Please Help !!!!!

nishikamae

Logfile of HijackThis v1.99.1
Scan saved at 0:22:18, on 17/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\ViStart\ViStart.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
 
Hi

At least HjT log looks good now :)

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
 
I Run Dr.Web CureIt and then it start express scan for a while till it finished and the messege no virus show up on the below i don't know how 2 do like u told cause it's doen't going like u said so i close the program and then my desktop are blue and no respond 2 any click so i have 2 use tsk bar 2 restart it
 
Hi

Then do this:

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
 
nishikamae

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 18, 2007 11:11:33 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/10/2007
Kaspersky Anti-Virus database records: 438779
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 94298
Number of viruses found: 17
Number of infected objects: 40
Number of suspicious objects: 0
Duration of the scan process: 01:59:09

Infected Object Name / Virus Name / Last Action
C:\avenger\backup.zip/avenger/dravic.exe Infected: Trojan.Win32.Pakes.sb skipped
C:\avenger\backup.zip/avenger/xlavra3.exe Infected: Trojan-Downloader.Win32.Agent.eao skipped
C:\avenger\backup.zip ZIP: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_HOME.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_HOME.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10252006-235436.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\user\Application Data\Microsoft\Word\การบันทึกการกู้คืนอัตโนมัติของ เอกสาร1.asd Object is locked skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\41\529ea6e9-5159489a/OP.class Infected: Trojan-Downloader.Java.OpenStream.ab skipped
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0\41\529ea6e9-5159489a ZIP: infected - 1 skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\user\Desktop\Fix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user\Desktop\Fix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user\Desktop\Fix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012007101820071019\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\NAILogs\UpdaterUI_HOME.log Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF5AE.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF5E2.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF72D3.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DF8566.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DFB431.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~DFCDF4.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\~WRS0000.tmp Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\user\ntuser.dat Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\user\dodolook020.exe.vir/data0003/data0001 Infected: not-a-virus:AdWare.Win32.Cinmus.po skipped
C:\QooBox\Quarantine\C\Documents and Settings\user\dodolook020.exe.vir/data0003/data0004 Infected: not-a-virus:AdWare.Win32.Cinmus.j skipped
C:\QooBox\Quarantine\C\Documents and Settings\user\dodolook020.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.Cinmus.j skipped
C:\QooBox\Quarantine\C\Documents and Settings\user\dodolook020.exe.vir NSIS: infected - 3 skipped
C:\QooBox\Quarantine\C\WINDOWS\chkdsk32_.exe.vir Infected: Trojan-Downloader.Win32.VB.bai skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\runtime2.sys.vir Infected: Rootkit.Win32.Agent.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pskill.exe.vir Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\sulimo.dat.vir Infected: not-virus:Hoax.Win32.Renos.lq skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP525\A0090726.dll Infected: not-virus:Hoax.Win32.Renos.lq skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP536\A0092482.exe Infected: not-a-virus:RiskTool.Win32.Deleter.b skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP542\A0092800.exe Infected: not-a-virus:RiskTool.Win32.PsKill.e skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP546\A0092967.exe Infected: Trojan-Downloader.Win32.Agent.dyn skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP548\A0093072.exe Infected: Trojan-Downloader.Win32.Agent.dyn skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP556\A0097604.exe/data0000.cab/sndmon32.exe Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP556\A0097604.exe/data0000.cab Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP556\A0097604.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP561\A0098712.exe Infected: Trojan-Downloader.Win32.VB.bai skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP561\A0098716.exe/data0000.cab/sndmon32.exe Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP561\A0098716.exe/data0000.cab Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP561\A0098716.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP563\A0099857.exe/data0000.cab/sndmon32.exe Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP563\A0099857.exe/data0000.cab Infected: Trojan-Downloader.Win32.VB.azx skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP563\A0099857.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP566\A0101465.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bkw skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP566\A0101465.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP566\A0101466.exe Infected: Trojan-Downloader.Win32.Small.fxy skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP567\A0103623.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP567\A0103624.exe Infected: Trojan.Win32.Agent.bqn skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP577\A0106173.sys Infected: Rootkit.Win32.Agent.jp skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP579\A0106376.exe Infected: Trojan.Win32.Pakes.sb skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP579\A0106378.exe Infected: Trojan-Downloader.Win32.Agent.eao skipped
C:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP582\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3BD38B82-6EC7-4DF4-A45E-61014CECB2DA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\sulimo.dat Infected: not-virus:Hoax.Win32.Renos.lq skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{60F44D3F-92D9-4197-A062-C9DB122872FC}\RP582\change.log Object is locked skipped

Scan process completed.
 
nishikamae

Logfile of HijackThis v1.99.1
Scan saved at 23:22:53, on 18/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\nishikamae.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
 
Hi

Empty these folders:

C:\avenger\
C:\QooBox\Quarantine
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\6.0

Delete this:

C:\WINDOWS\system32\sulimo.dat

Empty Recycle Bin

Re-run combofix

Post:

- a fresh HijackThis log
- combofix report
 
nishikamae

ComboFix 07-10-11.1 - user 10/19/2007 0:55:52.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.290 [GMT -12:00]
Running from: C:\Documents and Settings\user\Desktop\Fix\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Desktop\internet.lnk

.
((((((((((((((((((((((((( Files Created from 2007-09-19 to 2007-10-19 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-19 12:58 4,640 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-19 12:58 100,384 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-19 08:06 32 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-10-19 08:06 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-19 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-19 04:05 --------- d-----w C:\Program Files\ViStart
2007-10-19 03:58 --------- d-----w C:\Documents and Settings\user\Application Data\MegauploadToolbar
2007-10-18 12:26 45 ----a-w C:\Program Files\Log.txt
2007-10-18 12:24 109 ----a-w C:\Program Files\AudiLog.txt
2007-10-16 11:48 --------- d-----w C:\Program Files\MSXML 4.0
2007-10-15 15:47 153,642 ----a-w C:\Installer.exe
2007-10-14 04:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-14 02:50 76,560 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-13 08:16 4 ----a-w C:\Program Files\VERSION.CFG
2007-10-13 08:16 --------- d-----w C:\Program Files\ABM
2007-10-13 07:28 --------- d-----w C:\Program Files\Opera
2007-10-13 07:27 --------- d-----w C:\Program Files\Netscape
2007-10-13 06:59 --------- d-----w C:\Documents and Settings\user\Application Data\Netscape
2007-10-13 06:46 --------- d-----w C:\Program Files\Viewpoint
2007-10-13 06:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-13 06:44 --------- d-----w C:\Program Files\Java
2007-10-13 06:42 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-13 06:41 --------- d-----w C:\Program Files\Common Files\Real
2007-10-13 06:40 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-13 06:40 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-13 05:59 --------- d-----w C:\Program Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Program Files\Common Files\McAfee
2007-10-13 05:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-13 04:41 88,205 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-10-13 04:41 84,621 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-10-13 04:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-10-13 04:35 --------- d-----w C:\Program Files\Camfrog
2007-10-13 04:29 --------- d-----w C:\Program Files\Lavasoft
2007-10-13 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-12 12:26 3,606 ----a-w C:\WINDOWS\system32\tmp.reg
2007-10-11 03:31 --------- d-----w C:\Program Files\MP3 Player Utilities 3.5.02
2007-10-10 06:41 1,354,240 ----a-w C:\Program Files\Audition.exe
2007-10-08 11:53 --------- d-----w C:\Program Files\DATA
2007-10-08 11:52 --------- d-----w C:\Program Files\SCRIPT
2007-10-01 02:56 --------- d-----w C:\Program Files\WinPcap
2007-10-01 02:56 --------- d-----w C:\Documents and Settings\user\Application Data\Orbit
2007-10-01 01:24 --------- d-----w C:\Program Files\IE7Pro
2007-10-01 01:24 --------- d-----w C:\Documents and Settings\user\Application Data\IE7pro
2007-09-21 08:52 13,924 ----a-w C:\WINDOWS\system32\drivers\klop.dat
2007-09-18 10:59 465,816 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-09-17 08:55 --------- d-----w C:\Documents and Settings\user\Application Data\ViStart
2007-09-17 08:37 --------- d-----w C:\Program Files\VisualTooltip
2007-09-17 08:37 --------- d-----w C:\Program Files\Vista Sidebar
2007-09-17 08:37 --------- d-----w C:\Program Files\ViOrb
2007-09-17 08:37 --------- d-----w C:\Program Files\Styler
2007-09-17 08:37 --------- d-----w C:\Program Files\MSN Messenger
2007-09-17 08:37 --------- d-----w C:\Program Files\LClock
2007-09-17 08:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-17 08:05 --------- d-----w C:\Program Files\Common Files\ACD Systems
2007-09-17 07:51 --------- d-----w C:\Documents and Settings\user\Application Data\Lavasoft
2007-09-17 07:48 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-09 06:38 --------- d-----w C:\Program Files\iTunes
2007-09-09 06:37 --------- d-----w C:\Program Files\iPod
2007-09-09 06:36 --------- d-----w C:\Program Files\Apple Software Update
2007-09-08 08:50 64,168 ----a-w C:\WINDOWS\system32\drivers\mfeapfk.sys
2007-09-05 09:34 --------- d-----w C:\Program Files\Google
2007-09-03 23:01 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-09-03 13:58 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-03 02:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-03 02:16 --------- d-----w C:\Program Files\Real
2007-08-25 12:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-08-23 06:12 --------- d-----w C:\Program Files\AML Products
2007-08-20 13:50 --------- d-----w C:\Program Files\thriXXX
2007-08-19 01:47 --------- d-----w C:\Program Files\MegauploadToolbar
2007-07-31 07:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 07:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 07:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 07:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 07:19 43,352 ----a-w C:\WINDOWS\system32\wups2(2)(2).dll
2007-07-31 07:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 07:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-31 07:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-31 07:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 07:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 07:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-31 07:18 33,624 ----a-w C:\WINDOWS\system32\wups(2)(2).dll
2007-03-28 06:16 462,848 ----a-w C:\Program Files\patcher.exe
2006-07-21 08:15 361 ----a-w C:\Program Files\AX.bat
2005-12-26 11:48 294 ----a-w C:\Program Files\macro.txt
2005-12-23 14:45 102,400 ----a-w C:\Program Files\TaskKeyHookWD.dll
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp2.dat
2005-10-15 09:07 22,040 ---h--w C:\Documents and Settings\user\Application Data\wmp.dat
2005-10-13 10:37 8,038 ----a-w C:\Program Files\icon4.ico
2005-10-13 10:31 7,782 ----a-w C:\Program Files\icon3.ico
2004-11-10 05:31 372,736 ----a-w C:\Program Files\ijl15.dll
2004-10-18 08:04 161,280 ----a-w C:\Program Files\fmod.dll
2001-11-23 23:08 712,704 ----a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
 
nishikamae

.

((((((((((((((((((((((((((((( snapshot@Fri 10-12-2007_ 0.48.34.32 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,429,504 2005-10-15 09:07:16 C:\WINDOWS\explorer(2).exe
----a-w 585,791 2007-10-17 09:47:37 C:\WINDOWS\gmer.dll
----a-w 581,632 2007-06-29 21:38:18 C:\WINDOWS\gmer.exe
----a-w 10,191 2007-10-13 06:46:10 C:\WINDOWS\mozver.dat
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
----a-w 539,136 2006-11-27 15:17:10 C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
----a-w 433,664 2006-11-27 15:17:10 C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
----a-w 549,888 2007-05-17 11:25:21 C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe
----a-w 122,880 2006-10-16 17:14:17 C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
----a-w 536,576 2006-12-26 13:18:55 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
----a-w 180,224 2006-12-26 13:18:55 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
----a-w 200,704 2006-12-26 17:18:56 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
----a-w 102,400 2006-12-26 13:18:55 C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB927802\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe
----a-w 333,824 2006-12-19 18:47:14 C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spuninst.exe
----a-w 2,854,400 2007-04-18 16:14:43 C:\WINDOWS\$hf_mig$\KB927891\SP2QFE\msi31.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
----a-w 8,458,752 2006-12-19 21:50:10 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
----a-w 135,168 2006-12-19 21:50:10 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
----a-w 248,320 2006-12-19 16:10:56 C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\xpsp3res.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB928843\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB928843\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB928843\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
----a-w 292,864 2007-03-17 13:45:03 C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
----a-w 185,344 2007-02-05 20:19:14 C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe
----a-w 2,137,600 2007-02-28 09:53:04 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
----a-w 2,059,392 2007-02-28 13:15:58 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
----a-w 2,017,280 2007-02-28 09:15:59 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:21 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe
----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
----a-w 144,896 2007-04-25 20:32:22 C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
----a-w 1,104,896 2007-06-26 06:06:12 C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
----a-w 765,952 2007-07-12 23:28:55 C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
-c----w 537,088 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB918118$\msftedit.dll
-c----w 431,616 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB918118$\riched20.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB918118$\spuninst\updspapi.dll
-c----w 41,984 2004-08-03 23:56:42 C:\WINDOWS\$NtUninstallKB920213$\agentdp2.dll
-c----w 57,344 2005-10-13 21:35:58 C:\WINDOWS\$NtUninstallKB920213$\agentdpv.dll
-c----w 256,512 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe
-c----w 90,624 2006-06-23 08:47:05 C:\WINDOWS\$NtUninstallKB920213$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB920213$\spuninst\updspapi.dll
-c----w 553,472 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB921503$\oleaut32.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB921503$\spuninst\updspapi.dll
-c----w 2,330,624 2005-11-06 21:13:34 C:\WINDOWS\$NtUninstallKB923689$\wmvcore.dll
-c----w 213,216 2005-06-28 17:23:24 C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 17:23:53 C:\WINDOWS\$NtUninstallKB923689$\spuninst\updspapi.dll
-c----w 58,880 2001-08-23 13:00:00 C:\WINDOWS\$NtUninstallKB923980$\nwapi32.dll
-c----w 144,384 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll
-c----w 163,584 2004-08-03 22:02:24 C:\WINDOWS\$NtUninstallKB923980$\nwrdr.sys
-c----w 65,024 2005-10-12 17:21:04 C:\WINDOWS\$NtUninstallKB923980$\nwwks.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB923980$\spuninst\updspapi.dll
-c----w 721,920 2005-10-14 17:17:44 C:\WINDOWS\$NtUninstallKB924270$\lsasrv.dll
-c----w 336,896 2006-07-14 15:41:56 C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll
-c----w 132,096 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB924270$\wkssvc.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB924270$\spuninst\updspapi.dll
-c----w 924,432 2001-08-23 13:00:00 C:\WINDOWS\$NtUninstallKB924667$\mfc40u.dll
-c----w 1,024,000 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB924667$\mfc42u.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB924667$\spuninst\updspapi.dll
-c----w 498,205 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB925398_WMP64$\dxmasf.dll
-c----w 246,302 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB925398_WMP64$\strmdll.dll
-c----w 213,216 2005-06-28 22:23:26 C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 22:23:54 C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\updspapi.dll
-c----w 280,064 2006-01-16 21:39:16 C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll
-c----w 39,936 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll
-c----w 577,024 2005-10-13 21:36:14 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
-c----w 1,839,360 2005-11-08 23:13:40 C:\WINDOWS\$NtUninstallKB925902$\win32k.sys
-c----w 213,216 2006-01-19 19:29:19
 
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB925902$\spuninst\updspapi.dll
-c----w 819,200 2005-05-23 15:48:52 C:\WINDOWS\$NtUninstallKB926251$\setup_wm.exe
-c----w 213,216 2005-06-28 22:23:26 C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 22:23:54 C:\WINDOWS\$NtUninstallKB926251$\spuninst\updspapi.dll
-c----w 713,216 2005-11-23 17:41:46 C:\WINDOWS\$NtUninstallKB926255$\sxs.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926255$\spuninst\updspapi.dll
-c----w 117,760 2001-08-23 13:00:00 C:\WINDOWS\$NtUninstallKB926436$\oledlg.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB926436$\spuninst\updspapi.dll
-c----w 536,576 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msado15.dll
-c----w 180,224 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msadomd.dll
-c----w 200,704 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msadox.dll
-c----w 102,400 2004-08-03 23:56:44 C:\WINDOWS\$NtUninstallKB927779$\msjro.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927779$\spuninst\updspapi.dll
-c----w 333,312 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB927802$\wiaservc.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB927802$\spuninst\updspapi.dll
-c----w 2,890,240 2006-02-21 17:22:12 C:\WINDOWS\$NtUninstallKB927891$\msi.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\updspapi.dll
-c----w 28,024,832 2006-07-13 13:33:28 C:\WINDOWS\$NtUninstallKB928255$\shell32.dll
-c----w 134,656 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB928255$\shsvcs.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB928255$\spuninst\updspapi.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB928843$\spuninst\updspapi.dll
-c----w 430,080 2006-04-09 13:35:50 C:\WINDOWS\$NtUninstallKB930178$\winsrv.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB930178$\spuninst\updspapi.dll
-c----w 574,976 2005-11-28 20:19:58 C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB930916$\spuninst\updspapi.dll
-c----w 185,344 2004-08-03 23:56:48 C:\WINDOWS\$NtUninstallKB931261$\upnphost.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931261$\spuninst\updspapi.dll
-c----w 2,027,008 2006-03-16 09:09:40 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
-c----w 2,147,840 2006-03-16 09:34:02 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931784$\spuninst\updspapi.dll
-c----w 57,344 2006-10-12 13:54:18 C:\WINDOWS\$NtUninstallKB932168$\agentdpv.dll
-c----w 57,344 2006-10-12 13:54:18 C:\WINDOWS\$NtUninstallKB932168$\agentdpv.dll.000
-c----w 248,320 2006-10-16 10:29:15 C:\WINDOWS\$NtUninstallKB932168$\xpsp3res.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB932168$\spuninst\updspapi.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933360$\spuninst\updspapi.dll
-c----w 582,144 2006-01-16 21:39:34 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 985,088 2006-07-05 10:57:10 C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB935839$\spuninst\updspapi.dll
-c----w 144,896 2004-08-03 23:56:46 C:\WINDOWS\$NtUninstallKB935840$\schannel.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB935840$\spuninst\updspapi.dll
-c----w 1,084,416 2006-09-13 05:01:56 C:\WINDOWS\$NtUninstallKB936021$\msxml3.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB936021$\spuninst\updspapi.dll
-c----w 209,280 2005-10-15 11:48:26 C:\WINDOWS\$NtUninstallKB936357$\update.sys
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB936357$\spuninst\updspapi.dll
-c----w 5,533,696 2006-04-11 19:35:02 C:\WINDOWS\$NtUninstallKB936782_WMP10$\wmp.dll
-c----w 213,216 2005-06-28 22:23:26 C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 22:23:54 C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\updspapi.dll
-c----w 1,429,504 2005-10-15 09:07:16 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB938828$\spuninst\updspapi.dll
-c----w 282,112 2007-03-08 15:48:36 C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll
-c----w 282,112 2007-03-08 15:48:36 C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll.000
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB938829$\spuninst\updspapi.dll
-c----w 679,424 2006-04-11 16:33:42 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:39 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:47 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
----a-w 516,096 2006-05-25 07:17:22 C:\WINDOWS\Downloaded Program Files\ThaiGameStart.dll
------w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
------w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
----a-w 163,328 2007-10-16 02:38:55 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
----a-w 10,686,464 2007-10-16 11:03:32 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
----a-w 208,896 2007-10-16 11:03:32 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-w 163,328 2007-10-16 02:38:55 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
----a-w 10,686,464 2007-10-16 11:03:14 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
----a-w 208,896 2007-10-16 11:03:14 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
-c----w 765,952 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
-c----w 123,904 2006-11-07 15:26:24 C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
-c----w 214,528 2006-10-18 00:57:50 C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
-c----w 131,584 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
-c----w 61,952 2006-10-18 00:58:20 C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
-c----w 54,784 2006-11-07 15:26:28 C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
-c----w 152,064 2006-11-07 15:26:56 C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
-c----w 229,376 2006-11-07 15:27:02 C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
-c----w 161,792 2006-11-07 15:25:14 C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
-c----w 380,928 2006-10-18 00:27:56 C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
-c----w 382,976 2006-11-07 15:27:10 C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
-c----w 6,049,280 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
-c----w 43,008 2006-11-07 15:26:28 C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
-c----w 266,752 2006-10-18 00:57:20 C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
-c----w 13,312 2006-11-07 15:26:32 C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
-c----w 622,080 2006-10-18 01:04:40 C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
-c----w 27,136 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
-c----w 458,752 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
-c----w 50,688 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
-c----w 3,786,752 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
-c----w 475,648 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
-c----w 192,000 2006-10-18 01:05:10 C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
-c----w 670,720 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
-c----w 101,376 2006-10-18 01:04:46 C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
-c----w 105,984 2006-10-18 01:05:22 C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
-c----w 1,162,240 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
-c----w 356,352 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
-c----w 818,688 2006-11-08 09:03:36 C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
-c----w 213,216 2007-03-06 01:22:39 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
----a-r 24,640 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\AdsLokUU.Dll
----a-r 104,024 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\BBCpl.dll
----a-r 71,256 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\condl.dll
 
----a-r 99,928 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\consl.dll
----a-r 132,696 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\coptcpl.dll
----a-r 71,232 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\csscan.exe
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\EntSrv.dll
----a-r 11,840 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\entvutil.exe
----a-r 194,136 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4837_shutil.dll
----a-r 24,664 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4842_McShield.DLL
----a-r 144,960 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4843_Mcshield.exe
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4844_naiann.dll
----a-r 263,768 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4845_NaiEvent.dll
----a-r 54,872 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4853_VsTskMgr.exe
----a-r 13,912 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4856_scan32.exe
----a-r 79,448 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\F4861_mcupdate.exe
----a-r 104,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftcfg.dll
----a-r 41,024 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ftl.dll
----a-r 25,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\lockdown.dll
----a-r 58,968 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\logparser.exe
----a-r 16,472 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVDetect.DLL
----a-r 19,032 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McAVSCV.DLL
----a-r 28,224 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShield.dll
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\McShieldPerfData.dll
----a-r 34,368 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\Mcvssnmp.dll
----a-r 83,520 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfa.dll
----a-r 64,360 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeapfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfa.dll
----a-r 72,264 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfeavfk.sys
----a-r 58,944 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopa.dll
----a-r 34,152 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfebopk.sys
----a-r 19,008 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehida.dll
----a-r 46,656 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidin.exe
----a-r 170,408 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfehidk.sys
----a-r 18,496 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mferkda.dll
----a-r 52,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mfetdik.sys
----a-r 132,672 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus.dll
----a-r 226,880 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\mytilus2.dll
----a-r 75,328 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NaEvent.Dll
----a-r 333,496 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCExtMgr.dll
----a-r 464,560 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\NCScan.dll
----a-r 35,416 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\OASCpl.dll
----a-r 263,744 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScanOTLK.Dll
----a-r 11,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScnCfg32.Exe
----a-r 67,136 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\ScriptCl.dll
----a-r 17,984 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\scriptsv.dll
----a-r 112,216 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\shstat.exe
----a-r 243,288 2007-02-23 08:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsodscpl.dll
----a-r 83,544 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\VSPlugin.dll
----a-r 75,352 2006-11-30 20:50:00 C:\WINDOWS\Installer\$PatchCache$\Managed\40C30C53F1F32C249A987A75EE96F156\8.6.0\vsupdcpl.dll
----a-r 102,400 2007-10-13 06:14:59 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-r 32,768 2007-10-16 11:48:59 C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
----a-w 42,496 2006-10-12 13:54:18 C:\WINDOWS\msagent\agentdp2.dll
----a-w 256,512 2006-10-12 11:54:07 C:\WINDOWS\msagent\agentsvr.exe
C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\setup_wm.exe
----a-w 13,536 2005-06-28 22:20:24 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\spmsg.dll
----a-w 213,216 2005-06-28 22:23:26 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\spuninst.exe
----a-w 716,000 2005-06-28 22:24:52 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\update\update.exe
----a-w 371,424 2005-06-28 22:23:54 C:\WINDOWS\SoftwareDistribution\Download\0fbfbb50ba543b7b50c54ea4b8e33a14\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\spuninst.exe
----a-w 1,104,896 2007-06-26 06:08:16 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\SP2GDR\msxml3.dll
----a-w 1,104,896 2007-06-26 06:06:12 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\SP2QFE\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieapfltr.dat
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\msfeedsbs.dll
----a-w 3,584,512 2007-08-21 03:34:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2GDR\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieakui.dll
----a-w 2,455,488 2007-04-17 09:32:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iedkcs32.dll
 
nishikamae

----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\SP2QFE\wininet.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:33 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:39 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\SP2GDR\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:31 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:56 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:47 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 13,536 2005-06-28 17:20:23 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\spmsg.dll
----a-w 213,216 2005-06-28 17:23:24 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\spuninst.exe
----a-w 2,330,624 2006-12-07 04:14:51 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\Emerald\WMVCORE.DLL
----a-w 716,000 2005-06-28 17:24:51 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\update\Update.exe
----a-w 371,424 2005-06-28 17:23:53 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\update\updspapi.dll
----a-w 2,374,472 2006-12-07 05:29:34 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP10L\WMVCORE.DLL
----a-w 2,362,184 2006-12-07 06:40:49 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP10NL\Wmvcore.dll
----a-w 2,071,368 2006-12-07 08:04:44 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP9L\WMVCORE.DLL
----a-w 2,174,976 2006-12-08 05:02:24 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP9NL\WMVCORE.DLL
----a-w 10,592 2007-10-16 11:58:33 C:\WINDOWS\SoftwareDistribution\EventCache\{47444182-2AD6-4630-85C2-9214EFC33EDA}.bin
----a-w 498,742 2006-08-22 16:05:26 C:\WINDOWS\system32\dxmasf.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\extmgr.dll
----a-w 1,170,952 2007-10-16 12:00:52 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 282,112 2007-06-19 13:37:21 C:\WINDOWS\system32\gdi32(2)(2).dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\ieakui.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\iedkcs32.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\iernonce.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\ieudinit.exe
----a-w 679,424 2006-04-11 16:33:42 C:\WINDOWS\system32\inetcomm(2).dll
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\jsproxy.dll
----a-w 986,112 2007-04-16 16:07:27 C:\WINDOWS\system32\kernel32.dll
----a-w 726,528 2006-08-17 12:37:49 C:\WINDOWS\system32\lsasrv.dll
----a-w 40,960 2007-03-08 15:48:36 C:\WINDOWS\system32\mf3216.dll
----a-w 927,504 2006-11-01 19:17:45 C:\WINDOWS\system32\mfc40u.dll
----a-w 1,024,000 2004-08-03 23:56:44 C:\WINDOWS\system32\mfc42u(2).dll
----a-w 18,089,592 2007-09-28 10:19:40 C:\WINDOWS\system32\MRT.exe
----a-w 537,088 2004-08-03 23:56:44 C:\WINDOWS\system32\msftedit(2).dll
----a-w 2,854,400 2007-04-18 16:12:23 C:\WINDOWS\system32\msi(2)(2).dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\mstime.dll
----a-w 1,275,392 2007-05-09 03:03:04 C:\WINDOWS\system32\msxml4.dll
----a-w 1,320,800 2007-05-16 03:43:10 C:\WINDOWS\system32\msxml6.dll
----a-w 337,408 2006-08-17 12:37:49 C:\WINDOWS\system32\netapi32(2)(2).dll
----a-w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 64,000 2006-10-13 12:41:38 C:\WINDOWS\system32\nwapi32.dll
----a-w 142,336 2006-10-13 12:41:38 C:\WINDOWS\system32\nwprovau.dll
----a-w 65,536 2006-10-13 12:41:38 C:\WINDOWS\system32\nwwks.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\occache.dll
----a-w 549,376 2007-05-17 11:28:05 C:\WINDOWS\system32\oleaut32.dll
----a-w 122,880 2006-10-16 16:15:00 C:\WINDOWS\system32\oledlg.dll
----a-w 278,528 2007-10-13 06:40:44 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-10-13 06:40:54 C:\WINDOWS\system32\pndx5032.dll
----a-w 431,616 2004-08-03 23:56:46 C:\WINDOWS\system32\riched20(2).dll
----a-w 185,688 2007-10-13 06:41:26 C:\WINDOWS\system32\rmoc3260.dll
----a-w 144,896 2007-04-25 14:21:15 C:\WINDOWS\system32\schannel.dll
----a-w 8,453,632 2006-12-19 21:52:18 C:\WINDOWS\system32\shell32(2)(2).dll
----a-w 134,656 2006-12-19 21:52:18 C:\WINDOWS\system32\shsvcs(2)(2).dll
----a-w 246,814 2006-08-21 21:52:08 C:\WINDOWS\system32\strmdll.dll
----a-w 713,216 2006-10-19 13:59:58 C:\WINDOWS\system32\sxs(2)(2).dll
------w 60,416 2007-07-18 12:42:22 C:\WINDOWS\system32\tzchange.exe
----a-w 237,936 2004-01-07 23:21:24 C:\WINDOWS\system32\unicows.dll
----a-w 185,344 2007-02-05 20:17:02 C:\WINDOWS\system32\upnphost.dll
----a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\system32\user32(2)(2).dll
----a-w 333,312 2004-08-03 23:56:48 C:\WINDOWS\system32\wiaservc(3).dll
----a-w 1,843,968 2007-03-08 13:49:49 C:\WINDOWS\system32\win32k.sys
----a-w 292,864 2007-03-17 13:43:01 C:\WINDOWS\system32\winsrv(2)(2).dll
----a-w 132,096 2006-08-17 12:37:49 C:\WINDOWS\system32\wkssvc.dll
----a-w 5,537,792 2007-04-30 20:20:24 C:\WINDOWS\system32\wmp.dll
 
nishikamae

----a-w 16,384 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
--sha-w 32,768 2007-10-13 04:18:19 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
-c--a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\advpack.dll
-c----w 42,496 2006-10-12 13:54:18 C:\WINDOWS\system32\dllcache\agentdp2.dll
-c----w 57,344 2006-10-12 13:54:18 C:\WINDOWS\system32\dllcache\agentdpv.dll
-c----w 256,512 2006-10-12 11:54:07 C:\WINDOWS\system32\dllcache\agentsvr.exe
-c----w 498,742 2006-08-22 16:05:26 C:\WINDOWS\system32\dllcache\dxmasf.dll
-c--a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c----w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\system32\dllcache\explorer.exe
-c--a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\extmgr.dll
-c----w 282,112 2007-06-19 13:37:21 C:\WINDOWS\system32\dllcache\gdi32.dll
-c----w 63,488 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\icardie.dll
-c--a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\system32\dllcache\ieakui.dll
-c----w 383,488 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\ieapfltr.dll
-c--a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c----w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\system32\dllcache\ieframe.dll
-c--a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 267,776 2007-08-20 10:04:38 C:\WINDOWS\system32\dllcache\iertutil.dll
-c----w 13,824 2007-08-17 10:20:54 C:\WINDOWS\system32\dllcache\ieudinit.exe
-c----w 625,152 2007-08-17 10:21:21 C:\WINDOWS\system32\dllcache\iexplore.exe
-c----w 683,520 2007-08-21 06:25:02 C:\WINDOWS\system32\dllcache\inetcomm.dll
-c--a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 986,112 2007-04-16 16:07:27 C:\WINDOWS\system32\dllcache\kernel32.dll
-c----w 726,528 2006-08-17 12:37:49 C:\WINDOWS\system32\dllcache\lsasrv.dll
-c----w 40,960 2007-03-08 15:48:36 C:\WINDOWS\system32\dllcache\mf3216.dll
-c----w 927,504 2006-11-01 19:17:45 C:\WINDOWS\system32\dllcache\mfc40u.dll
-c----w 981,760 2006-12-14 13:45:53 C:\WINDOWS\system32\dllcache\mfc42u.dll
-c----w 536,576 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msado15.dll
-c----w 180,224 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msadomd.dll
-c----w 200,704 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msadox.dll
-c----w 459,264 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeeds.dll
-c----w 52,224 2007-08-20 10:04:39 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
-c----w 539,136 2006-11-27 14:54:06 C:\WINDOWS\system32\dllcache\msftedit.dll
-c--a-w 3,584,512 2007-08-21 03:34:42 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c----w 102,400 2006-12-26 13:07:23 C:\WINDOWS\system32\dllcache\msjro.dll
-c--a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 1,104,896 2007-06-26 06:08:16 C:\WINDOWS\system32\dllcache\msxml3.dll
-c----w 337,408 2006-08-17 12:37:49 C:\WINDOWS\system32\dllcache\netapi32.dll
-c----w 574,976 2007-02-09 11:23:36 C:\WINDOWS\system32\dllcache\ntfs.sys
-c----w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
-c----w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
-c----w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\system32\dllcache\ntkrpamp.exe
-c----w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
-c----w 64,000 2006-10-13 12:41:38 C:\WINDOWS\system32\dllcache\nwapi32.dll
-c----w 142,336 2006-10-13 12:41:38 C:\WINDOWS\system32\dllcache\nwprovau.dll
-c----w 163,456 2006-10-13 10:39:12 C:\WINDOWS\system32\dllcache\nwrdr.sys
-c----w 65,536 2006-10-13 12:41:38 C:\WINDOWS\system32\dllcache\nwwks.dll
-c----w 102,400 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\occache.dll
-c----w 549,376 2007-05-17 11:28:05 C:\WINDOWS\system32\dllcache\oleaut32.dll
-c----w 122,880 2006-10-16 16:15:00 C:\WINDOWS\system32\dllcache\oledlg.dll
-c----w 433,152 2006-11-27 14:54:06 C:\WINDOWS\system32\dllcache\riched20.dll
-c----w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\dllcache\rpcrt4.dll
-c----w 144,896 2007-04-25 14:21:15 C:\WINDOWS\system32\dllcache\schannel.dll
-c--a-w 8,453,632 2006-12-19 21:52:18 C:\WINDOWS\system32\dllcache\shell32.dll
-c----w 134,656 2006-12-19 21:52:18 C:\WINDOWS\system32\dllcache\shsvcs.dll
-c----w 246,814 2006-08-21 21:52:08 C:\WINDOWS\system32\dllcache\strmdll.dll
-c----w 713,216 2006-10-19 13:59:58 C:\WINDOWS\system32\dllcache\sxs.dll
-c----w 364,160 2007-04-23 10:14:23 C:\WINDOWS\system32\dllcache\update.sys
-c----w 185,344 2007-02-05 20:17:02 C:\WINDOWS\system32\dllcache\upnphost.dll
-c----w 105,984 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\urlmon.dll
-c----w 578,048 2007-03-08 15:48:36 C:\WINDOWS\system32\dllcache\user32.dll
-c--a-w 765,952 2007-07-12 23:31:54 C:\WINDOWS\system32\dllcache\vgx.dll
-c--a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\system32\dllcache\webcheck.dll
-c----w 333,824 2006-12-19 18:16:47 C:\WINDOWS\system32\dllcache\wiaservc.dll
-c----w 1,843,968 2007-03-08 13:49:49 C:\WINDOWS\system32\dllcache\win32k.sys
-c--a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\system32\dllcache\wininet.dll
-c----w 292,864 2007-03-17 13:43:01 C:\WINDOWS\system32\dllcache\winsrv.dll
-c----w 132,096 2006-08-17 12:37:49 C:\WINDOWS\system32\dllcache\wkssvc.dll
-c----w 2,330,624 2006-12-07 04:14:51 C:\WINDOWS\system32\dllcache\wmvcore.dll
----a-w 70,001 2007-10-17 09:47:37 C:\WINDOWS\system32\drivers\gmer.sys
----a-w 189,712 2007-09-13 04:19:48 C:\WINDOWS\system32\drivers\klif.sys
----a-w 72,712 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfeavfk.sys
----a-w 34,184 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfebopk.sys
----a-w 171,240 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfehidk.sys
----a-w 52,200 2007-08-14 08:50:00 C:\WINDOWS\system32\drivers\mfetdik.sys
----a-w 574,976 2007-02-09 11:23:36 C:\WINDOWS\system32\drivers\ntfs.sys
----a-w 163,456 2006-10-13 10:39:12 C:\WINDOWS\system32\drivers\nwrdr.sys
----a-w 364,160 2007-04-23 10:14:23 C:\WINDOWS\system32\drivers\update.sys
----a-w 65,099 2007-10-14 04:42:25 C:\WINDOWS\system32\drivers\etc\tmvsthfss.bin
----a-w 65,099 2007-10-14 04:42:45 C:\WINDOWS\system32\drivers\etc\tmvsthfud.bin
----a-w 213,048 2005-05-25 00:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
----a-w 94,208 2007-08-30 03:47:20 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 950,272 2007-08-30 03:49:54 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
----a-w 2,115,816 2007-06-11 20:34:34 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 190,696 2007-06-11 20:34:40 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
----a-w 45,218 2007-10-13 07:42:13 C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
----a-w 153,780 2007-10-19 04:02:42 C:\WINDOWS\system32\Restore\rstrlog.dat
----a-w 33,624 2007-07-31 07:18:40 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
----a-w 43,352 2007-07-31 07:19:12 C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.0.6000.381\wups2.dll
----a-w 82,432 2007-04-18 22:36:40 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
----a-w 1,275,392 2007-05-09 03:06:44 C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
----a-w 74,802 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
----a-w 995,383 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
----a-w 1,011,774 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
----a-w 401,462 2007-01-19 20:15:24 C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
.
----a-w 7,970,816 2007-07-08 03:32:09 C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
----a-w 147,456 2007-07-08 03:32:09 C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
----a-r 102,400 2007-09-09 06:38:13 C:\WINDOWS\Installer\{B8A204BC-7177-470E-BBDD-47256D05B325}\iTunesIco.exe
----a-w 41,984 2004-08-03 23:56:42 C:\WINDOWS\msagent\agentdp2.dll
----a-w 256,512 2004-08-03 23:56:48 C:\WINDOWS\msagent\agentsvr.exe
----a-w 498,205 2004-08-03 23:56:44 C:\WINDOWS\system32\dxmasf.dll
----a-w 131,584 2006-11-08 09:03:36 C:\WINDOWS\system32\extmgr.dll
----a-w 1,170,952 2007-09-17 08:42:55 C:\WINDOWS\system32\FNTCACHE.DAT
----a-w 54,784 2006-11-07 15:26:28 C:\WINDOWS\system32\ie4uinit.exe
----a-w 152,064 2006-11-07 15:26:56 C:\WINDOWS\system32\ieakeng.dll
----a-w 229,376 2006-11-07 15:27:02 C:\WINDOWS\system32\ieaksie.dll
----a-w 161,792 2006-11-07 15:25:14 C:\WINDOWS\system32\ieakui.dll
----a-w 382,976 2006-11-07 15:27:10 C:\WINDOWS\system32\iedkcs32.dll
----a-w 43,008 2006-11-07 15:26:28 C:\WINDOWS\system32\iernonce.dll
----a-w 13,312 2006-11-07 15:26:32 C:\WINDOWS\system32\ieudinit.exe
----a-w 27,136 2006-11-08 09:03:36 C:\WINDOWS\system32\jsproxy.dll
----a-w 985,088 2006-07-05 10:57:10 C:\WINDOWS\system32\kernel32.dll
----a-w 721,920 2005-10-14 17:17:44 C:\WINDOWS\system32\lsasrv.dll
----a-w 39,936 2004-08-03 23:56:44 C:\WINDOWS\system32\mf3216.dll
----a-w 924,432 2001-08-23 13:00:00 C:\WINDOWS\system32\mfc40u.dll
----a-w 9,639,336 2006-10-04 20:03:45 C:\WINDOWS\system32\MRT.exe
----a-w 192,000 2006-10-18 01:05:10 C:\WINDOWS\system32\msrating.dll
----a-w 670,720 2006-11-08 09:03:36 C:\WINDOWS\system32\mstime.dll
----a-w 1,245,184 2006-09-13 05:51:42 C:\WINDOWS\system32\msxml4.dll
----a-w 1,334,032 2006-09-02 00:08:02 C:\WINDOWS\system32\msxml6.dll
----a-w 2,027,008 2006-03-16 09:09:40 C:\WINDOWS\system32\ntkrnlpa.exe
----a-w 2,147,840 2006-03-16 09:34:02 C:\WINDOWS\system32\ntoskrnl.exe
----a-w 58,880 2001-08-23 13:00:00 C:\WINDOWS\system32\nwapi32.dll
----a-w 144,384 2004-08-03 23:56:46 C:\WINDOWS\system32\nwprovau.dll
----a-w 65,024 2005-10-12 17:21:04 C:\WINDOWS\system32\nwwks.dll
----a-w 101,376 2006-10-18 01:04:46 C:\WINDOWS\system32\occache.dll
----a-w 553,472 2004-08-03 23:56:46 C:\WINDOWS\system32\oleaut32.dll
----a-w 117,760 2001-08-23 13:00:00 C:\WINDOWS\system32\oledlg.dll
----a-w 278,528 2007-09-03 02:15:24 C:\WINDOWS\system32\pncrt.dll
----a-w 6,656 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5016.dll
----a-w 5,632 2007-09-03 02:15:25 C:\WINDOWS\system32\pndx5032.dll
----a-w 185,688 2007-09-03 02:15:31 C:\WINDOWS\system32\rmoc3260.dll
----a-w 144,896 2004-08-03 23:56:46 C:\WINDOWS\system32\schannel.dll
----a-w 246,302 2004-08-03 23:56:46 C:\WINDOWS\system32\strmdll.dll
----a-w 185,344 2004-08-03 23:56:48 C:\WINDOWS\system32\upnphost.dll
----a-w 1,839,360 2005-11-08 23:13:40 C:\WINDOWS\system32\win32k.sys
----a-w 132,096 2004-08-03 23:56:48 C:\WINDOWS\system32\wkssvc.dll
----a-w 5,533,696 2006-04-11 19:35:02 C:\WINDOWS\system32\wmp.dll
----a-w 16,384 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2002-01-08 06:52:05 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
 
nishikamae

-c--a-w 123,904 2006-11-07 15:26:24 C:\WINDOWS\system32\dllcache\advpack.dll
-c--a-w 214,528 2006-10-18 00:57:50 C:\WINDOWS\system32\dllcache\dxtrans.dll
-c--a-w 131,584 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\extmgr.dll
-c--a-w 54,784 2006-11-07 15:26:28 C:\WINDOWS\system32\dllcache\ie4uinit.exe
-c--a-w 152,064 2006-11-07 15:26:56 C:\WINDOWS\system32\dllcache\ieakeng.dll
-c--a-w 229,376 2006-11-07 15:27:02 C:\WINDOWS\system32\dllcache\ieaksie.dll
-c--a-w 161,792 2006-11-07 15:25:14 C:\WINDOWS\system32\dllcache\ieakui.dll
-c--a-w 382,976 2006-11-07 15:27:10 C:\WINDOWS\system32\dllcache\iedkcs32.dll
-c--a-w 43,008 2006-11-07 15:26:28 C:\WINDOWS\system32\dllcache\iernonce.dll
-c----w 622,080 2006-10-18 01:04:40 C:\WINDOWS\system32\dllcache\iexplore.exe
-c--a-w 27,136 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\jsproxy.dll
-c----w 985,088 2006-07-05 10:57:10 C:\WINDOWS\system32\dllcache\kernel32.dll
-c--a-w 3,577,856 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\mshtml.dll
-c--a-w 475,648 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\mshtmled.dll
-c--a-w 192,000 2006-10-18 01:05:10 C:\WINDOWS\system32\dllcache\msrating.dll
-c--a-w 670,720 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\mstime.dll
-c----w 1,084,416 2006-09-13 05:01:56 C:\WINDOWS\system32\dllcache\msxml3.dll
-c----w 336,896 2006-07-14 15:41:56 C:\WINDOWS\system32\dllcache\netapi32.dll
-c----w 101,376 2006-10-18 01:04:46 C:\WINDOWS\system32\dllcache\occache.dll
-c--a-w 8,453,632 2006-07-13 13:33:27 C:\WINDOWS\system32\dllcache\shell32.dll
-c----w 105,984 2006-10-18 01:05:22 C:\WINDOWS\system32\dllcache\url.dll
-c--a-w 1,162,240 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\urlmon.dll
-c--a-w 765,952 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\VGX.dll
-c--a-w 231,424 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\webcheck.dll
-c--a-w 818,688 2006-11-08 09:03:36 C:\WINDOWS\system32\dllcache\wininet.dll
----a-w 574,976 2005-11-28 20:19:58 C:\WINDOWS\system32\drivers\ntfs.sys
----a-w 163,584 2004-08-03 22:02:24 C:\WINDOWS\system32\drivers\nwrdr.sys
----a-w 209,280 2005-10-15 11:48:26 C:\WINDOWS\system32\drivers\update.sys
----a-w 2,078,344 2006-06-23 01:44:58 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
----a-w 81,736 2007-10-12 06:53:50 C:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 09:32 AM]
"Cmaudio"="cmicnfg.cpl" []
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [02/25/2006 11:41 AM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 12:00 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [08/06/2004 05:01 PM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/19/2006 11:27 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/01/2006 05:22 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/06/2006 06:37 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"EzTruehitNews"="C:\Program Files\SmartAdviser\EZAD\svchost.exe" [08/04/2006 04:41 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/07/2007 04:55 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [08/13/2007 08:50 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/12/2007 06:40 PM]
"C:\WINDOWS\Config\load.exe"="C:\WINDOWS\Config\load.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 AM]
"UIWatcher"="C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [08/18/2006 06:48 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [09/04/2007 10:37 PM]
"viwc"="C:\WINDOWS\system32\viwc.exe" [06/26/2007 05:13 AM]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [06/25/2007 11:28 PM]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [06/21/2007 11:41 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
"msnsc"=C:\WINDOWS\system32\msnsc.exe
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2544-02-13 15:01:04]

R0 tcvso;tcvs;C:\WINDOWS\system32\DRIVERS\tcvso.sys
R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 SVKP;SVKP;\??\C:\WINDOWS\system32\SVKP.sys
R2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTL.SYS
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
R3 SunkFilt62;Alcor Micro Corp - 6362;\??\C:\WINDOWS\System32\Drivers\sunkfilt62.sys
S3 LRMINIPORT;LanRoad PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\lrpppoe.sys
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\qcusbser.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f6bc398-7a1d-11dc-97bd-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8c79e3d-6043-11dc-80e8-0011955e5ccb}]
AutoRun\command - L:\
explore\Command - L:\RECYCLER\INFO.exe
open\Command - L:\RECYCLER\INFO.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-18 09:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-19 04:07:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
"2007-10-19 08:44:42 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AD0036B7-583C-403A-8D07-416CC9A5A565}.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 00:58:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\winamp.ini
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\Wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log
C:\WINDOWS\WMFDist11Uninst.log
C:\WINDOWS\wmp
C:\WINDOWS\wmp11.log
C:\WINDOWS\wmp11Uninst.log
C:\WINDOWS\wmsetup.log
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\Wudf01000Inst.log
C:\WINDOWS\xptools.ini
C:\WINDOWS\yhl.dll
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif
C:\WINDOWS\_MSRSTRT.EXE

scan completed successfully
hidden files: 23

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\\WINDOWS\\Config\\load.exe"="C:\\WINDOWS\\Config\\load.exe"
.
Completion time: 10/19/2007 0:59:17
C:\ComboFix2.txt ... 10/16/2007 02:23 PM
C:\ComboFix3.txt ... 10/16/2007 12:43 AM
.
--- E O F ---
 
nishikamae

Logfile of HijackThis v1.99.1
Scan saved at 1:21:15, on 19/10/2550
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\SmartAdviser\EZAD\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\nishikamae.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [EzTruehitNews] "C:\Program Files\SmartAdviser\EZAD\svchost.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [C:\WINDOWS\Config\load.exe] C:\WINDOWS\Config\load.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &ดาวน์โหลดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {23D236EA-B936-4B2B-900C-D0E8DBBF9570} (BugsGameStarts Class) - http://audition.playpark.com/nProtect/CStart/ThaiGameStart.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by117w.bay117.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4484DB0A-B788-4018-A8DF-6021AF33C507}: NameServer = 203.144.207.29 203.144.207.49
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
 
You must log in or register to reply here.
Back
Top