Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "rootkit" and other malwares


  • This topic is locked This topic is locked
40 replies to this topic

#1 yoori

yoori

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:03:01 PM

Posted 23 October 2008 - 10:14 PM

Could the team please investigate to see if I have some hidden infections in my computer. Rootkit, seems to have been one of the nasty infection ( or so one of the bc team members pointed out to me) out of the many file infections that was found using Malwarebytes. You can see the thread I posted http://www.bleepingcomputer.com/forums/t/175916/infected-with-spyware-winsecurityupdate/. I posted the MBAM and SAS logs and what those programs found. I also wanted to add, where I got the infection from, it's from a subtitle forums called "d-addicts". Thanks for the help.

Here's my HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:26 PM, on 10/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\internet_webplayer\internet_webplayer.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1141644703\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Orbitdownloader\orbitnet.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Search Toolbar - {D9CECB1C-55D7-4DF4-BC51-08D15C95DE5E} - C:\Program Files\Search Toolbar\search.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [pgo.exe] C:\Program Files\pointgo\pgo.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141644703\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [internet_webplayer] C:\Program Files\internet_webplayer\internet_webplayer.exe /WS
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\HP_Administrator\Favorites\FlashGet\jc_all.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\HP_Administrator\Favorites\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www2.stlu.com/plugins/Plugin5.0.021...eetnoagent7.cab
O16 - DPF: {21FDDE58-51A6-402A-8040-39DA033DC196} (Pull0PlayerX Control) - http://image.pullbbang.com/newTop/Pull0Control.ocx
O16 - DPF: {2FDAF918-389E-4402-9DA1-F5348615BC30} (axMROpen Control) - http://www.dosirak.com/Commons/Activex/MROpen.cab
O16 - DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} (S2PlayerPan Class) - http://listen.daum.net/52st/52street/S2MusicPlayer.dll
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F7} (YBox Control) - http://kr.music.yahoo.com/Components/YMusicPack.cab
O16 - DPF: {3942BD43-B5CE-465F-9AC3-16BA93994273} (DosirakControl Control) - http://www.dosirak.com/Commons/Activex/DosirakControl.ocx
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {40A217E1-BDDA-44DE-9BBC-D678C7B48603} (EspressoAgent Control) - http://www.bluemountainsoft.com/agent/EspressoAgent.ocx
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandora.tv/pan_img/liveupdate/SVPorsche.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143507627125
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O16 - DPF: {868AB0F0-C411-4DB5-8279-E38AE3CDA3FD} (OiMPlayerCtrl Class) - http://listen.daum.net/52st/OiMPlayer/52MPlayer.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MnetHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab
O16 - DPF: {913BF18F-672D-4676-9855-F9A192A88886} (IMBCContents Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {939612C6-DB72-4788-8BD1-6ED77E3EC4A9} (SayRadioCtrl Class) - http://dl.sayclub.com/sayclub/sayctl/sayradio.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.diodeo.com/DioDeoPlayer.cab
O16 - DPF: {A0E7D0C1-9854-497E-8645-38C19AA00724} (IssacWebSE Class) - http://www.teenkorean.net/Penta/KoreanSecurity.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3player/...ge/pdrtvset.cab
O16 - DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} (PDRInst1 Class) - http://imgcdn.pandora.tv/pan_img/p3player/...age/pdrinst.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,3
O16 - DPF: {BBFD2D10-EC6E-4259-91D1-1E38C826E5E2} (Launcher Class) - http://app.gomtv.com/gomtv/gomtvx.cab
O16 - DPF: {BCA935CA-7E41-4F73-BA9C-FAB4393DBAC0} (MADanalCtrl Control) - http://www.csafer.net/ActiveX/MAStreamCtrl.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
O16 - DPF: {BD6F8792-B90E-4431-B0AB-08CF414E9D35} (DamoimBGMPlayerX Control) - http://bgm.iple.com/Cab/SMMusicPlayerX.cab
O16 - DPF: {C394A9A2-C51D-4C26-BB2C-6DEB30A890F4} (ActiveDiodeoPlayer Control) - http://www.diodeo.com/ActiveDiodeoPlayer.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://player.muz.co.kr/package/installer2...02/p3Instal.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {CFCBEE6F-BE54-4682-84F6-0E3FCDFAE3E2} (NowCAFE Control) - http://www.clubbox.co.kr/neo.fld/NowCAFE.cab
O16 - DPF: {D1160D6F-214B-4B4E-A361-977817ACC516} (websafe_player Control) - http://www.websafe.co.kr/websafe_player.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/images/Pull0Control.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/launcher/...ora_SetUpAX.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - http://img.kbs.co.kr/cms/drama/honggildong.../6_1152_864.jpg
O24 - Desktop Component 1: (no name) - http://www.gtv.com.tw/Program/S05142005100.../1024768-03.jpg
O24 - Desktop Component 2: (no name) - http://img.imbc.com/imbc/afieldfile/2006/0...all_01_1280.jpg
O24 - Desktop Component 3: (no name) - http://img.kbs.co.kr/cms/drama/honggildong.../6_1024_768.jpg
O24 - Desktop Component 4: (no name) - http://img.imbc.com/imbc/afieldfile/2006/0...all_01_1024.jpg

--
End of file - 17071 bytes



BC AdBot (Login to Remove)

 


#2 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:01 PM

Posted 25 October 2008 - 10:14 PM

Hello yoori,

My name is Mas_pogi(mark,mp) and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you still need help, please follow the instruction below;
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
With Regards,
mas_pogi

#3 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:03:01 PM

Posted 26 October 2008 - 10:01 PM

Hi mas_pogi

Thank you for taking the time to help me ^___^
I have my desktop back and the viruses/malware I had, isn't reinstalling itself, after using MBAM, but I however think my computer still has malware in it. Since I had Rootkit earlier, does it still stay around even if MBAM says it successfully deleted it? The computer tower orange light seems to comes light up like there's a program is running (which there isn't). So it makes me think there is still something in my computer. I've been puting my computer on safemode and using my mom's laptop to get help here. Can I still download the program you gave? to see if there is any stuck malware in there.

-yoori-

Edited by yoori, 26 October 2008 - 10:02 PM.


#4 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:01 PM

Posted 27 October 2008 - 06:27 AM

hi Yoori :thumbsup:

Yes please. Please download it so that I can thoroughly examine your computer.

Thanks.

Mark

#5 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:03:01 PM

Posted 27 October 2008 - 06:37 PM

Okay, here's my log


Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Administrator at 2008-10-27 13:27:31
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (1%) free of 230 GB
Total RAM: 958 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:36 PM, on 10/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\internet_webplayer\internet_webplayer.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\1141644703\ee\aolsoftware.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daum.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Search Toolbar - {D9CECB1C-55D7-4DF4-BC51-08D15C95DE5E} - C:\Program Files\Search Toolbar\search.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [pgo.exe] C:\Program Files\pointgo\pgo.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141644703\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [internet_webplayer] C:\Program Files\internet_webplayer\internet_webplayer.exe /WS
O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download All by FlashGet - C:\Documents and Settings\HP_Administrator\Favorites\FlashGet\jc_all.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download using FlashGet - C:\Documents and Settings\HP_Administrator\Favorites\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} (BMSpeedCheck Control) - http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www2.stlu.com/plugins/Plugin5.0.021...eetnoagent7.cab
O16 - DPF: {21FDDE58-51A6-402A-8040-39DA033DC196} (Pull0PlayerX Control) - http://image.pullbbang.com/newTop/Pull0Control.ocx
O16 - DPF: {2FDAF918-389E-4402-9DA1-F5348615BC30} (axMROpen Control) - http://www.dosirak.com/Commons/Activex/MROpen.cab
O16 - DPF: {3270EED1-B285-4828-A0A7-F55913A9B724} (S2PlayerPan Class) - http://listen.daum.net/52st/52street/S2MusicPlayer.dll
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F7} (YBox Control) - http://kr.music.yahoo.com/Components/YMusicPack.cab
O16 - DPF: {3942BD43-B5CE-465F-9AC3-16BA93994273} (DosirakControl Control) - http://www.dosirak.com/Commons/Activex/DosirakControl.ocx
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {40A217E1-BDDA-44DE-9BBC-D678C7B48603} (EspressoAgent Control) - http://www.bluemountainsoft.com/agent/EspressoAgent.ocx
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://imgcdn.pandora.tv/pan_img/liveupdate/SVPorsche.cab
O16 - DPF: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} (DaumBGMCtrl Class) - http://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143507627125
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O16 - DPF: {868AB0F0-C411-4DB5-8279-E38AE3CDA3FD} (OiMPlayerCtrl Class) - http://listen.daum.net/52st/OiMPlayer/52MPlayer.cab
O16 - DPF: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} (MnetHelper Control) - http://www.mnet.com/Ver2/App/totalApp/maxh...r/maxhelper.cab
O16 - DPF: {913BF18F-672D-4676-9855-F9A192A88886} (IMBCContents Control) - http://touch.imbc.com/ocx/Online.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
O16 - DPF: {939612C6-DB72-4788-8BD1-6ED77E3EC4A9} (SayRadioCtrl Class) - http://dl.sayclub.com/sayclub/sayctl/sayradio.cab
O16 - DPF: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} (MagicLockOCX Control) - http://www.diodeo.com/DioDeoPlayer.cab
O16 - DPF: {A0E7D0C1-9854-497E-8645-38C19AA00724} (IssacWebSE Class) - http://www.teenkorean.net/Penta/KoreanSecurity.cab
O16 - DPF: {AF60D574-F249-4243-8040-5521AAA5BB5E} (PandoraTVSet Class) - http://imgcdn.pandora.tv/pan_img/p3player/...ge/pdrtvset.cab
O16 - DPF: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} (PDRInst1 Class) - http://imgcdn.pandora.tv/pan_img/p3player/...age/pdrinst.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,3
O16 - DPF: {BBFD2D10-EC6E-4259-91D1-1E38C826E5E2} (Launcher Class) - http://app.gomtv.com/gomtv/gomtvx.cab
O16 - DPF: {BCA935CA-7E41-4F73-BA9C-FAB4393DBAC0} (MADanalCtrl Control) - http://www.csafer.net/ActiveX/MAStreamCtrl.cab
O16 - DPF: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} (BugsInstallEx Control) - http://install.bugs.co.kr/install/BugsInstallerEx.cab
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
O16 - DPF: {BD6F8792-B90E-4431-B0AB-08CF414E9D35} (DamoimBGMPlayerX Control) - http://bgm.iple.com/Cab/SMMusicPlayerX.cab
O16 - DPF: {C394A9A2-C51D-4C26-BB2C-6DEB30A890F4} (ActiveDiodeoPlayer Control) - http://www.diodeo.com/ActiveDiodeoPlayer.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://player.muz.co.kr/package/installer2...02/p3Instal.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://touch.imbc.com/ocx/SetGlb.cab
O16 - DPF: {CFCBEE6F-BE54-4682-84F6-0E3FCDFAE3E2} (NowCAFE Control) - http://www.clubbox.co.kr/neo.fld/NowCAFE.cab
O16 - DPF: {D1160D6F-214B-4B4E-A361-977817ACC516} (websafe_player Control) - http://www.websafe.co.kr/websafe_player.cab
O16 - DPF: {D26A941D-7E89-4098-B583-43291FC14218} (Pull0PlayerX Control) - http://image.pullbbang.com/images/Pull0Control.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} (Pandora_SetUp Control) - http://imgcdn.pandora.tv/pan_img/launcher/...ora_SetUpAX.cab
O16 - DPF: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} (MultiUpload Control) - http://www.clubbox.co.kr/neo.fld/MultiUpload.cab
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - http://img.kbs.co.kr/cms/drama/honggildong.../6_1152_864.jpg
O24 - Desktop Component 1: (no name) - http://www.gtv.com.tw/Program/S05142005100.../1024768-03.jpg
O24 - Desktop Component 2: (no name) - http://img.imbc.com/imbc/afieldfile/2006/0...all_01_1280.jpg
O24 - Desktop Component 3: (no name) - http://img.kbs.co.kr/cms/drama/honggildong.../6_1024_768.jpg
O24 - Desktop Component 4: (no name) - http://img.imbc.com/imbc/afieldfile/2006/0...all_01_1024.jpg

--
End of file - 17072 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll []
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [2006-10-30 1803720]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar5.dll [2007-01-19 2403392]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{D9CECB1C-55D7-4DF4-BC51-08D15C95DE5E} - Search Toolbar - C:\Program Files\Search Toolbar\search.dll [2007-02-20 868424]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2008-09-17 433272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-12 49152]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2005-11-29 40960]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-10-25 282624]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-10-30 256576]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [2007-12-20 579072]
"pgo.exe"=C:\Program Files\pointgo\pgo.exe [2008-04-17 229888]
"HostManager"=C:\Program Files\Common Files\AOL\1141644703\ee\AOLSoftware.exe [2005-11-02 50792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2005-11-29 57344]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"internet_webplayer"=C:\Program Files\internet_webplayer\internet_webplayer.exe [2007-02-13 262656]
"kdx"=C:\WINDOWS\kdx\KHost.exe [2006-12-12 2242120]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Aim6"=C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe [2005-11-02 50792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
C:\Program Files\DISC\DISCover.exe [2007-10-30 1095256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCUP]
C:\WINDOWS\system32\NCUP12122051.exe [2007-12-12 243712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPUP]
C:\WINDOWS\system32\SPUPDAT02111445.exe [2008-02-11 243712]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-13 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmqlt.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSmqlt.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\WINDOWS\system32\fscagent.exe"="C:\WINDOWS\system32\fscagent.exe:*:Enabled:???? ???? ??"
"C:\WINDOWS\system32\clubbox.exe"="C:\WINDOWS\system32\clubbox.exe:*:Enabled:嬷 "
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1141644703\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1141644703\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1141644703\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1141644703\ee\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\pdrtvsvr.exe"="C:\WINDOWS\system32\pdrtvsvr.exe:*:Enabled:PandoraTV VoD Control"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Grisoft\AVG Free\avginet.exe"="C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG Free\avgcc.exe"="C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe:*:Enabled:avgemc.exe"
"C:\WINDOWS\kdx\KHost.exe"="C:\WINDOWS\kdx\KHost.exe:*:Enabled:Delivery Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\P3MxSvr.exe"="C:\WINDOWS\system32\P3MxSvr.exe:*:Enabled:Maxmp3 AoD Control"
"C:\WINDOWS\system32\p3mxvsvr.exe"="C:\WINDOWS\system32\p3mxvsvr.exe:*:Enabled:MAXMP3 VOD Control"
"C:\WINDOWS\system32\muzmvsvr.exe"="C:\WINDOWS\system32\muzmvsvr.exe:*:Enabled:MUZ VOD Control"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\WINDOWS\system32\BugsSvr.exe"="C:\WINDOWS\system32\BugsSvr.exe:*:Enabled:Bugs Music Player Control"
"C:\WINDOWS\system32\p3bvsvr.exe"="C:\WINDOWS\system32\p3bvsvr.exe:*:Enabled:Bugs Music VoD Control"
"C:\WINDOWS\system32\skcbgm.exe"="C:\WINDOWS\system32\skcbgm.exe:*:Enabled:SK Communications Cyworld BGM Player"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\pandora.tv\minilite\MiniStream.exe"="C:\Program Files\pandora.tv\minilite\MiniStream.exe:*:Enabled:MiniStream.exe"
"C:\WINDOWS\system32\mnetasvr.exe"="C:\WINDOWS\system32\mnetasvr.exe:*:Enabled:MNet AoD Server"
"C:\WINDOWS\system32\mnetvsvr.exe"="C:\WINDOWS\system32\mnetvsvr.exe:*:Enabled:MNet VoD Server"
"C:\Program Files\pandora.tv\minilite\MiniLite.exe"="C:\Program Files\pandora.tv\minilite\MiniLite.exe:*:Enabled:MiniLite.exe"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent"
"C:\WINDOWS\system32\SayRadio.exe"="C:\WINDOWS\system32\SayRadio.exe:*:Enabled:SayRadio"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\grdmgr.exe"="C:\WINDOWS\system32\grdmgr.exe:*:Enabled:CDN ???? ??"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-10-27 13:27:31 ----D---- C:\rsit
2008-10-26 15:18:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-25 13:40:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-25 13:40:23 ----D---- C:\Program Files\SpywareBlaster
2008-10-23 16:35:54 ----D---- C:\Program Files\Trend Micro
2008-10-22 22:52:06 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-22 22:51:59 ----SHD---- C:\Config.Msi
2008-10-20 16:50:27 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\GetModule
2008-10-19 22:06:09 ----A---- C:\WINDOWS\system32\unrar.dll
2008-10-19 22:06:09 ----A---- C:\WINDOWS\avisplitter.ini
2008-10-19 22:05:53 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-10-19 22:05:53 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-10-19 22:05:53 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-10-19 22:05:53 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-10-19 22:05:53 ----A---- C:\WINDOWS\system32\divx.dll
2008-10-19 22:05:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-19 22:05:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-10-19 22:05:51 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-16 05:19:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 05:19:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 05:19:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 05:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 05:17:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 04:17:22 ----RA---- C:\WINDOWS\system32\clubbox.exe

======List of files/folders modified in the last 1 months======

2008-10-27 13:27:22 ----D---- C:\WINDOWS\Prefetch
2008-10-27 13:25:27 ----D---- C:\WINDOWS\temp
2008-10-27 13:23:22 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Orbit
2008-10-27 13:23:06 ----D---- C:\WINDOWS
2008-10-27 13:22:59 ----D---- C:\WINDOWS\Registration
2008-10-27 13:21:24 ----ASH---- C:\boot.ini
2008-10-27 13:21:24 ----A---- C:\WINDOWS\win.ini
2008-10-27 13:21:24 ----A---- C:\WINDOWS\system.ini
2008-10-27 13:00:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-27 12:58:44 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2008-10-26 15:20:49 ----HD---- C:\WINDOWS\inf
2008-10-26 15:20:49 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-26 15:20:07 ----D---- C:\WINDOWS\system32
2008-10-26 15:18:49 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-26 15:18:17 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-25 13:40:23 ----D---- C:\Program Files
2008-10-25 13:39:12 ----D---- C:\Downloads
2008-10-22 22:53:23 ----SHD---- C:\WINDOWS\Installer
2008-10-22 22:53:18 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-22 22:52:06 ----D---- C:\Program Files\Common Files
2008-10-22 22:15:49 ----D---- C:\Program Files\Common
2008-10-22 21:33:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-22 21:31:27 ----D---- C:\WINDOWS\system32\drivers
2008-10-20 19:09:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-20 18:06:45 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-20 14:24:53 ----D---- C:\WINDOWS\system32\crc
2008-10-20 14:24:53 ----A---- C:\WINDOWS\system32\fscflist.ini
2008-10-20 13:56:50 ----A---- C:\WINDOWS\system32\fscflist.ini.tmp
2008-10-20 13:06:19 ----A---- C:\WINDOWS\system32\fscagent.ini
2008-10-20 13:05:10 ----A---- C:\WINDOWS\system32\fscagent.ini.tmp
2008-10-19 22:02:48 ----D---- C:\Program Files\DivX
2008-10-19 21:24:32 ----D---- C:\unzipped
2008-10-16 05:19:18 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 05:18:55 ----D---- C:\Program Files\Internet Explorer
2008-10-15 06:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 17:32:28 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-13 17:32:28 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-13 16:28:21 ----D---- C:\Program Files\Orbitdownloader
2008-10-09 13:32:34 ----D---- C:\Program Files\pointgo
2008-10-07 09:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 07:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-28 20:02:07 ----D---- C:\Program Files\Avidemux 2.4
2008-09-28 19:47:41 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\gtk-2.0

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-23 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2006-12-25 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-02-24 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2007-12-20 10760]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2006-12-25 4960]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-10 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-13 1313792]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2005-06-28 19200]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-15 220928]
R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2005-06-28 46592]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-07-03 26624]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-30 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-08-16 100480]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-10 40320]
S3 NOWMEMDF;NOWMEMDF; \??\C:\WINDOWS\system32\NOWMEMDF.sys []
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-14 34448]
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-13 376832]
R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe [2007-10-23 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe [2006-12-25 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [2007-12-20 406528]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-10-23 69632]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-10-30 492608]
S2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S2 shpsv;Shop-Guide Updater Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-14 92792]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------



#6 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:01 PM

Posted 29 October 2008 - 05:26 AM

hi Yoori :thumbsup:

Sorry for the delay. Forum was so busy.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. If you will proceed, please continue with instructions,

Please bear with me as we clean your machine.
  • Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case BitComet and Orbitdownloader). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

    Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Thanks.

Mark

#7 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:03:01 PM

Posted 29 October 2008 - 09:44 AM

It's okay Mark, no need to apologize ^___^

I'm so sad. This sucks mad hell.
Even if the computer's on safemode, the computer isn't safe the internet on? I'm using my mom's laptop right now, that's the only way I can come online. Log will be given later on today/tonight. Thank you so much again Mark, Love you, for helping a clueless and stressed person like me.

-Yoori-

#8 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:01 PM

Posted 29 October 2008 - 09:50 AM

hi Yoori.

No problem. Take your time. :thumbsup:

Just keep your computer disconnected for now.


Mark

#9 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:03:01 PM

Posted 30 October 2008 - 06:42 AM

I haven't scanned yet. I was wondering if I had to drag in any CFScript into the combofix?, like how I had to do the last time Thunder helped me a few months ago.

#10 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:01 PM

Posted 30 October 2008 - 08:40 AM

hi Yoori.

Please do the instructions as instructed.

I'll be waiting for your post.

Mark

Edited by mas_pogi, 30 October 2008 - 08:40 AM.


#11 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:03:01 PM

Posted 30 October 2008 - 09:39 PM

Okay Mark, here's my log

ComboFix 08-10-29.06 - HP_Administrator 2008-10-30 15:58:57.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.513 [GMT -10:00]
Running from: C:\Documents and Settings\HP_Administrator\My Documents\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\fbk.sts
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MNETV.cfg
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MNETV0.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MNETV1.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MNETV2.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MNETV3.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MNETV4.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MNETV5.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MNETV6.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MNETV7.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MNETV8.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MNETV9.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MUZMV.cfg
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MUZMV0.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MUZMV1.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MUZMV2.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MUZMV3.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MUZMV4.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MUZMV5.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MUZMV6.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MUZMV7.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MUZMV8.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\MUZMV9.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM.cfg
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM0.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM1.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM2.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM3.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM4.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM5.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM6.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM7.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM8.che
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\SKBGM9.che
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\av.dat
C:\WINDOWS\wiaservv.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_TDSSSERV
-------\Service_NPF
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.

2008-10-27 13:27 . 2008-10-27 13:27 <DIR> d-------- C:\rsit
2008-10-25 13:40 . 2008-10-25 13:40 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-10-25 13:40 . 2008-10-26 15:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-23 16:35 . 2008-10-23 16:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-22 22:52 . 2008-10-22 22:52 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-22 21:31 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-22 21:31 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-20 16:50 . 2008-10-20 16:50 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\GetModule
2008-10-20 16:50 . 2008-10-20 16:50 164 --a------ C:\WINDOWS\system32\TDSSmtvd.dat
2008-10-19 22:06 . 2008-07-03 20:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-10-19 22:06 . 2007-09-04 06:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-10-19 22:06 . 2007-10-03 05:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-10-19 22:06 . 2008-07-30 09:09 38 --a------ C:\WINDOWS\avisplitter.ini
2008-10-19 22:05 . 2008-10-19 22:05 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-10-19 22:05 . 2008-07-23 06:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-10-19 22:05 . 2008-01-10 02:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-10-19 22:05 . 2008-07-24 22:34 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-10-19 22:05 . 2008-01-10 02:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-10-19 22:05 . 2008-07-24 22:34 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-10-19 22:05 . 2008-06-12 08:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-10-19 22:05 . 2007-07-10 06:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-15 04:17 . 2008-10-15 04:17 1,568,768 -ra------ C:\WINDOWS\system32\clubbox.exe
2008-10-07 03:44 . 2008-10-07 03:44 14,080 -ra------ C:\WINDOWS\system32\nowmemdf.sys
2008-09-22 03:27 . 2008-09-22 05:25 138,170 --a------ C:\DBSK - Mirotic [30MB].avi
2008-09-21 15:13 . 2008-07-10 14:02 19,734 --a------ C:\WINDOWS\hanafos.ico
2008-09-21 15:13 . 2008-07-10 14:02 18,718 --a------ C:\WINDOWS\Mnet ̽Ÿ.ico
2008-09-21 15:13 . 2008-07-10 14:02 17,574 --a------ C:\WINDOWS\Mnet ǰ.ico
2008-09-17 14:57 . 2008-10-22 22:15 <DIR> d-------- C:\Program Files\Common

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 02:09 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Orbit
2008-10-31 00:55 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AVG7
2008-10-23 08:53 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-10-23 07:33 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 04:06 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-21 04:02 --------- d-----w C:\Documents and Settings\Guest\Application Data\Orbit
2008-10-20 08:02 --------- d-----w C:\Program Files\DivX
2008-10-14 02:28 --------- d-----w C:\Program Files\Orbitdownloader
2008-10-09 23:32 --------- d-----w C:\Program Files\pointgo
2008-09-29 06:02 --------- d-----w C:\Program Files\Avidemux 2.4
2008-09-29 05:47 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\gtk-2.0
2008-09-18 00:51 --------- d-----w C:\Documents and Settings\Guest\Application Data\AVG7
2008-09-05 03:47 --------- d-----w C:\Program Files\DVD2SVCD
2008-09-02 05:40 --------- d-----w C:\Program Files\BitComet
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2007-07-29 00:54 964 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2007-07-11 23:16 694 ----a-w C:\Documents and Settings\Guest\Application Data\wklnhst.dat
2008-02-07 09:41 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-07-14 22:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-27 01:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 08:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2004-01-25 10:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll
2008-02-04 19:26 151,040 --sh--w C:\WINDOWS\system32\VistaUltm.dll
2005-02-28 23:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 10:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-06_15.34.08.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-02 13:30:08 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:49 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3GDR\msgsc.dll
+ 2008-05-02 13:42:10 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 18:39:39 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-12 10:22:26 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:31 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-05-01 15:04:00 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:33:02 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:38:05 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 16:01:38 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll
+ 2008-06-23 16:01:38 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:01:39 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll
+ 2008-06-23 16:01:39 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll
+ 2008-06-23 16:01:39 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll
+ 2008-06-23 08:23:18 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
+ 2008-06-23 16:01:39 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll
+ 2008-06-23 16:01:39 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll
+ 2008-06-21 05:23:53 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat
+ 2008-06-23 16:01:40 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll
+ 2008-06-23 16:01:40 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll
+ 2008-06-23 16:01:43 6,068,736 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll
+ 2008-06-23 16:01:43 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll
+ 2008-06-23 16:01:44 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll
+ 2008-06-23 08:23:18 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
+ 2008-06-23 08:23:52 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
+ 2008-06-23 16:01:46 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll
+ 2008-06-23 16:01:46 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll
+ 2008-06-23 16:01:46 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll
+ 2008-06-23 16:01:49 3,594,240 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
+ 2008-06-23 16:01:49 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll
+ 2008-06-23 16:01:49 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll
+ 2008-06-23 16:01:50 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll
+ 2008-06-23 16:01:50 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll
+ 2008-06-23 16:01:50 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll
+ 2008-06-23 16:01:50 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\url.dll
+ 2008-06-23 16:01:51 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll
+ 2008-06-23 16:01:51 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll
+ 2008-06-23 16:01:51 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2004-08-04 15:06:34 82,944 -c----w C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB946648$\spuninst\updspapi.dll
+ 2005-07-26 11:39:46 243,200 -c----w C:\WINDOWS\$NtUninstallKB950974$\es.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe
+ 2007-11-30 12:39:19 382,840 -c----w C:\WINDOWS\$NtUninstallKB950974$\spuninst\updspapi.dll
+ 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951066$\spuninst\updspapi.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\updspapi.dll
+ 2007-11-13 11:31:11 60,416 -c----w C:\WINDOWS\$NtUninstallKB951072-v2$\tzchange.exe
+ 2004-08-10 12:00:00 331,776 -c----w C:\WINDOWS\$NtUninstallKB952287$\msadce.dll
+ 2007-11-30 11:18:51 231,288 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB952287$\spuninst\updspapi.dll
+ 2005-06-29 08:46:00 74,240 -c----w C:\WINDOWS\$NtUninstallKB952954$\mscms.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB952954$\spuninst\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe
+ 2007-11-30 11:18:51 382,840 -c----w C:\WINDOWS\$NtUninstallKB953839$\spuninst\updspapi.dll
- 2007-02-28 09:08:48 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2005-10-21 06:02:28 163,328 ----a-w C:\WINDOWS\ERDNT\subs\ERDNT.EXE
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-24 08:16:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
+ 2008-06-23 16:57:27 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 20:57:40 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:57:39 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
+ 2007-04-19 23:09:30 167,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\IETAG.DLL
+ 2007-05-31 23:35:22 6,420,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
- 2008-07-09 01:45:22 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-10-16 15:18:20 12,288 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-07-09 01:45:21 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-10-16 15:18:20 135,168 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-07-09 01:45:22 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-10-16 15:18:20 11,264 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-07-09 01:45:22 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-10-16 15:18:20 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-07-09 01:45:22 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-10-16 15:18:20 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-07-09 01:45:22 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-10-16 15:18:21 794,624 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-07-09 01:45:21 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-10-16 15:18:20 249,856 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-07-09 01:45:22 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-10-16 15:18:21 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-07-09 01:45:21 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-10-16 15:18:20 286,720 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-07-09 01:45:21 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-10-16 15:18:20 409,600 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-03-19 00:12:32 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-10-23 08:53:22 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
- 2008-03-19 00:12:32 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-10-23 08:53:22 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2004-08-10 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt0401.dll
+ 2004-08-10 12:00:00 19,456 ----a-w C:\WINDOWS\msagent\intl\agt040d.dll
+ 2008-07-03 20:21:10 36,864 ----a-w C:\WINDOWS\system32\8852cd8aca0d0b86c1b0f9109edb6cab.sys
- 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2004-08-10 12:00:00 10,752 ----a-w C:\WINDOWS\system32\c_iscii.dll
- 2007-07-31 05:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2008-07-19 08:10:48 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
- 2006-03-02 07:26:08 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-10-22 23:25:35 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2006-03-02 07:26:08 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-10-22 23:25:35 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-02-22 08:11:10 719,872 ----a-w C:\WINDOWS\system32\devil.dll
+ 2004-02-22 08:11:09 719,872 ----a-w C:\WINDOWS\system32\devil.dll
- 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2007-07-31 05:19:20 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-19 08:10:48 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2005-07-26 11:39:46 243,200 ----a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-04-23 04:16:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-04-23 04:16:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-04-22 07:39:58 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-04-22 07:40:18 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbda1.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbda1.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbda2.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbda2.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbda3.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbda3.dll
- 2004-08-10 19:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\kbdarme.dll
+ 2004-08-10 12:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\kbdarme.dll
- 2004-08-10 19:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\kbdarmw.dll
+ 2004-08-10 12:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\kbdarmw.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbddiv1.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbddiv1.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbddiv2.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbddiv2.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdfa.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdfa.dll
- 2004-08-10 19:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\kbdgeo.dll
+ 2004-08-10 12:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\kbdgeo.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdheb.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdheb.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdindev.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdindev.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinguj.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinguj.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinhin.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinhin.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinkan.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinkan.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinmar.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdinmar.dll
- 2004-08-10 19:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdinpun.dll
+ 2004-08-10 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdinpun.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdintam.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdintam.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdintel.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdintel.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdsyr1.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdsyr1.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdsyr2.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdsyr2.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdth0.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdth0.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdth1.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdth1.dll
- 2004-08-10 19:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdth2.dll
+ 2004-08-10 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdth2.dll
- 2004-08-10 19:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdth3.dll
+ 2004-08-10 12:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\kbdth3.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdurdu.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdurdu.dll
- 2004-08-10 19:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdvntc.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\kbdvntc.dll
- 2004-08-10 12:00:00 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 ----a-w C:\WINDOWS\system32\dllcache\msadce.dll
- 2005-06-29 08:46:00 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2008-04-23 04:16:28 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-04-24 08:16:30 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2007-02-28 09:08:48 2,136,064 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-07-31 05:19:36 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-19 08:09:44 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-31 05:19:16 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-19 08:10:42 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-31 05:19:42 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-19 08:09:42 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-31 05:19:32 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-19 08:09:46 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-31 05:18:40 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-19 08:10:20 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-31 05:19:28 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-19 08:09:44 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2008-04-01 14:06:30 155,648 ----a-r C:\WINDOWS\system32\downengine.dll
+ 2008-08-05 19:27:14 155,648 ----a-r C:\WINDOWS\system32\downengine.dll
- 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2005-07-26 11:39:46 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-06-13 18:51:06 344,216 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-17 01:56:43 403,920 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2004-08-10 12:00:00 6,144 ----a-w C:\WINDOWS\system32\ftlx041e.dll
- 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbda1.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbda2.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbda3.dll
+ 2004-08-10 12:00:00 5,120 ----a-w C:\WINDOWS\system32\kbdarme.dll
+ 2004-08-10 12:00:00 5,120 ----a-w C:\WINDOWS\system32\kbdarmw.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbddiv1.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbddiv2.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdfa.dll
+ 2004-08-10 12:00:00 5,120 ----a-w C:\WINDOWS\system32\kbdgeo.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdheb.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdindev.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdinguj.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdinhin.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdinkan.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdinmar.dll
+ 2004-08-10 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdinpun.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdintam.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdintel.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdsyr1.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdsyr2.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdth0.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdth1.dll
+ 2004-08-10 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdth2.dll
+ 2004-08-10 12:00:00 6,144 ----a-w C:\WINDOWS\system32\kbdth3.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdurdu.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdusa.dll
+ 2004-08-10 12:00:00 5,632 ----a-w C:\WINDOWS\system32\kbdvntc.dll
- 2006-06-20 02:19:42 571,184 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-21 04:06:36 1,480,232 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2007-10-31 20:45:46 456,032 ----a-w C:\WINDOWS\system32\mnetactl.dll
+ 2007-12-24 18:56:56 456,000 ----a-w C:\WINDOWS\system32\mnetactl.dll
- 2007-11-19 21:33:04 790,528 ----a-w C:\WINDOWS\system32\mnetvctl.dll
+ 2007-12-24 21:34:24 800,064 ----a-w C:\WINDOWS\system32\mnetvctl.dll
- 2007-10-31 20:47:30 206,176 ----a-w C:\WINDOWS\system32\mnetvwms.dll
+ 2007-12-24 21:34:10 349,504 ----a-w C:\WINDOWS\system32\mnetvwms.dll
- 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
- 2005-06-29 08:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-04-24 08:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-07-31 05:19:10 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
+ 2008-07-19 08:07:34 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
- 2007-07-31 05:19:04 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
+ 2008-07-19 08:07:32 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
- 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2007-02-28 08:38:57 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:14 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2007-02-28 09:08:48 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2008-08-14 09:58:27 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2003-09-16 15:41:43 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
+ 2006-08-12 02:48:38 487,424 ----a-w C:\WINDOWS\system32\OiMPlayer.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-23 02:49:06 857,416 ----a-w C:\WINDOWS\system32\SayRadio.exe
+ 2008-07-19 08:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-19 08:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2004-08-10 12:00:00 185,344 ----a-w C:\WINDOWS\system32\Thawbrkr.dll
- 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe
- 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2003-09-16 15:52:28 147,456 ----a-w C:\WINDOWS\system32\vorbis.dll
+ 2003-09-16 15:43:31 884,736 ----a-w C:\WINDOWS\system32\vorbisenc.dll
- 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-03-19 09:47:00 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
- 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-08-26 07:24:31 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
- 2006-10-19 07:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2008-06-25 04:12:58 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2007-07-31 05:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2008-07-19 08:09:44 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2007-07-31 05:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2008-07-19 08:10:42 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2007-07-31 05:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2008-07-19 08:09:42 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2007-07-31 05:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2008-07-19 08:09:46 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2007-07-31 05:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2008-07-19 08:10:20 36,552 ----a-w C:\WINDOWS\system32\wups.dll
- 2007-07-31 05:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2008-07-19 08:10:40 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
- 2007-07-31 05:19:28 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-07-19 08:09:44 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D9CECB1C-55D7-4DF4-BC51-08D15C95DE5E}"= "C:\Program Files\Search Toolbar\search.dll" [2007-02-20 868424]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D9CECB1C-55D7-4DF4-BC51-08D15C95DE5E}"= "C:\Program Files\Search Toolbar\search.dll" [2007-02-20 868424]

[HKEY_CLASSES_ROOT\clsid\{d9cecb1c-55d7-4df4-bc51-08d15c95de5e}]
[HKEY_CLASSES_ROOT\XBTB05340.XBTB05340.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\XBTB05340.XBTB05340]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"internet_webplayer"="C:\Program Files\internet_webplayer\internet_webplayer.exe" [2007-02-13 262656]
"kdx"="C:\WINDOWS\kdx\KHost.exe" [2006-12-12 2242120]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2005-11-02 50792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-20 579072]
"pgo.exe"="C:\Program Files\pointgo\pgo.exe" [2008-04-17 229888]
"HostManager"="C:\Program Files\Common Files\AOL\1141644703\ee\AOLSoftware.exe" [2005-11-02 50792]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 C:\WINDOWS\arpwrmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-23 219136]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-12-08 27136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-09-13 1707208]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-12-08 36903]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-03-07 106560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.MJPG"= pvmjpg21.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
--a------ 2007-10-30 16:57 1095256 C:\Program Files\DISC\DISCover.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCUP]
--a------ 2007-12-12 20:52 243712 C:\WINDOWS\system32\NCUP12122051.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPUP]
--a------ 2008-02-11 14:46 243712 C:\WINDOWS\system32\SPUPDAT02111445.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\WINDOWS\\system32\\fscagent.exe"=
"C:\\WINDOWS\\system32\\clubbox.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1141644703\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1141644703\\ee\\aim6.exe"=
"C:\\WINDOWS\\system32\\pdrtvsvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\WINDOWS\\kdx\\KHost.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\P3MxSvr.exe"=
"C:\\WINDOWS\\system32\\p3mxvsvr.exe"=
"C:\\WINDOWS\\system32\\muzmvsvr.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\WINDOWS\\system32\\BugsSvr.exe"=
"C:\\WINDOWS\\system32\\p3bvsvr.exe"=
"C:\\WINDOWS\\system32\\skcbgm.exe"=
"C:\\Program Files\\DISC\\DISCover.exe"=
"C:\\Program Files\\DISC\\DiscStreamHub.exe"=
"C:\\Program Files\\pandora.tv\\minilite\\MiniStream.exe"=
"C:\\WINDOWS\\system32\\mnetasvr.exe"=
"C:\\WINDOWS\\system32\\mnetvsvr.exe"=
"C:\\Program Files\\pandora.tv\\minilite\\MiniLite.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\system32\\SayRadio.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10259:TCP"= 10259:TCP:BitComet 10259 TCP
"10259:UDP"= 10259:UDP:BitComet 10259 UDP

S2 shpsv;Shop-Guide Updater Service;C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S3 CXFALCON;Conexant Falcon II NTSC Video Capture;C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-08-16 100480]
S3 NOWMEMDF;NOWMEMDF;C:\WINDOWS\system32\NOWMEMDF.sys [2008-10-07 14080]
S3 WN5301;LIteon Wireless PCI Network Adapter Service;C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
.
Contents of the 'Scheduled Tasks' folder

2008-09-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13]

2008-10-27 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2006-05-01 C:\WINDOWS\Tasks\Easy Internet Sign-up.job
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 17:23]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-TDSSmqlt.sys


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.daum.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 -: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 -: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 -: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 -: Download All by FlashGet - C:\Documents and Settings\HP_Administrator\Favorites\FlashGet\jc_all.htm
O8 -: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 -: Download using FlashGet - C:\Documents and Settings\HP_Administrator\Favorites\FlashGet\jc_link.htm
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O16 -: {0AE0F5F9-8233-49A4-A3C8-004CE190787B} - hxxp://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab
C:\WINDOWS\Downloaded Program Files\BMSpeedCheck.inf
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\Downloaded Program Files\BMSpeedCheck.ocx

O16 -: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} - hxxp://www2.stlu.com/plugins/Plugin5.0.0219//streetnoagent7.cab
C:\WINDOWS\Downloaded Program Files\streetcv.inf
C:\WINDOWS\Downloaded Program Files\7thAgent7.ocx
C:\WINDOWS\Downloaded Program Files\iestm32.dll

O16 -: {21FDDE58-51A6-402A-8040-39DA033DC196} - hxxp://image.pullbbang.com/newTop/Pull0Control.ocx
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\Pull0Control.ocx

O16 -: {2FDAF918-389E-4402-9DA1-F5348615BC30} - hxxp://www.dosirak.com/Commons/Activex/MROpen.cab
C:\WINDOWS\Downloaded Program Files\MROpen.inf
C:\WINDOWS\system32\MROpen.ocx

O16 -: {3270EED1-B285-4828-A0A7-F55913A9B724} - hxxp://listen.daum.net/52st/52street/S2MusicPlayer.dll
C:\WINDOWS\Downloaded Program Files\S2MusicPlayer.dll

O16 -: {3942BD43-B5CE-465F-9AC3-16BA93994273} - hxxp://www.dosirak.com/Commons/Activex/DosirakControl.ocx
C:\WINDOWS\Downloaded Program Files\DosirakControl.ocx

O16 -: {40A217E1-BDDA-44DE-9BBC-D678C7B48603} - hxxp://www.bluemountainsoft.com/agent/EspressoAgent.ocx
C:\WINDOWS\Downloaded Program Files\EspressoAgent.ocx

O16 -: {68253470-5D4F-4CDF-8D9C-353C14A2F013} - hxxp://imgcdn.pandora.tv/pan_img/liveupdate/SVPorsche.cab
C:\WINDOWS\Downloaded Program Files\SVPorsche.inf
C:\WINDOWS\system32\default2003.sbd
C:\WINDOWS\system32\SVPorsche.ocx
C:\WINDOWS\system32\gdiplus.dll

O16 -: {6A2E758A-028B-46BB-A11D-0608AB5A4ED3} - hxxp://listen.daum.net/52st/bgmplayer/Daum52stBGMPlayer.cab
C:\WINDOWS\Downloaded Program Files\DaumBGM.inf
C:\WINDOWS\system32\OIBox.dll
C:\WINDOWS\system32\DaumCrypt.dll
C:\WINDOWS\system32\DaumBGM.dll

O16 -: {7606693A-C18D-4567-AF85-6194FF70761E} - hxxp://app.gomtv.com/gom/GomWeb.cab
C:\WINDOWS\Downloaded Program Files\gomweb.inf
C:\WINDOWS\Downloaded Program Files\gomweb3.dll

O16 -: {868AB0F0-C411-4DB5-8279-E38AE3CDA3FD} - hxxp://listen.daum.net/52st/OiMPlayer/52MPlayer.cab
C:\WINDOWS\Downloaded Program Files\OiMPlayer.inf
C:\WINDOWS\system32\PopupCtrl.ocx
C:\WINDOWS\system32\OiMPlayer.dll

O16 -: {882A7CC6-0163-4BC1-8BC1-505E36C9FFA2} - hxxp://www.mnet.com/Ver2/App/totalApp/maxhelper/maxhelper.cab
C:\WINDOWS\Downloaded Program Files\MaxHelper.inf

O16 -: {913BF18F-672D-4676-9855-F9A192A88886} - hxxp://touch.imbc.com/ocx/Online.cab
C:\WINDOWS\Downloaded Program Files\Touch.inf
C:\WINDOWS\Downloaded Program Files\iMBCContents.ocx
C:\WINDOWS\Downloaded Program Files\iMBCDrmControl.ocx
C:\WINDOWS\Downloaded Program Files\iMBCFilesize.ocx
C:\WINDOWS\Downloaded Program Files\TouchBrowser.ocx
C:\WINDOWS\Downloaded Program Files\iMBCClient.ocx
C:\WINDOWS\Downloaded Program Files\CloseLicenseDlg.ocx
C:\WINDOWS\system32\TouchWeb.dll
C:\WINDOWS\Downloaded Program Files\Touch.ocx

O16 -: {938527D1-CDB7-4147-998A-B20FCA5CC976} - hxxp://cafeimg.hanmail.net/cab9_1/dmcc2.cab?Version=1,0,0,10
C:\WINDOWS\Downloaded Program Files\dmcc2.inf
C:\WINDOWS\system32\dmvm.dll
C:\WINDOWS\Downloaded Program Files\dmcc2.dll

O16 -: {939612C6-DB72-4788-8BD1-6ED77E3EC4A9} - hxxp://dl.sayclub.com/sayclub/sayctl/sayradio.cab
C:\WINDOWS\Downloaded Program Files\SayCast.inf
C:\WINDOWS\system32\SayRadio.exe

O16 -: {9B75502C-BBED-4BBD-8FE2-822E5E0AD32C} - hxxp://www.diodeo.com/DioDeoPlayer.cab
C:\WINDOWS\Downloaded Program Files\DioDeoPlayer.inf
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\MagicLockOCX.ocx
C:\WINDOWS\Downloaded Program Files\DioDeoPlayer.ocx

O16 -: {A0E7D0C1-9854-497E-8645-38C19AA00724} - hxxp://www.teenkorean.net/Penta/KoreanSecurity.cab
C:\WINDOWS\Downloaded Program Files\IssacWebSE.inf
C:\WINDOWS\system32\iwebsd_tray.exe
C:\WINDOWS\Downloaded Program Files\IssacWebSE.dll

O16 -: {AF60D574-F249-4243-8040-5521AAA5BB5E} - hxxp://imgcdn.pandora.tv/pan_img/p3player/package/pdrtvset.cab
C:\WINDOWS\Downloaded Program Files\pdrtvset.inf
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\system32\pdrtvset.dll

O16 -: {B8C4B31D-6DCE-4DF0-BF73-44686849F67D} - hxxp://imgcdn.pandora.tv/pan_img/p3player/package/pdrinst.cab
C:\WINDOWS\Downloaded Program Files\pdrinst.inf
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\pdrinst2.dll
C:\WINDOWS\pdrinst1.dll

O16 -: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,3,3
C:\WINDOWS\Downloaded Program Files\xman.inf
C:\WINDOWS\system32\xmaninf.exe
C:\WINDOWS\system32\extract.exe
C:\WINDOWS\system32\xman.dll

O16 -: {BBFD2D10-EC6E-4259-91D1-1E38C826E5E2} - hxxp://app.gomtv.com/gomtv/gomtvx.cab
C:\WINDOWS\Downloaded Program Files\gomtvx.inf
C:\WINDOWS\Downloaded Program Files\gomtvx.dll

O16 -: {BCA935CA-7E41-4F73-BA9C-FAB4393DBAC0} - hxxp://www.csafer.net/ActiveX/MAStreamCtrl.cab
C:\WINDOWS\Downloaded Program Files\MAStreamCtrl.inf
C:\WINDOWS\system32\StreamSaferFilter.dll
C:\WINDOWS\system32\MAStreamCtrl.ocx

O16 -: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} - hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab
C:\WINDOWS\Downloaded Program Files\BugsInstallerEx.inf
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\BugsInstallerEx.ocx
C:\WINDOWS\system32\bugs_install.gif

O16 -: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} - hxxp://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
C:\WINDOWS\Downloaded Program Files\SBSWebPlayer.inf
C:\WINDOWS\Downloaded Program Files\SBSWebPlayer.dll

O16 -: {BD6F8792-B90E-4431-B0AB-08CF414E9D35} - hxxp://bgm.iple.com/Cab/SMMusicPlayerX.cab
C:\WINDOWS\Downloaded Program Files\SMMusicPlayerX.inf
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\vorbis_vx.dll
C:\WINDOWS\system32\ogg_vx.dll
C:\WINDOWS\system32\VxovSrc4dmi.ax
C:\WINDOWS\system32\SMMusicPlayerX.ocx

O16 -: {C394A9A2-C51D-4C26-BB2C-6DEB30A890F4} - hxxp://www.diodeo.com/ActiveDiodeoPlayer.cab
C:\WINDOWS\Downloaded Program Files\ActiveDiodeoPlayer.inf
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\MagicLockOCX.ocx
C:\WINDOWS\Downloaded Program Files\ActiveDiodeoPlayer.ocx

O16 -: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} - hxxp://player.muz.co.kr/package/installer2007_02/p3Instal.cab
C:\WINDOWS\Downloaded Program Files\p3Instal.inf
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\system32\p3Instl2.dll
C:\WINDOWS\system32\p3Instl1.dll

O16 -: {CF362BDB-4EA2-11D5-AB47-000102913414} - hxxp://touch.imbc.com/ocx/SetGlb.cab
C:\WINDOWS\Downloaded Program Files\setglb.inf
C:\WINDOWS\system32\setglb.ocx
C:\WINDOWS\system32\hkstart.exe
C:\WINDOWS\system32\hksock2.dll
C:\WINDOWS\system32\hksock1.dll
C:\WINDOWS\system32\hkmsg2.dll
C:\WINDOWS\system32\hkmsg1.dll
C:\WINDOWS\system32\HkDnsRes.dll

O16 -: {CFCBEE6F-BE54-4682-84F6-0E3FCDFAE3E2} - hxxp://www.clubbox.co.kr/neo.fld/NowCAFE.cab
C:\WINDOWS\Downloaded Program Files\NowCAFE.inf
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\NowCAFE.ocx

O16 -: {D1160D6F-214B-4B4E-A361-977817ACC516} - hxxp://www.websafe.co.kr/websafe_player.cab
C:\WINDOWS\Downloaded Program Files\websafe_player.inf
C:\WINDOWS\Downloaded Program Files\websafe_player.ocx

O16 -: {D26A941D-7E89-4098-B583-43291FC14218} - hxxp://image.pullbbang.com/images/Pull0Control.ocx
C:\WINDOWS\Downloaded Program Files\Pull0Control.ocx

O16 -: {F4A1D5E2-AF49-47A7-A945-23038106F3A4} - hxxp://imgcdn.pandora.tv/pan_img/launcher/codebase/Pandora_SetUpAX.cab
C:\WINDOWS\Downloaded Program Files\Pandora_SetUpAX.inf
C:\WINDOWS\system32\Pandora_SetUpAX.ocx

O16 -: {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} - hxxp://www.clubbox.co.kr/neo.fld/MultiUpload.cab
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MultiUpload.inf
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\MultiUpload.ocx
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MultiUpload.ocx
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MultiUpload.ocx
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MultiUpload.ocx
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 16:08:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\AOL\1141644703\ee\aim6.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-10-30 16:13:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-31 02:13:55
ComboFix2.txt 2008-08-12 02:39:28
ComboFix3.txt 2008-08-07 01:34:31

Pre-Run: 3,373,424,640 bytes free
Post-Run: 3,922,317,312 bytes free

1008 --- E O F --- 2008-10-27 01:18:54



#12 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:01 PM

Posted 31 October 2008 - 11:55 AM

hi Yoori.

I have question before we proceed, do you have a SUPER (Simplified Universal Player Encoder & Renderer)?

Please let me know.

Mark

#13 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:03:01 PM

Posted 01 November 2008 - 07:49 AM

Yes, I do. Why? Is there something wrong with that program? O___O

#14 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:09:01 PM

Posted 01 November 2008 - 08:03 AM

hi Yoori :thumbsup:

Yes, I do. Why? Is there something wrong with that program? O___O

No problem at all. Thanks for letting me know.


I have more question before we proceed.

Did you disable your Antivirus monitoring? also the Windows update?


Let me know in your next reply.

Please follow the instructions below;
  • Please uninstall this program through ADD/REMOVE programs

    pointgo <--Adware.Agent http://www.threatexpert.com/report.aspx?ui...3d-54728fa5b69e
    internet_webplayer <--Trojan http://www.ca.com/us/securityadvisor/pest/...px?id=453139802

  • 1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    EXTRA::

    FILE::
    C:\WINDOWS\system32\TDSSmtvd.dat

    REGISTRY::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"=-


    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

  • Download ATF Cleaner to your Desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Select All found at the bottom of the list.
    • Click the Empty Selected button.
    If you use Firefox browser, do this also:
    • Click Firefox at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser, do this also:
    • Click Opera at the top and choose Select All from the list.
    • Close ALL Internet browsers (very important).
    • Click the Empty Selected button.
    • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    Notes for Windows Vista users:
    On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"
    Prefetch has been disabled on Windows Vista. As I'm not sure the effects that emptying prefetch on Windows Vista will have for the time being it I won't enable that function.


  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
In your reply, please post

C:\combofix.txt
C:\QooBox\Add-Remove Programs.txt
Kaspersky scan result
Answer to my questions


Mark

#15 yoori

yoori
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In Your Dreams
  • Local time:03:01 PM

Posted 01 November 2008 - 08:44 AM

You mean the free anti-programs? I don't have any paid program (yet). I didn't know you can disable them.
Windows Update? I know there's one I haven't installed which is the Service Pack 3, because it says to do back up and I do don't know how nor do I have a back up disk. I'm afraid to install it and then lose all my files. What should I do? I had a feeling the combofix log wasn't complete, because it came out different from the last time I did scanned with combofix.

Will post the logs in my next reply.
Thanks Mark.

-Yoori-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users