll! 71AB3B91 5 Bytes JMP 01CE0FEF
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ws2_32.dll!connect 71AB406A 5
nishikamae
2007-10-16, 16:53
CreateFileW 7C810780 5 Bytes JMP 00250FCA
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!CreatePipe 7C81D7AF 5 Bytes JMP 00250F52
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!CreateNamedPipeW 7C82F034 5 Bytes JMP 0025001B
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!CreateNamedPipeA 7C85FE74 5 Bytes JMP 00250000
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] KERNEL32.dll!WinExec 7C8615B5 5 Bytes JMP 00250F09
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 003A0FC7
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 003A0F80
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 003A0022
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 003A0011
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 003A0F91
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 003A0FAC
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 003A0000
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 003A0033
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] WININET.dll!InternetOpenA 771CA6DD 5 Bytes JMP 01CB0FE5
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] WININET.dll!InternetOpenW 771CAFC2 5 Bytes JMP 01CB0FD4
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] WININET.dll!InternetOpenUrlA 771CC8BD 5 Bytes JMP 01CB0FB9
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] WININET.dll!InternetOpenUrlW 77215A51 5 Bytes JMP 01CB0FA8
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ws2_32.dll!socket
Bytes JMP 00A20536
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ws2_32.dll!send 71AB428A 5 Bytes JMP 00A205E0
.text C:\Program Files\SmartAdviser\EZAD\svchost.exe[3644] ws2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00A20553
.text C:\Program Files\QuickTime\QTTask.exe[3664] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009C0429
.text C:\Program Files\iTunes\iTunesHelper.exe[3676] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C0429
.text C:\Program Files\iTunes\iTunesHelper.exe[3676] WS2_32.dll!connect 71AB406A 5 Bytes JMP 003C0536
.text C:\Program Files\iTunes\iTunesHelper.exe[3676] WS2_32.dll!send 71AB428A 5 Bytes JMP 003C05E0
.text C:\Program Files\iTunes\iTunesHelper.exe[3676] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 003C0553
.text C:\Program Files\McAfee\Common Framework\McTray.exe[3704] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00990429
.text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[3740] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003A0429
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3780] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003A0429
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3780] WS2_32.dll!connect 71AB406A 5 Bytes JMP 003A0536
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3780] WS2_32.dll!send 71AB428A 5 Bytes JMP 003A05E0
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3780] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 003A0553
.text C:\WINDOWS\system32\ctfmon.exe[3868] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00860429
.text C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[3892] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00E80429
.text C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[3892] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00E80536
.text C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[3892] WS2_32.dll!send 71AB428A 5 Bytes JMP 00E805E0
.text C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe[3892] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 00E80553
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3928] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D0429
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3928] WS2_32.dll!connect 71AB406A 5 Bytes JMP 003D0536
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3928] WS2_32.dll!send 71AB428A 5 Bytes JMP 003D05E0
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3928] WS2_32.dll!WSAConnect 71AC0C69 5 Bytes JMP 003D0553
.text C:\Program Files\ViOrb\ViOrb.exe[3980] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009A0429
.text C:\Program Files\ViStart\ViStart.exe[3992] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003A0429
---- User IAT/EAT - GMER 1.0.13 ----
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
IAT C:\WINDOWS\Explorer.EXE[3148] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINDOWS\system32\ShimEng.dll
nishikamae
2007-10-16, 16:54
---- Devices - GMER 1.0.13 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 83B60908
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B8DDB0D1] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B8DDB0D1] mfehidk.sys
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8354E830
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F7885AD0] mfetdik.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F7885AD0] mfetdik.sys
---- Modules - GMER 1.0.13 ----
Module _________ F763F000-F7657000 (98304 bytes)
---- EOF - GMER 1.0.13 ----
Hi
Scan this in jotti as before and post back results.
C:\Program Files\SmartAdviser\EZAD\svchost.exe
nishikamae
2007-10-16, 17:24
Scanner results
Scan taken on 16 Oct 2007 15:21:29 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Hi
Do you recognize this program?
C:\Program Files\SmartAdviser\EZAD\svchost.exe
nishikamae
2007-10-16, 18:47
Yes .. That is a calculator programe i don't use it anymore u can delete it if it have to
Hi
Ok, then we leave it alone.
1. Please download The Avenger (http://swandog46.geekstogo.com/avenger.zip) by Swandog46 to your Desktop. Click on Avenger.zip to open the file Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Files to delete:
C:\WINDOWS\xlavra3.exe
C:\WINDOWS\dravic.exe
C:\WINDOWS\system32\lasse.exe
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
Under "Script file to execute" choose "Input Script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply
nishikamae
2007-10-16, 19:16
while the avenger was running after reboot computer (not twice) on black command window it's had a pop up about can't reach the sourse drive or somthing i'm not sure tried 2 answer try again too many time but it did''t work so i answer continue 6 time and then the program creat a log file thank you
Here is a log file
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ebbsnsdv
*******************
Script file located at: \??\C:\WINDOWS\wggjebdq.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\xlavra3.exe deleted successfully.
File C:\WINDOWS\dravic.exe deleted successfully.
File C:\WINDOWS\system32\lasse.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Completed script processing.
*******************
Finished! Terminate.
nishikamae
2007-10-16, 19:18
Logfile of HijackThis v1.99.1
Scan saved at 0:22:18, on 17/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Hi
At least HjT log looks good now :)
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
nishikamae
2007-10-16, 19:23
:laugh: Oh It's good to hear that now i'm downloading Dr.Web CureIt file it will take a while thank you so much
nishikamae
2007-10-16, 19:43
I Run Dr.Web CureIt and then it start express scan for a while till it finished and the messege no virus show up on the below i don't know how 2 do like u told cause it's doen't going like u said so i close the program and then my desktop are blue and no respond 2 any click so i have 2 use tsk bar 2 restart it
nishikamae
2007-10-16, 19:44
what should i do thank you
Hi and sorry for delay
Does all other programs work normally?
nishikamae
2007-10-18, 13:28
All Program work normally
Hi
Then do this:
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post:
- a fresh HijackThis log
- kaspersky report
nishikamae
2007-10-18, 18:09
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 18, 2007 11:11:33 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/10/2007
Kaspersky Anti-Virus database records: 438779
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan Statistics:
Total number of scanned objects: 94298
Number of viruses found: 17
Number of infected objects: 40
Number of suspicious objects: 0
Duration of the scan process: 01:59:09
Infected Object Name / Virus Name / Last Action
C:\avenger\backup.zip/avenger/dravic.exe Infected: Trojan.Win32.Pakes.sb skipped
C:\avenger\backup.zip/avenger/xlavra3.exe Infected: Trojan-Downloader.Win32.Agent.eao skipped
C:\avenger\backup.zip ZIP: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_HOME.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_HOME.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10252006-235436.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Word\การบันทึกการกู้คืนอัตโนมัติของ เอกสาร1.asd Object is locked skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\41\529ea6e9-5159489a/OP.class Infected: Trojan-Downloader.Java.OpenStream.ab skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\41\529ea6e9-5159489a ZIP: infected - 1 skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Desktop\Fix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user\Desktop\Fix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user\Desktop\Fix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012007101820071019\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\NAILogs\UpdaterUI_HOME.log Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF5AE.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF5E2.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF72D3.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF8566.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DFB431.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DFCDF4.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~WRS0000.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\user\ntuser.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\user\dodolook020.exe.vir/data0003/data0001 Infected: not-a-virus:AdWare.Win32.Cinmus.po skipped
C:\QooBox\Quarantine\C\Documents and Settings\user\dodolook020.exe.vir/data0003/data0004 Infected: not-a-virus:AdWare.Win32.Cinmus.j skipped
C:\QooBox\Quarantine\C\Documents and Settings\user\dodolook020.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.Cinmus.j skipped
C:\QooBox\Quarantine\C\Documents and Settings\user\dodolook020.exe.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\WINDOWS\chkdsk32_.exe.vir Infected: Trojan-Downloader.Win32.VB.bai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\runtime2.sys.vir Infected: Rootkit.Win32.Agent.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pskill.exe.vir Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sulimo.dat.vir Infected: not-virus:Hoax.Win32.Renos.lq skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP525\A0090726.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP536\A0092482.exe Infected: not-a-virus:RiskTool.Win32.Deleter.b skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP542\A0092800.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP546\A0092967.exe Infected: Trojan-Downloader.Win32.Agent.dyn skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP548\A0093072.exe Infected: Trojan-Downloader.Win32.Agent.dyn skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP556\A0097604.exe/data0000.cab/sndmon32.exe Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP556\A0097604.exe/data0000.cab Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP556\A0097604.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP561\A0098712.exe Infected: Trojan-Downloader.Win32.VB.bai skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP561\A0098716.exe/data0000.cab/sndmon32.exe Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP561\A0098716.exe/data0000.cab Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP561\A0098716.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP563\A0099857.exe/data0000.cab/sndmon32.exe Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP563\A0099857.exe/data0000.cab Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP563\A0099857.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP566\A0101465.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP566\A0101465.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP566\A0101466.exe Infected: Trojan-Downloader.Win32.Small.fxy skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP567\A0103623.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP567\A0103624.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP577\A0106173.sys Infected: Rootkit.Win32.Agent.jp skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP579\A0106376.exe Infected: Trojan.Win32.Pakes.sb skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP579\A0106378.exe Infected: Trojan-Downloader.Win32.Agent.eao skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP582\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3BD38B82-6EC7-4DF4-A45E-61014CECB2DA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\sulimo.dat Infected: not-virus:Hoax.Win32.Renos.lq skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP582\change.log Object is locked skipped
Scan process completed.
nishikamae
2007-10-18, 18:18
Logfile of HijackThis v1.99.1
Scan saved at 23:22:53, on 18/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\nishikamae.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Hi
Empty these folders:
C:\avenger\
C:\QooBox\Quarantine
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0
Delete this:
C:\WINDOWS\system32\sulimo.dat
Empty Recycle Bin
Re-run combofix
Post:
- a fresh HijackThis log
- combofix report
nishikamae
2007-10-18, 19:56
ComboFix 07-10-11.1 - user 10/19/2007 0:55:52.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.290 [GMT -12:00]
Running from: C:\Documents and Settings\user\Desktop\Fix\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\user\Desktop\internet.lnk
.
((((((((((((((((((((((((( Files Created from 2007-09-19 to 2007-10-19 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-19 12:58 4,640 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-19 12:58 100,384 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-19 08:06 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-19 08:06 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-19 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-19 04:05 --------- d-----w C:\Program Files\ViStart
2007-10-19 03:58 --------- d-----w C:\Documents and Settings\user\Application Data\MegauploadToolbar
2007-10-18 12:26 45 ----a-w C:\Program Files\Log.txt
2007-10-18 12:24 109 ----a-w C:\Program Files\AudiLog.txt
2007-10-16 11:48 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-15 15:47 153,642 ----a-w C:\Installer.exe
2007-10-14 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 02:50 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-13 08:16 4 ----a-w C:\Program Files\VERSION.CFG
2007-10-13 08:16 --------- d-----w C:\Program Files\ABM
2007-10-13 07:28 --------- d-----w C:\Program Files\Opera
2007-10-13 07:27 --------- d-----w C:\Program Files\Netscape
2007-10-13 06:59 --------- d-----w C:\Documents and Settings\user\Application Data\Netscape
2007-10-13 06:46 --------- d-----w C:\Program Files\Viewpoint
2007-10-13 06:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 06:44 --------- d-----w C:\Program Files\Java
2007-10-13 06:42 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-13 06:41 --------- d-----w C:\Program Files\Common Files\Real
2007-10-13 06:40 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-13 06:40 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-13 05:59 --------- d-----w C:\Program Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-13 04:41 88,205 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-13 04:41 84,621 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-13 04:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-13 04:35 --------- d-----w C:\Program Files\Camfrog
2007-10-13 04:29 --------- d-----w C:\Program Files\Lavasoft
2007-10-13 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-12 12:26 3,606 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-11 03:31 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
2007-10-10 06:41 1,354,240 ----a-w C:\Program Files\Audition.exe
2007-10-08 11:53 --------- d-----w C:\Program Files\DATA
2007-10-08 11:52 --------- d-----w C:\Program Files\SCRIPT
2007-10-01 02:56 --------- d-----w C:\Program Files\WinPcap
2007-10-01 02:56 --------- d-----w C:\Documents and Settings\user\Application Data\Orbit
2007-10-01 01:24 --------- d-----w C:\Program Files\IE7Pro
2007-10-01 01:24 --------- d-----w C:\Documents and Settings\user\Application Data\IE7pro
2007-09-21 08:52 13,924 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-09-18 10:59 465,816 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-09-17 08:55 --------- d-----w C:\Documents and Settings\user\Application Data\ViStart
2007-09-17 08:37 --------- d-----w C:\Program Files\VisualTooltip
2007-09-17 08:37 --------- d-----w C:\Program Files\Vista Sidebar
2007-09-17 08:37 --------- d-----w C:\Program Files\ViOrb
2007-09-17 08:37 --------- d-----w C:\Program Files\Styler
2007-09-17 08:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 08:37 --------- d-----w C:\Program Files\LClock
2007-09-17 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-17 08:05 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-09-17 07:51 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft
2007-09-17 07:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-09 06:38 --------- d-----w C:\Program Files\iTunes
2007-09-09 06:37 --------- d-----w C:\Program Files\iPod
2007-09-09 06:36 --------- d-----w C:\Program Files\Apple Software Update
2007-09-08 08:50 64,168 ----a-w C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-09-05 09:34 --------- d-----w C:\Program Files\Google
2007-09-03 23:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-03 13:58 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-03 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-03 02:16 --------- d-----w C:\Program Files\Real
2007-08-25 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-08-23 06:12 --------- d-----w C:\Program Files\AML Products
2007-08-20 13:50 --------- d-----w C:\Program Files\thriXXX
2007-08-19 01:47 --------- d-----w C:\Program Files\MegauploadToolbar
2007-07-31 07:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 07:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 07:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 07:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 07:19 43,352 ----a-w C:\WINDOWS\system32\wups2(2)(2).dll
2007-07-31 07:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 07:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 07:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 07:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 07:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 07:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 07:18 33,624 ----a-w C:\WINDOWS\system32\wups(2)(2).dll
2007-03-28 06:16 462,848 ----a-w C:\Program Files\patcher.exe
2006-07-21 08:15 361 ----a-w C:\Program Files\AX.bat
2005-12-26 11:48 294 ----a-w C:\Program Files\macro.txt
2005-12-23 14:45 102,400 ----a-w C:\Program Files\TaskKeyHookWD.dll
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp2.dat
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp.dat
2005-10-13 10:37 8,038 ----a-w C:\Program Files\icon4.ico
2005-10-13 10:31 7,782 ----a-w C:\Program Files\icon3.ico
2004-11-10 05:31 372,736 ----a-w C:\Program Files\ijl15.dll
2004-10-18 08:04 161,280 ----a-w C:\Program Files\fmod.dll
2001-11-23 23:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
nishikamae
2007-10-18, 19:58
.
((((((((((((((((((((((((((((( snapshot@Fri 10-12-2007_ 0.48.34.32 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,429,504 2005-10-15 09:07:16 C:\WINDOWS\explorer(2).exe
----a-w 585,791 2007-10-17 09:47:37 C:\WINDOWS\gmer.dll
----a-w 581,632 2007-06-29 21:38:18 C:\WINDOWS\gmer.exe
----a-w 10,191 2007-10-13 06:46:10 C:\WINDOWS\mozver.dat
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
----a-w 539,136 2006-11-27 15:17:10 C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
----a-w 433,664 2006-11-27 15:17:10 C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
----a-w 549,888 2007-05-17 11:25:21 C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe
----a-w 122,880 2006-10-16 17:14:17 C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
----a-w 536,576 2006-12-26 13:18:55 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
----a-w 180,224 2006-12-26 13:18:55 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
----a-w 200,704 2006-12-26 17:18:56 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
----a-w 102,400 2006-12-26 13:18:55 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB927802\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe
----a-w 333,824 2006-12-19 18:47:14 C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spuninst.exe
----a-w 2,854,400 2007-04-18 16:14:43 C:\WINDOWS\$hf_mig$\KB927891\SP2QFE\msi31.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
----a-w 8,458,752 2006-12-19 21:50:10 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
----a-w 135,168 2006-12-19 21:50:10 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
----a-w 248,320 2006-12-19 16:10:56 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\xpsp3res.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB928843\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB928843\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB928843\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
----a-w 292,864 2007-03-17 13:45:03 C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
----a-w 185,344 2007-02-05 20:19:14 C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe
----a-w 2,137,600 2007-02-28 09:53:04 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
----a-w 2,059,392 2007-02-28 13:15:58 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
----a-w 2,017,280 2007-02-28 09:15:59 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:21 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe
----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
----a-w 144,896 2007-04-25 20:32:22 C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
----a-w 1,104,896 2007-06-26 06:06:12 C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
----a-w 765,952 2007-07-12 23:28:55 C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
-c----w 537,088 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB918118$\msftedit.dll
-c----w 431,616 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB918118$\riched20.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB918118$\spuninst\updspapi.dll
-c----w 41,984 2004-08-03 23:56:42 C:\WINDOWS\$NtUninstallKB920213$\agentdp2.dll
-c----w 57,344 2005-10-13 21:35:58 C:\WINDOWS\$NtUninstallKB920213$\agentdpv.dll
-c----w 256,512 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe
-c----w 90,624 2006-06-23 08:47:05 C:\WINDOWS\$NtUninstallKB920213$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB920213$\spuninst\updspapi.dll
-c----w 553,472 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB921503$\oleaut32.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB921503$\spuninst\updspapi.dll
-c----w 2,330,624 2005-11-06 21:13:34 C:\WINDOWS\$NtUninstallKB923689$\wmvcore.dll
-c----w 213,216 2005-06-28 17:23:24 C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 17:23:53 C:\WINDOWS\$NtUninstallKB923689$\spuninst\updspapi.dll
-c----w 58,880 2001-08-23 13:00:00 C:\WINDOWS\$NtUninstallKB923980$\nwapi32.dll
-c----w 144,384 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll
-c----w 163,584 2004-08-03 22:02:24 C:\WINDOWS\$NtUninstallKB923980$\nwrdr.sys
-c----w 65,024 2005-10-12 17:21:04 C:\WINDOWS\$NtUninstallKB923980$\nwwks.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB923980$\spuninst\updspapi.dll
-c----w 721,920 2005-10-14 17:17:44 C:\WINDOWS\$NtUninstallKB924270$\lsasrv.dll
-c----w 336,896 2006-07-14 15:41:56 C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll
-c----w 132,096 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB924270$\wkssvc.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB924270$\spuninst\updspapi.dll
-c----w 924,432 2001-08-23 13:00:00 C:\WINDOWS\$NtUninstallKB924667$\mfc40u.dll
-c----w 1,024,000 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB924667$\mfc42u.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB924667$\spuninst\updspapi.dll
-c----w 498,205 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB925398_WMP64$\dxmasf.dll
-c----w 246,302 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB925398_WMP64$\strmdll.dll
-c----w 213,216 2005-06-28 22:23:26 C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 22:23:54 C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\updspapi.dll
-c----w 280,064 2006-01-16 21:39:16 C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll
-c----w 39,936 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll
-c----w 577,024 2005-10-13 21:36:14 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
-c----w 1,839,360 2005-11-08 23:13:40 C:\WINDOWS\$NtUninstallKB925902$\win32k.sys
-c----w 213,216 2006-01-19 19:29:19
nishikamae
2007-10-18, 19:59
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB925902$\spuninst\updspapi.dll
-c----w 819,200 2005-05-23 15:48:52 C:\WINDOWS\$NtUninstallKB926251$\setup_wm.exe
-c----w 213,216 2005-06-28 22:23:26 C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 22:23:54 C:\WINDOWS\$NtUninstallKB926251$\spuninst\updspapi.dll
-c----w 713,216 2005-11-23 17:41:46 C:\WINDOWS\$NtUninstallKB926255$\sxs.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926255$\spuninst\updspapi.dll
-c----w 117,760 2001-08-23 13:00:00 C:\WINDOWS\$NtUninstallKB926436$\oledlg.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926436$\spuninst\updspapi.dll
-c----w 536,576 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msado15.dll
-c----w 180,224 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msadomd.dll
-c----w 200,704 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msadox.dll
-c----w 102,400 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msjro.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927779$\spuninst\updspapi.dll
-c----w 333,312 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB927802$\wiaservc.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB927802$\spuninst\updspapi.dll
-c----w 2,890,240 2006-02-21 17:22:12 C:\WINDOWS\$NtUninstallKB927891$\msi.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\updspapi.dll
-c----w 28,024,832 2006-07-13 13:33:28 C:\WINDOWS\$NtUninstallKB928255$\shell32.dll
-c----w 134,656 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB928255$\shsvcs.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB928255$\spuninst\updspapi.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB928843$\spuninst\updspapi.dll
-c----w 430,080 2006-04-09 13:35:50 C:\WINDOWS\$NtUninstallKB930178$\winsrv.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB930178$\spuninst\updspapi.dll
-c----w 574,976 2005-11-28 20:19:58 C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB930916$\spuninst\updspapi.dll
-c----w 185,344 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB931261$\upnphost.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931261$\spuninst\updspapi.dll
-c----w 2,027,008 2006-03-16 09:09:40 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
-c----w 2,147,840 2006-03-16 09:34:02 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931784$\spuninst\updspapi.dll
-c----w 57,344 2006-10-12 13:54:18 C:\WINDOWS\$NtUninstallKB932168$\agentdpv.dll
-c----w 57,344 2006-10-12 13:54:18 C:\WINDOWS\$NtUninstallKB932168$\agentdpv.dll.000
-c----w 248,320 2006-10-16 10:29:15 C:\WINDOWS\$NtUninstallKB932168$\xpsp3res.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB932168$\spuninst\updspapi.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933360$\spuninst\updspapi.dll
-c----w 582,144 2006-01-16 21:39:34 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 985,088 2006-07-05 10:57:10 C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB935839$\spuninst\updspapi.dll
-c----w 144,896 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB935840$\schannel.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB935840$\spuninst\updspapi.dll
-c----w 1,084,416 2006-09-13 05:01:56 C:\WINDOWS\$NtUninstallKB936021$\msxml3.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB936021$\spuninst\updspapi.dll
-c----w 209,280 2005-10-15 11:48:26 C:\WINDOWS\$NtUninstallKB936357$\update.sys
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB936357$\spuninst\updspapi.dll
-c----w 5,533,696 2006-04-11 19:35:02 C:\WINDOWS\$NtUninstallKB936782_WMP10$\wmp.dll
-c----w 213,216 2005-06-28 22:23:26 C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 22:23:54 C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\updspapi.dll
-c----w 1,429,504 2005-10-15 09:07:16 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB938828$\spuninst\updspapi.dll
-c----w 282,112 2007-03-08 15:48:36 C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll
-c----w 282,112 2007-03-08 15:48:36 C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll.000
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB938829$\spuninst\updspapi.dll
-c----w 679,424 2006-04-11 16:33:42 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:39 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:47 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
----a-w 516,096 2006-05-25 07:17:22 C:\WINDOWS\Downloaded Program Files\ThaiGameStart.dll
------w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
------w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
----a-w 163,328 2007-10-16 02:38:55 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 10,686,464 2007-10-16 11:03:32 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
----a-w 208,896 2007-10-16 11:03:32 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-10-16 02:38:55 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 10,686,464 2007-10-16 11:03:14 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
----a-w 208,896 2007-10-16 11:03:14 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
-c----w 765,952 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
-c----w 123,904 2006-11-07 15:26:24 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-18 00:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 131,584 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-18 00:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 54,784 2006-11-07 15:26:28 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 152,064 2006-11-07 15:26:56 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 229,376 2006-11-07 15:27:02 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2006-11-07 15:25:14 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 380,928 2006-10-18 00:27:56 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 382,976 2006-11-07 15:27:10 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,049,280 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 43,008 2006-11-07 15:26:28 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 266,752 2006-10-18 00:57:20 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,312 2006-11-07 15:26:32 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 622,080 2006-10-18 01:04:40 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,136 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 458,752 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 50,688 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,786,752 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 475,648 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 192,000 2006-10-18 01:05:10 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 670,720 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 101,376 2006-10-18 01:04:46 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2006-10-18 01:05:22 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,162,240 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 356,352 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 818,688 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:39 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-r 24,640 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\AdsLokUU.Dll
----a-r 104,024 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\BBCpl.dll
----a-r 71,256 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\condl.dll
nishikamae
2007-10-18, 19:59
----a-r 99,928 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\consl.dll
----a-r 132,696 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\coptcpl.dll
----a-r 71,232 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\csscan.exe
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\EntSrv.dll
----a-r 11,840 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\entvutil.exe
----a-r 194,136 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4837_shutil.dll
----a-r 24,664 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4842_McShield.DLL
----a-r 144,960 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4843_Mcshield.exe
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4844_naiann.dll
----a-r 263,768 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4845_NaiEvent.dll
----a-r 54,872 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4853_VsTskMgr.exe
----a-r 13,912 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4856_scan32.exe
----a-r 79,448 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4861_mcupdate.exe
----a-r 104,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftcfg.dll
----a-r 41,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftl.dll
----a-r 25,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\lockdown.dll
----a-r 58,968 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\logparser.exe
----a-r 16,472 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVDetect.DLL
----a-r 19,032 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVSCV.DLL
----a-r 28,224 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShield.dll
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShieldPerfData.dll
----a-r 34,368 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\Mcvssnmp.dll
----a-r 83,520 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfa.dll
----a-r 64,360 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfa.dll
----a-r 72,264 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopa.dll
----a-r 34,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopk.sys
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehida.dll
----a-r 46,656 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidin.exe
----a-r 170,408 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidk.sys
----a-r 18,496 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mferkda.dll
----a-r 52,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfetdik.sys
----a-r 132,672 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus.dll
----a-r 226,880 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus2.dll
----a-r 75,328 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NaEvent.Dll
----a-r 333,496 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCExtMgr.dll
----a-r 464,560 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCScan.dll
----a-r 35,416 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\OASCpl.dll
----a-r 263,744 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScanOTLK.Dll
----a-r 11,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScnCfg32.Exe
----a-r 67,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScriptCl.dll
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\scriptsv.dll
----a-r 112,216 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\shstat.exe
----a-r 243,288 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsodscpl.dll
----a-r 83,544 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\VSPlugin.dll
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsupdcpl.dll
----a-r 102,400 2007-10-13 06:14:59 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-r 32,768 2007-10-16 11:48:59 C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
----a-w 42,496 2006-10-12 13:54:18 C:\WINDOWS\msagent\agentdp2.dll
----a-w 256,512 2006-10-12 11:54:07 C:\WINDOWS\msagent\agentsvr.exe
C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\setup_wm.exe
----a-w 13,536 2005-06-28 22:20:24 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\spmsg.dll
----a-w 213,216 2005-06-28 22:23:26 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\spuninst.exe
----a-w 716,000 2005-06-28 22:24:52 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\update\update.exe
----a-w 371,424 2005-06-28 22:23:54 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\spuninst.exe
----a-w 1,104,896 2007-06-26 06:08:16 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\SP2GDR\msxml3.dll
----a-w 1,104,896 2007-06-26 06:06:12 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\SP2QFE\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieapfltr.dat
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\msfeedsbs.dll
----a-w 3,584,512 2007-08-21 03:34:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iedkcs32.dll
nishikamae
2007-10-18, 20:00
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\SP2GDR\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:47 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 13,536 2005-06-28 17:20:23 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\spmsg.dll
----a-w 213,216 2005-06-28 17:23:24 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\spuninst.exe
----a-w 2,330,624 2006-12-07 04:14:51 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\Emerald\WMVCORE.DLL
----a-w 716,000 2005-06-28 17:24:51 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\update\Update.exe
----a-w 371,424 2005-06-28 17:23:53 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\update\updspapi.dll
----a-w 2,374,472 2006-12-07 05:29:34 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP10L\WMVCORE.DLL
----a-w 2,362,184 2006-12-07 06:40:49 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP10NL\Wmvcore.dll
----a-w 2,071,368 2006-12-07 08:04:44 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP9L\WMVCORE.DLL
----a-w 2,174,976 2006-12-08 05:02:24 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP9NL\WMVCORE.DLL
----a-w 10,592 2007-10-16 11:58:33 C:\WINDOWS\SoftwareDistribution\EventCache\{47444182-2AD6-4630-85C2-9214EFC33EDA}.bin
----a-w 498,742 2006-08-22 16:05:26 C:\WINDOWS\system32\dxmasf.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 1,170,952 2007-10-16 12:00:52 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 282,112 2007-06-19 13:37:21 C:\WINDOWS\system32\gdi32(2)(2).dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 679,424 2006-04-11 16:33:42 C:\WINDOWS\system32\inetcomm(2).dll
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
----a-w 986,112 2007-04-16 16:07:27 C:\WINDOWS\system32\kernel32.dll
----a-w 726,528 2006-08-17 12:37:49 C:\WINDOWS\system32\lsasrv.dll
----a-w 40,960 2007-03-08 15:48:36 C:\WINDOWS\system32\mf3216.dll
----a-w 927,504 2006-11-01 19:17:45 C:\WINDOWS\system32\mfc40u.dll
----a-w 1,024,000 2004-08-03 23:56:44 C:\WINDOWS\system32\mfc42u(2).dll
----a-w 18,089,592 2007-09-28 10:19:40 C:\WINDOWS\system32\MRT.exe
----a-w 537,088 2004-08-03 23:56:44 C:\WINDOWS\system32\msftedit(2).dll
----a-w 2,854,400 2007-04-18 16:12:23 C:\WINDOWS\system32\msi(2)(2).dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 1,275,392 2007-05-09 03:03:04 C:\WINDOWS\system32\msxml4.dll
----a-w 1,320,800 2007-05-16 03:43:10 C:\WINDOWS\system32\msxml6.dll
----a-w 337,408 2006-08-17 12:37:49 C:\WINDOWS\system32\netapi32(2)(2).dll
----a-w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 64,000 2006-10-13 12:41:38 C:\WINDOWS\system32\nwapi32.dll
----a-w 142,336 2006-10-13 12:41:38 C:\WINDOWS\system32\nwprovau.dll
----a-w 65,536 2006-10-13 12:41:38 C:\WINDOWS\system32\nwwks.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 549,376 2007-05-17 11:28:05 C:\WINDOWS\system32\oleaut32.dll
----a-w 122,880 2006-10-16 16:15:00 C:\WINDOWS\system32\oledlg.dll
----a-w 278,528 2007-10-13 06:40:44 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5032.dll
----a-w 431,616 2004-08-03 23:56:46 C:\WINDOWS\system32\riched20(2).dll
----a-w 185,688 2007-10-13 06:41:26 C:\WINDOWS\system32\rmoc3260.dll
----a-w 144,896 2007-04-25 14:21:15 C:\WINDOWS\system32\schannel.dll
----a-w 8,453,632 2006-12-19 21:52:18 C:\WINDOWS\system32\shell32(2)(2).dll
----a-w 134,656 2006-12-19 21:52:18 C:\WINDOWS\system32\shsvcs(2)(2).dll
----a-w 246,814 2006-08-21 21:52:08 C:\WINDOWS\system32\strmdll.dll
----a-w 713,216 2006-10-19 13:59:58 C:\WINDOWS\system32\sxs(2)(2).dll
------w 60,416 2007-07-18 12:42:22 C:\WINDOWS\system32\tzchange.exe
----a-w 237,936 2004-01-07 23:21:24 C:\WINDOWS\system32\unicows.dll
----a-w 185,344 2007-02-05 20:17:02 C:\WINDOWS\system32\upnphost.dll
----a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\system32\user32(2)(2).dll
----a-w 333,312 2004-08-03 23:56:48 C:\WINDOWS\system32\wiaservc(3).dll
----a-w 1,843,968 2007-03-08 13:49:49 C:\WINDOWS\system32\win32k.sys
----a-w 292,864 2007-03-17 13:43:01 C:\WINDOWS\system32\winsrv(2)(2).dll
----a-w 132,096 2006-08-17 12:37:49 C:\WINDOWS\system32\wkssvc.dll
----a-w 5,537,792 2007-04-30 20:20:24 C:\WINDOWS\system32\wmp.dll
nishikamae
2007-10-18, 20:02
----a-w 16,384 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
--sha-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c--a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c----w 42,496 2006-10-12 13:54:18 C:\WINDOWS\system32\dllcache\agentdp2.dll
-c----w 57,344 2006-10-12 13:54:18 C:\WINDOWS\system32\dllcache\agentdpv.dll
-c----w 256,512 2006-10-12 11:54:07 C:\WINDOWS\system32\dllcache\agentsvr.exe
-c----w 498,742 2006-08-22 16:05:26 C:\WINDOWS\system32\dllcache\dxmasf.dll
-c--a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\system32\dllcache\explorer.exe
-c--a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 282,112 2007-06-19 13:37:21 C:\WINDOWS\system32\dllcache\gdi32.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c--a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c----w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-08-21 06:25:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 986,112 2007-04-16 16:07:27 C:\WINDOWS\system32\dllcache\kernel32.dll
-c----w 726,528 2006-08-17 12:37:49 C:\WINDOWS\system32\dllcache\lsasrv.dll
-c----w 40,960 2007-03-08 15:48:36 C:\WINDOWS\system32\dllcache\mf3216.dll
-c----w 927,504 2006-11-01 19:17:45 C:\WINDOWS\system32\dllcache\mfc40u.dll
-c----w 981,760 2006-12-14 13:45:53 C:\WINDOWS\system32\dllcache\mfc42u.dll
-c----w 536,576 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msado15.dll
-c----w 180,224 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msadomd.dll
-c----w 200,704 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msadox.dll
-c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c----w 539,136 2006-11-27 14:54:06 C:\WINDOWS\system32\dllcache\msftedit.dll
-c--a-w 3,584,512 2007-08-21 03:34:42 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 102,400 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msjro.dll
-c--a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 1,104,896 2007-06-26 06:08:16 C:\WINDOWS\system32\dllcache\msxml3.dll
-c----w 337,408 2006-08-17 12:37:49 C:\WINDOWS\system32\dllcache\netapi32.dll
-c----w 574,976 2007-02-09 11:23:36 C:\WINDOWS\system32\dllcache\ntfs.sys
-c----w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
-c----w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
-c----w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\system32\dllcache\ntkrpamp.exe
-c----w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
-c----w 64,000 2006-10-13 12:41:38 C:\WINDOWS\system32\dllcache\nwapi32.dll
-c----w 142,336 2006-10-13 12:41:38 C:\WINDOWS\system32\dllcache\nwprovau.dll
-c----w 163,456 2006-10-13 10:39:12 C:\WINDOWS\system32\dllcache\nwrdr.sys
-c----w 65,536 2006-10-13 12:41:38 C:\WINDOWS\system32\dllcache\nwwks.dll
-c----w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 549,376 2007-05-17 11:28:05 C:\WINDOWS\system32\dllcache\oleaut32.dll
-c----w 122,880 2006-10-16 16:15:00 C:\WINDOWS\system32\dllcache\oledlg.dll
-c----w 433,152 2006-11-27 14:54:06 C:\WINDOWS\system32\dllcache\riched20.dll
-c----w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\dllcache\rpcrt4.dll
-c----w 144,896 2007-04-25 14:21:15 C:\WINDOWS\system32\dllcache\schannel.dll
-c--a-w 8,453,632 2006-12-19 21:52:18 C:\WINDOWS\system32\dllcache\shell32.dll
-c----w 134,656 2006-12-19 21:52:18 C:\WINDOWS\system32\dllcache\shsvcs.dll
-c----w 246,814 2006-08-21 21:52:08 C:\WINDOWS\system32\dllcache\strmdll.dll
-c----w 713,216 2006-10-19 13:59:58 C:\WINDOWS\system32\dllcache\sxs.dll
-c----w 364,160 2007-04-23 10:14:23 C:\WINDOWS\system32\dllcache\update.sys
-c----w 185,344 2007-02-05 20:17:02 C:\WINDOWS\system32\dllcache\upnphost.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 578,048 2007-03-08 15:48:36 C:\WINDOWS\system32\dllcache\user32.dll
-c--a-w 765,952 2007-07-12 23:31:54 C:\WINDOWS\system32\dllcache\vgx.dll
-c--a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 333,824 2006-12-19 18:16:47 C:\WINDOWS\system32\dllcache\wiaservc.dll
-c----w 1,843,968 2007-03-08 13:49:49 C:\WINDOWS\system32\dllcache\win32k.sys
-c--a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
-c----w 292,864 2007-03-17 13:43:01 C:\WINDOWS\system32\dllcache\winsrv.dll
-c----w 132,096 2006-08-17 12:37:49 C:\WINDOWS\system32\dllcache\wkssvc.dll
-c----w 2,330,624 2006-12-07 04:14:51 C:\WINDOWS\system32\dllcache\wmvcore.dll
----a-w 70,001 2007-10-17 09:47:37 C:\WINDOWS\system32\drivers\gmer.sys
----a-w 189,712 2007-09-13 04:19:48 C:\WINDOWS\system32\drivers\klif.sys
----a-w 72,712 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfeavfk.sys
----a-w 34,184 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfebopk.sys
----a-w 171,240 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfehidk.sys
----a-w 52,200 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfetdik.sys
----a-w 574,976 2007-02-09 11:23:36 C:\WINDOWS\system32\drivers\ntfs.sys
----a-w 163,456 2006-10-13 10:39:12 C:\WINDOWS\system32\drivers\nwrdr.sys
----a-w 364,160 2007-04-23 10:14:23 C:\WINDOWS\system32\drivers\update.sys
----a-w 65,099 2007-10-14 04:42:25 C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin
----a-w 65,099 2007-10-14 04:42:45 C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin
----a-w 213,048 2005-05-25 00:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
----a-w 94,208 2007-08-30 03:47:20 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 950,272 2007-08-30 03:49:54 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
----a-w 2,115,816 2007-06-11 20:34:34 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 190,696 2007-06-11 20:34:40 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
----a-w 45,218 2007-10-13 07:42:13 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
----a-w 153,780 2007-10-19 04:02:42 C:\WINDOWS\system32\Restore\rstrlog.dat
----a-w 33,624 2007-07-31 07:18:40 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
----a-w 43,352 2007-07-31 07:19:12 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
----a-w 82,432 2007-04-18 22:36:40 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
----a-w 1,275,392 2007-05-09 03:06:44 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
----a-w 74,802 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
----a-w 995,383 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
----a-w 1,011,774 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
----a-w 401,462 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
.
----a-w 7,970,816 2007-07-08 03:32:09 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 147,456 2007-07-08 03:32:09 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-r 102,400 2007-09-09 06:38:13 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w 41,984 2004-08-03 23:56:42 C:\WINDOWS\msagent\agentdp2.dll
----a-w 256,512 2004-08-03 23:56:48 C:\WINDOWS\msagent\agentsvr.exe
----a-w 498,205 2004-08-03 23:56:44 C:\WINDOWS\system32\dxmasf.dll
----a-w 131,584 2006-11-08 09:03:36 C:\WINDOWS\system32\extmgr.dll
----a-w 1,170,952 2007-09-17 08:42:55 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 54,784 2006-11-07 15:26:28 C:\WINDOWS\system32\ie4uinit.exe
----a-w 152,064 2006-11-07 15:26:56 C:\WINDOWS\system32\ieakeng.dll
----a-w 229,376 2006-11-07 15:27:02 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2006-11-07 15:25:14 C:\WINDOWS\system32\ieakui.dll
----a-w 382,976 2006-11-07 15:27:10 C:\WINDOWS\system32\iedkcs32.dll
----a-w 43,008 2006-11-07 15:26:28 C:\WINDOWS\system32\iernonce.dll
----a-w 13,312 2006-11-07 15:26:32 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,136 2006-11-08 09:03:36 C:\WINDOWS\system32\jsproxy.dll
----a-w 985,088 2006-07-05 10:57:10 C:\WINDOWS\system32\kernel32.dll
----a-w 721,920 2005-10-14 17:17:44 C:\WINDOWS\system32\lsasrv.dll
----a-w 39,936 2004-08-03 23:56:44 C:\WINDOWS\system32\mf3216.dll
----a-w 924,432 2001-08-23 13:00:00 C:\WINDOWS\system32\mfc40u.dll
----a-w 9,639,336 2006-10-04 20:03:45 C:\WINDOWS\system32\MRT.exe
----a-w 192,000 2006-10-18 01:05:10 C:\WINDOWS\system32\msrating.dll
----a-w 670,720 2006-11-08 09:03:36 C:\WINDOWS\system32\mstime.dll
----a-w 1,245,184 2006-09-13 05:51:42 C:\WINDOWS\system32\msxml4.dll
----a-w 1,334,032 2006-09-02 00:08:02 C:\WINDOWS\system32\msxml6.dll
----a-w 2,027,008 2006-03-16 09:09:40 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,147,840 2006-03-16 09:34:02 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 58,880 2001-08-23 13:00:00 C:\WINDOWS\system32\nwapi32.dll
----a-w 144,384 2004-08-03 23:56:46 C:\WINDOWS\system32\nwprovau.dll
----a-w 65,024 2005-10-12 17:21:04 C:\WINDOWS\system32\nwwks.dll
----a-w 101,376 2006-10-18 01:04:46 C:\WINDOWS\system32\occache.dll
----a-w 553,472 2004-08-03 23:56:46 C:\WINDOWS\system32\oleaut32.dll
----a-w 117,760 2001-08-23 13:00:00 C:\WINDOWS\system32\oledlg.dll
----a-w 278,528 2007-09-03 02:15:24 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5032.dll
----a-w 185,688 2007-09-03 02:15:31 C:\WINDOWS\system32\rmoc3260.dll
----a-w 144,896 2004-08-03 23:56:46 C:\WINDOWS\system32\schannel.dll
----a-w 246,302 2004-08-03 23:56:46 C:\WINDOWS\system32\strmdll.dll
----a-w 185,344 2004-08-03 23:56:48 C:\WINDOWS\system32\upnphost.dll
----a-w 1,839,360 2005-11-08 23:13:40 C:\WINDOWS\system32\win32k.sys
----a-w 132,096 2004-08-03 23:56:48 C:\WINDOWS\system32\wkssvc.dll
----a-w 5,533,696 2006-04-11 19:35:02 C:\WINDOWS\system32\wmp.dll
----a-w 16,384 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
nishikamae
2007-10-18, 20:03
-c--a-w 123,904 2006-11-07 15:26:24 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2006-10-18 00:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 131,584 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 54,784 2006-11-07 15:26:28 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 152,064 2006-11-07 15:26:56 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 229,376 2006-11-07 15:27:02 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2006-11-07 15:25:14 C:\WINDOWS\system32\dllcache\ieakui.dll
-c--a-w 382,976 2006-11-07 15:27:10 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c--a-w 43,008 2006-11-07 15:26:28 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 622,080 2006-10-18 01:04:40 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 27,136 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 985,088 2006-07-05 10:57:10 C:\WINDOWS\system32\dllcache\kernel32.dll
-c--a-w 3,577,856 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 475,648 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 192,000 2006-10-18 01:05:10 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 670,720 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 1,084,416 2006-09-13 05:01:56 C:\WINDOWS\system32\dllcache\msxml3.dll
-c----w 336,896 2006-07-14 15:41:56 C:\WINDOWS\system32\dllcache\netapi32.dll
-c----w 101,376 2006-10-18 01:04:46 C:\WINDOWS\system32\dllcache\occache.dll
-c--a-w 8,453,632 2006-07-13 13:33:27 C:\WINDOWS\system32\dllcache\shell32.dll
-c----w 105,984 2006-10-18 01:05:22 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,162,240 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\urlmon.dll
-c--a-w 765,952 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\VGX.dll
-c--a-w 231,424 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 818,688 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\wininet.dll
----a-w 574,976 2005-11-28 20:19:58 C:\WINDOWS\system32\drivers\ntfs.sys
----a-w 163,584 2004-08-03 22:02:24 C:\WINDOWS\system32\drivers\nwrdr.sys
----a-w 209,280 2005-10-15 11:48:26 C:\WINDOWS\system32\drivers\update.sys
----a-w 2,078,344 2006-06-23 01:44:58 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 81,736 2007-10-12 06:53:50 C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
"Cmaudio"="cmicnfg.cpl" []
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [02/25/2006 11:41 AM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [08/06/2004 05:01 PM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/01/2006 05:22 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/06/2006 06:37 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"EzTruehitNews"="C:\Program Files\SmartAdviser\EZAD\svchost.exe" [08/04/2006 04:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [08/13/2007 08:50 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/12/2007 06:40 PM]
"C:\WINDOWS\Config\load.exe"="C:\WINDOWS\Config\load.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 AM]
"UIWatcher"="C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [08/18/2006 06:48 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/04/2007 10:37 PM]
"viwc"="C:\WINDOWS\system32\viwc.exe" [06/26/2007 05:13 AM]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [06/25/2007 11:28 PM]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [06/21/2007 11:41 PM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"msnsc"=C:\WINDOWS\system32\msnsc.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2544-02-13 15:01:04]
R0 tcvso;tcvs;C:\WINDOWS\system32\DRIVERS\tcvso.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
R2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 SunkFilt62;Alcor Micro Corp - 6362;\??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys
S3 LRMINIPORT;LanRoad PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\lrpppoe.sys
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\qcusbser.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6bc398-7a1d-11dc-97bd-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c79e3d-6043-11dc-80e8-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-18 09:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-19 04:07:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
"2007-10-19 08:44:42 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD0036B7-583C-403A-8D07-416CC9A5A565}.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 00:58:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\winamp.ini
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\Wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log
C:\WINDOWS\WMFDist11Uninst.log
C:\WINDOWS\wmp
C:\WINDOWS\wmp11.log
C:\WINDOWS\wmp11Uninst.log
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\Wudf01000Inst.log
C:\WINDOWS\xptools.ini
C:\WINDOWS\yhl.dll
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
C:\WINDOWS\_MSRSTRT.EXE
scan completed successfully
hidden files: 23
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\Config\\load.exe"="C:\\WINDOWS\\Config\\load.exe"
.
Completion time: 10/19/2007 0:59:17
C:\ComboFix2.txt ... 10/16/2007 02:23 PM
C:\ComboFix3.txt ... 10/16/2007 12:43 AM
.
--- E O F ---
nishikamae
2007-10-18, 20:17
Logfile of HijackThis v1.99.1
Scan saved at 1:21:15, on 19/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\nishikamae.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Hi
Re-scan with kaspersky
Post:
- a fresh HijackThis log
- kaspersky report
nishikamae
2007-10-19, 15:01
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 19, 2007 8:04:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/10/2007
Kaspersky Anti-Virus database records: 439378
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan Statistics:
Total number of scanned objects: 87299
Number of viruses found: 14
Number of infected objects: 26
Number of suspicious objects: 0
Duration of the scan process: 01:54:48
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_HOME.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_HOME.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10252006-235436.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Desktop\Fix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user\Desktop\Fix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user\Desktop\Fix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012007101920071020\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\NAILogs\UpdaterUI_HOME.log Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF492B.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\user\ntuser.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP525\A0090726.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP536\A0092482.exe Infected: not-a-virus:RiskTool.Win32.Deleter.b skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP542\A0092800.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP546\A0092967.exe Infected: Trojan-Downloader.Win32.Agent.dyn skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP548\A0093072.exe Infected: Trojan-Downloader.Win32.Agent.dyn skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP556\A0097604.exe/data0000.cab/sndmon32.exe Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP556\A0097604.exe/data0000.cab Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP556\A0097604.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP561\A0098712.exe Infected: Trojan-Downloader.Win32.VB.bai skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP561\A0098716.exe/data0000.cab/sndmon32.exe Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP561\A0098716.exe/data0000.cab Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP561\A0098716.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP563\A0099857.exe/data0000.cab/sndmon32.exe Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP563\A0099857.exe/data0000.cab Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP563\A0099857.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP566\A0101465.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP566\A0101465.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP566\A0101466.exe Infected: Trojan-Downloader.Win32.Small.fxy skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP567\A0103623.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP567\A0103624.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP577\A0106173.sys Infected: Rootkit.Win32.Agent.jp skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP579\A0106376.exe Infected: Trojan.Win32.Pakes.sb skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP579\A0106378.exe Infected: Trojan-Downloader.Win32.Agent.eao skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP584\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DF1D006E-F3F4-4993-83BB-B82919CF8BA3}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP584\change.log Object is locked skipped
Scan process completed.
nishikamae
2007-10-19, 15:02
Logfile of HijackThis v1.99.1
Scan saved at 20:06:06, on 19/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\nishikamae.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Hi
Logs look good.
All viruses are in system restore and inactive.
I give you later instructions how to empty it.
Other than that, any problems left?
nishikamae
2007-10-19, 22:34
Only ploblem that keep annoying me is a pop up from IE Script and hersult [I'm not sure that i spell it right] when i play online game this pop up makes me out off server every time it's so boring .
http://img81.imageshack.us/img81/9514/error01jd0.png
i did't cap the other pop up cause it's didn't show up that time so thank you .
nishikamae
2007-10-20, 07:38
This is the another pop up
http://img81.imageshack.us/img81/9257/error2wb5.png
Detail
See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.
************** Exception Text **************
System.Runtime.InteropServices.COMException (0x800700AA): The requested resource is in use. (Exception from HRESULT: 0x800700AA)
at System.Windows.Forms.UnsafeNativeMethods.IWebBrowser2.Navigate2(Object& URL, Object& flags, Object& targetFrameName, Object& postData, Object& headers)
at System.Windows.Forms.WebBrowser.PerformNavigate2(Object& URL, Object& flags, Object& targetFrameName, Object& postData, Object& headers)
at System.Windows.Forms.WebBrowser.PerformNavigateHelper(String urlString, Boolean newWindow, String targetFrameName, Byte[] postData, String headers)
at System.Windows.Forms.WebBrowser.set_Url(Uri value)
at EzTruehit.frmMain.timer1_Tick(Object sender, EventArgs e)
at System.Windows.Forms.Timer.OnTick(EventArgs e)
at System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
************** Loaded Assemblies **************
mscorlib
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.42 (RTM.050727-4200)
CodeBase: file:///C:/WINDOWS/Microsoft.NET/Framework/v2.0.50727/mscorlib.dll
----------------------------------------
svchost
Assembly Version: 1.0.0.0
Win32 Version: 1.0.0.0
CodeBase: file:///C:/Program%20Files/SmartAdviser/EZAD/svchost.exe
----------------------------------------
System.Windows.Forms
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.42 (RTM.050727-4200)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Windows.Forms/2.0.0.0__b77a5c561934e089/System.Windows.Forms.dll
----------------------------------------
System
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.42 (RTM.050727-4200)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System/2.0.0.0__b77a5c561934e089/System.dll
----------------------------------------
System.Drawing
Assembly Version: 2.0.0.0
Win32 Version: 2.0.50727.42 (RTM.050727-4200)
CodeBase: file:///C:/WINDOWS/assembly/GAC_MSIL/System.Drawing/2.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll
----------------------------------------
************** JIT Debugging **************
To enable just-in-time (JIT) debugging, the .config file for this
application or computer (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.
For example:
<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>
When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the computer
rather than be handled by this dialog box.
Hi
I'm sorry but I don't think that I can help with those as they likely aren't malware related things.
However, I can forward you to some other forum which can.
Is it ok?
nishikamae
2007-10-21, 14:50
Ok Thank You very much for your help
Hi
Then you're clean!
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
I recommend this (http://forums.pcpitstop.com/index.php?) forum for the rest of issues.
You can remove all tools we used.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topic405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
Instructions for - Spybot S & D and Ad-aware (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Happy surfing and stay clean!
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.