Results 1 to 10 of 18

Thread: Win32.delf.rtk, Virtumonde and others.

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Mar 2009
    Posts
    12

    Default Win32.delf.rtk, Virtumonde and others.

    While I am aware the rules state not to post asking for aid on multiple tech support boards, my last attempt went several weeks without a response and as a result my friend suggested (or rather insisted) I try this forum. Registry is backed up, although I was a little concerned with turning off TeaTimer, given how many actions it blocks every time I start my PC.

    For the last month or so I have been plagued by a virus that appears to repeatedly download other difficult-to-remove trojans onto my computer. I can't figure out where it's going, but thus far I've encountered Vundo/Virtumonde, the Fake Anti-Virus "Virus" and more recently the Win32.delf.rtk trojan. Aside from the tracking cookies being constantly placed on my computer, I've also encountered sporadic pop-ups via Internet Explorer (odd, since it's not my primary browser) and an inexplicable radio-ish broadcast that occurs sporadically and tends to cut off the moment I start up Spybot to see if I can catch it.

    I'm using SP2 at the moment (my previous attempt to download SP3 was marred by an inexplicable error and thus far I have been unable to properly update) and my primary detection programs are Spybot and Avira AntiVir (which, thankfully, was largely immune to the Trojans' initial attempts to disable security devices), and for the most part I thought that Avira had caught the virus when it was first contracted. It was only a couple of days later that the Trojans began to spawn like the angry little gribblies they are.

    On a possibly related note, I at one point attempted to prevent the Trojans from re-downloading themselves by deselecting the "File and Printer Sharing for Microsoft Networks" item in my connection properties. I re-selected, of course, when I saw that it did nothing to hinder them, but since then I have had unresolved issues with connecting to friends online/through certain programs. The Windows Firewall also refuses to re-engage, stating that the associated service (firewall/ICS) is not running, then states that it is unable to start the service in question. I'm not really sure what to do about that, although I understand it's likely my own inept fumblings that lead to the issue rather than viral interference and is probably best reserved for a different board.

    The following is a HijackThis log made preceding the multiple scans I run every time I turn the computer on, so it will likely show most of the stuff I get rid of on a daily basis.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:19:59 PM, on 07/03/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Eraser\eraser.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\sopidkc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\windows\$ntunistalls\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Opera 9\opera.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\DAEMON Tools Pro\DTProShellHlp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: Google plugin - {684EE1DB-CD52-4ca9-9CCF-93D5F6B419BA} - kmsvc32.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A6D6C060-BB36-4407-8F59-B06192FCFFA8} - C:\WINDOWS\system32\mlJYRjJA.dll (file missing)
    O2 - BHO: (no name) - {f604a4f9-fbe8-4a5c-ac38-1065d50b29f9} - C:\WINDOWS\system32\pehirema.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [bujopidiju] Rundll32.exe "C:\WINDOWS\system32\mijejabe.dll",s
    O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\msrstart.exe
    O4 - HKLM\..\RunServices: [Object Rec] sorhost.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKLM\..\Policies\Explorer\Run: [xccinit] C:\WINDOWS\system32\inf\rundll33.exe C:\WINDOWS\xccdf16_090131a.dll xccd16
    O4 - HKUS\S-1-5-21-3517020019-3143994005-2725134825-1008\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
    O4 - HKUS\S-1-5-21-3517020019-3143994005-2725134825-1008\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork (User '?')
    O4 - HKUS\S-1-5-21-3517020019-3143994005-2725134825-1008\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide (User '?')
    O4 - HKUS\S-1-5-21-3517020019-3143994005-2725134825-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-3517020019-3143994005-2725134825-1008\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" -autorun (User '?')
    O4 - HKUS\S-1-5-21-3517020019-3143994005-2725134825-1008\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - S-1-5-21-3517020019-3143994005-2725134825-1008 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User '?')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    O4 - Global Startup: xccstart.lnk = C:\WINDOWS\system\xccef090131.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: imdds.dll
    O10 - Unknown file in Winsock LSP: imdds.dll
    O10 - Unknown file in Winsock LSP: imdds.dll
    O10 - Unknown file in Winsock LSP: imdds.dll
    O10 - Unknown file in Winsock LSP: c:\docume~1\hp_adm~1\locals~1\temp\ntdll64.dll
    O10 - Unknown file in Winsock LSP: c:\docume~1\hp_adm~1\locals~1\temp\ntdll64.dll
    O15 - Trusted Zone: http://*.trymedia.com (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.7.109.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165182224881
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O20 - AppInit_DLLs: eofsgt.dll C:\WINDOWS\system32\ c:\windows\system32\pimimoso.dll C:\WINDOWS\system32\ C:\WINDOWS\system32\hufufoga.dll cynlex.dll c:\windows\system32\kapigagi.dll
    O20 - Winlogon Notify: ljJDVpPj - ljJDVpPj.dll (file missing)
    O20 - Winlogon Notify: pmnkJApn - pmnkJApn.dll (file missing)
    O20 - Winlogon Notify: urqOGVPH - urqOGVPH.dll (file missing)
    O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapigagi.dll (file missing)
    O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapigagi.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Tcp ipx Service (Tcpipsrv) - Unknown owner - c:\windows\$ntunistalls\svchost.exe

    --
    End of file - 12666 bytes

    The numerous "Missing DLLs" are, as far as I'm aware, from the various attempts to replicate using random file names that the Trojans have engaged in. If not, I'm pretty sure I still have most, if not all of them in quarantine, so I can restore them if necessary.

    Any help you could give me would be greatly appreciated.

  2. #2
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop. Post them back to your topic.
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Mar 2009
    Posts
    12

    Default

    Here you go.

    As far as I know, all script blockers were off. Didn't get any notifications or anything.

    DDS (Ver_09-02-01.01) - NTFSx86
    Run by HP_Administrator at 15:08:32.56 on 09/03/2009
    Internet Explorer: 7.0.5730.11

    ============== Running Processes ===============


    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    uInternet Settings,ProxyServer = http=localhost:7171
    uInternet Settings,ProxyOverride = *.local;<local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
    BHO: Google plugin: {684ee1db-cd52-4ca9-9ccf-93d5f6b419ba} - kmsvc32.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {a6d6c060-bb36-4407-8f59-b06192fcffa8} - c:\windows\system32\mlJYRjJA.dll
    BHO: {f604a4f9-fbe8-4a5c-ac38-1065d50b29f9} - c:\windows\system32\pehirema.dll
    TB: {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - No File
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [igndlm.exe] c:\program files\ign\download manager\dlm.exe /windowsstart /startifwork
    uRun: [Eraser] c:\program files\eraser\eraser.exe -hide
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [SpybotDeletingB1526] command.com /c del "c:\windows\system32\afisicx.exe_old"
    uRunOnce: [SpybotDeletingD8202] cmd.exe /c del "c:\windows\system32\afisicx.exe_old"
    mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [bujopidiju] Rundll32.exe "c:\windows\system32\mijejabe.dll",s
    mRun: [Explorer] c:\windows\system32\msrstart.exe
    mRunOnce: [SpybotDeletingA1243] command.com /c del "c:\windows\system32\afisicx.exe_old"
    mRunOnce: [SpybotDeletingC8057] cmd.exe /c del "c:\windows\system32\afisicx.exe_old"
    mRunServices: [Object Rec] sorhost.exe
    dRunOnce: [RunNarrator] Narrator.exe
    mExplorerRun: [xccinit] c:\windows\system32\inf\rundll33.exe c:\windows\xccdf16_090131a.dll xccd16
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\xccstart.lnk - c:\windows\system\xccef090131.exe
    uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: imdds.dll
    LSP: c:\docume~1\hp_adm~1\locals~1\temp\ntdll64.dll
    Trusted Zone: trymedia.com
    DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165182224881
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    Notify: ljJDVpPj - ljJDVpPj.dll
    Notify: pmnkJApn - pmnkJApn.dll
    Notify: urqOGVPH - urqOGVPH.dll
    AppInit_DLLs: eofsgt.dll c:\windows\system32\ c:\windows\system32\pimimoso.dll c:\windows\system32\ c:\windows\system32\hufufoga.dll cynlex.dll c:\windows\system32\kapigagi.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapigagi.dll
    STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\kapigagi.dll
    LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJYRjJA
    LSA: Notification Packages = scecli scecli scecli scecli c:\windows\system32\sayiwido.dll c:\windows\system32\hufufoga.dll

    ============= SERVICES / DRIVERS ===============


    ============== File Associations ===============

    txtfile="c:\windows\system32\nxtepad.exe" "%1"

    =============== Created Last 30 ================

    2009-03-09 02:56 <DIR> --d----- c:\program files\Koei
    2009-03-08 07:48 0 a------- c:\windows\system32\nfr.assembly
    2009-03-08 07:46 12,800 a------- c:\windows\system32\dll32.dll
    2009-03-08 07:46 1 a------- c:\windows\9gdfgjf23
    2009-03-08 07:46 11,776 ----h--- c:\windows\pp2.exe
    2009-03-08 07:46 1 ----h--- c:\windows\t55ft3518f44.dat
    2009-03-08 07:46 30,720 a------- c:\windows\system32\frmwrk32.exe
    2009-03-08 07:46 12,288 ----h--- c:\windows\ld02.exe
    2009-03-08 05:47 <DIR> --d----- c:\program files\Sim
    2009-03-06 18:22 1 a------- c:\windows\system32\tb.dr
    2009-03-06 15:13 44,032 a------- c:\windows\system32\kmsvc32.dll
    2009-03-06 12:06 388,608 a------- c:\windows\system32\tmpxccacj1.exe
    2009-03-05 13:21 251,392 a------- c:\windows\xccdf32_090131a.dll
    2009-03-05 12:17 11,264 a------- c:\windows\system32\imdds.dll
    2009-03-05 12:13 100 a------- c:\windows\system32\wh
    2009-03-03 11:34 485 a------- c:\windows\system32\303357.exe
    2009-03-03 11:20 <DIR> --dsh--- c:\windows\$ntunistalls
    2009-03-02 12:05 2,713 ---sh--- c:\windows\system32\nelesoye.dll
    2009-03-01 12:51 32 a------- c:\windows\system32\work.ini
    2009-03-01 12:51 227 a------- c:\windows\system32\hgset.ini
    2009-03-01 12:50 <DIR> --d----- c:\windows\system32\3361
    2009-02-28 12:09 676,352 a------- c:\windows\system32\rtl60.bpl
    2009-02-28 12:09 199 a------- c:\windows\system32\xcchit32.ini
    2009-02-28 12:08 650 a------- c:\windows\xccwinsys.ini
    2009-02-28 12:08 <DIR> --d----- c:\windows\system32\inf
    2009-02-20 21:02 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\The Creative Assembly
    2009-02-18 23:48 <DIR> --d----- c:\program files\OptimiData
    2009-02-18 18:54 <DIR> --d----- c:\program files\Freelancer Mod Manager
    2009-02-08 20:26 <DIR> --d----- c:\program files\Battle for Wesnoth 1.5.9

    ==================== Find3M ====================

    2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
    2009-01-21 12:01 133,632 a------- c:\windows\awepajon.dll
    2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 05:57 333,184 a------- c:\windows\system32\dllcache\srv.sys
    2008-07-13 15:43 708 a------- c:\program files\INSTALL.LOG
    2007-11-15 20:07 22,328 a------- c:\docume~1\hp_adm~1\applic~1\PnkBstrK.sys
    2003-12-18 11:33 20,102 a------- c:\program files\Readme.txt
    2003-09-03 07:46 10,960 a------- c:\program files\EULA.txt
    2006-09-20 15:59 22 a--sh--- c:\windows\sminst\HPCD.sys

    ============= FINISH: 15:08:47.89 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-02-01.01)


    ==== Disk Partitions =========================


    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    7-Zip 4.57
    A Murder of Crows
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 8.1.3
    AGEIA PhysX v8.01.18
    AiO_Scan
    AiO_Scan_CDA
    AiOSoftware
    AiOSoftwareNPI
    Ancient Sudoku
    Apple Software Update
    ArcSoft PhotoStudio 2000
    Audacity 1.2.6
    AutoUpdate
    Avira AntiVir Personal - Free Antivirus
    Bejeweled 2 Deluxe
    Big Kahuna Reef
    Blackhawk Striker 2
    Blasterball 2 Remix
    Blasterball 2 Revolution
    Bof4
    Bookworm Deluxe
    Bounce Symphony
    BufferChm
    CameraDrivers
    CameraUserGuides
    Canon ScanGear Toolbox CS 2.2
    CDisplay 1.8
    Choice Guard
    Chuzzle Deluxe
    CivPlayers OOS Patch 1.0
    Combined Community Codec Pack 2008-01-24
    Company of Heroes
    Company of Heroes - FAKEMSI
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    Creative WebCam Center
    Creative WebCam Live! Pro Driver (1.01.01.1011)
    Creative WebCam Live! Pro User's Guide (English)
    CueTour
    Customer Experience Enhancement
    Destinations
    DeviceManagementQFolder
    Diner Dash
    DISCover
    DivX
    DivX Player
    DivX Web Player
    DocProc
    DocumentViewer
    Easy Internet Sign-up
    Enhanced Multimedia Keyboard Solution
    Eraser
    ERUNT 1.1j
    Fairies
    Family Feud
    FATE
    Fax
    Fax_CDA
    ffdshow [rev 1381] [2007-07-29]
    FLAC 1.2.1b (remove only)
    Flip Words
    Freelancer
    GameSpy Arcade
    GemMaster Mystic
    Get Yahoo! Messenger
    Hamachi 1.0.1.5
    Hero Editor V0.96
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Homeworld
    Homeworld2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 10 (KB910393)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB888795)
    Hotfix for Windows XP (KB891593)
    Hotfix for Windows XP (KB893357)
    Hotfix for Windows XP (KB895961)
    Hotfix for Windows XP (KB899337)
    Hotfix for Windows XP (KB899510)
    Hotfix for Windows XP (KB902841)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB912024)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    HP Boot Optimizer
    HP Deskjet Printer Preload
    HP DigitalMedia Archive
    HP Document Viewer 6.1
    HP DVD Play 2.1
    HP Game Console
    HP Imaging Device Functions 7.0
    HP Photosmart 330,380,420,470,7800,8000,8200 Series
    HP Photosmart Cameras 6.0
    HP Photosmart for Media Center PC
    HP Photosmart Premier Software 6.5
    HP PSC & OfficeJet 5.3.B
    HP PSC & OfficeJet 6.1.A
    HP Rhapsody
    HP Software Update
    HP Solution Center and Imaging Support Tools 6.1
    hpiCamDrvQFolder
    HPPhotoSmartExpress
    HPProductAssistant
    HpSdpAppCoreApp
    ID3 renamer 2.15.15
    IGN Download Manager 2.3.0
    Impulse
    Insaniquarium Deluxe
    InstantShareDevices
    J2SE Runtime Environment 5.0 Update 11
    Jasc Paint Shop Pro 8
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
    Jewel Quest
    LightScribe 1.4.84.1
    Magic Workstation 0.94f
    Mah Jong Quest
    Microsoft .NET Framework 1.0 Hotfix (KB887998)
    Microsoft .NET Framework 1.0 Hotfix (KB930494)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0
    Microsoft Application Error Reporting
    Microsoft AppLocale
    Microsoft Away Mode
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Game Studios Common Redistributables Pack 1
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft IntelliPoint 6.1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
    Microsoft Office Standard Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Application Compatibility Database
    Microsoft Works
    Microsoft XML Parser
    mIRC
    Move Networks Media Player for Internet Explorer
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6 Service Pack 2 (KB954459)
    MSXML4 Parser
    MTG GamePack for Magic Workstation
    muvee autoProducer 5.0
    muvee autoProducer unPlugged 2.0
    Mystery Case Files
    NewCopy
    NewCopy_CDA
    Nintendo Wi-Fi USB Connector Registration Tool
    NVIDIA Drivers
    Opera 9.63
    OptimiData JPEG2000 Shell Extension
    OptionalContentQFolder
    PanoStandAlone
    PC-Doctor 5 for Windows
    PhotoGallery
    Poker Superstars
    Polar Bowler
    Polar Golfer
    PSPrinters08
    PSTAPlugin
    Python 2.2 pywin32 extensions (build 203)
    Python 2.2.3
    Qtrax 0.2beta (20080125)
    Quicken 2006
    QuickTime
    RandMap
    Readme
    Real Alternative 1.60
    Realtek High Definition Audio Driver
    Ricochet Lost Worlds
    RPTools MapTool
    RTKXI
    Scan
    ScannerCopy
    SCRABBLE
    Security Task Manager 1.7
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Segoe UI
    Sid Meier's Civilization 4
    Sid Meier's Civilization 4 - Beyond the Sword
    SkinsHP1
    SlideShow
    SlideShowMusic
    Slingo Deluxe
    Snowy The Bears Adventure
    SolutionCenter
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Sonic_PrimoSDK
    Source SDK Base
    SpeechRedist
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    Star Trek Armada II: Fleet Operations
    Starcraft
    Stardock Central
    STARWARS: The Battle of Endor version 2.1
    STARWARS: The Battle of Yavin version 1.1
    Status
    Steam(TM)
    Super Granny
    Symantec KB-DocID:2003093015493306
    System Requirements Lab
    Team Fortress 2
    TeamSpeak 2 RC2
    Tennis Titans
    Toolbox
    Tornado Jockey
    Tradewinds
    TrayApp
    Unload
    Update for Windows Media Player 10 (KB913800)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955839)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Updates from HP (remove only)
    Vampire - The Masquerade Bloodlines
    VASSAL
    Vodei Multimedia Processor 2.10
    Warcraft III: All Products
    WebFldrs XP
    WebReg
    Winamp (remove only)
    Windows Communication Foundation
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Presentation Foundation
    Windows Workflow Foundation
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892050
    Windows XP Hotfix - KB893066
    Windows XP Media Center Edition 2005 KB908246
    Windows XP Media Center Edition 2005 KB925766
    WinRAR archiver
    WinZip 12.0
    XML Paper Specification Shared Components Pack 1.0

    ==== End Of File ===========================

  4. #4
    Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi again,


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully and install the Recovery Console first.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should see a blue screen prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds.txt log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2018
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Mar 2009
    Posts
    12

    Default

    Finished the scan. While I did shut down the system-monitoring programs that might interfere with Combofix, Avira's resident guard came back on when Combofix rebooted the computer. I told it to ignore all the detections that popped up, however, and there didn't appear to be any real conflict between it and Combofix.

    Unfortunately, I have the sneaking suspicion that turning Spybot's TeaTimer back on (after the scan had completed) may have brought back Win32.delf.rtk. I just got a couple of warnings about it.

    I'm also still getting a note about a missing DLL when the computer starts, although the names seem either random or associated with the virus.

    Logs:


    DDS (Ver_09-02-01.01) - NTFSx86
    Run by HP_Administrator at 17:04:43.40 on 10/03/2009
    Internet Explorer: 7.0.5730.11
    Microsoft Windows XP Professional 5.1.2600.2.1252.2.1033.18.3582.2783 [GMT -6:00]

    AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\arservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\HP\KBD\KBD.EXE
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Eraser\eraser.exe
    C:\Program Files\WiFiConnector\NintendoWFCReg.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Opera 9\opera.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\nxtepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\sopidkc.exe
    C:\WINDOWS\system32\umtcdtw.sys
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\HP_Administrator\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=63&bd=PAVILION&pf=desktop
    uInternet Settings,ProxyServer = http=localhost:7171
    uInternet Settings,ProxyOverride = *.local;<local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
    BHO: {684EE1DB-CD52-4ca9-9CCF-93D5F6B419BA} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {A6D6C060-BB36-4407-8F59-B06192FCFFA8} - No File
    BHO: {f604a4f9-fbe8-4a5c-ac38-1065d50b29f9} - No File
    TB: {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - No File
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
    uRun: [igndlm.exe] c:\program files\ign\download manager\dlm.exe /windowsstart /startifwork
    uRun: [Eraser] c:\program files\eraser\eraser.exe -hide
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [KBD] c:\hp\kbd\KBD.EXE
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\xccstart.lnk - c:\windows\system\xccef090131.exe
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: imdds.dll
    Trusted Zone: trymedia.com
    DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
    DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165182224881
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2007-11-10 11840]
    R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2007-11-10 68865]
    R2 AntiVirService;AntiVir PersonalEdition Classic Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2007-11-10 151297]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2004-8-9 175616]
    R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-9-20 1174152]
    R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2007-11-10 52032]
    S2 afisicx;afisicx Service;c:\windows\system32\afisicx.exe --> c:\windows\system32\afisicx.exe [?]
    S2 mabidwe;mabidwe Service;c:\windows\system32\mabidwe.exe --> c:\windows\system32\mabidwe.exe [?]
    S2 Tcpipsrv;Tcp ipx Service;c:\windows\$ntunistalls\svchost.exe --> c:\windows\$ntunistalls\svchost.exe [?]
    S3 efipsk;efipsk;\??\c:\docume~1\hp_adm~1\locals~1\temp\efipsk.sys --> c:\docume~1\hp_adm~1\locals~1\temp\efipsk.sys [?]
    S3 pcistub;pcistub;c:\windows\system32\pcistub.sys [2004-8-9 2304]

    ============== File Associations ===============

    txtfile="c:\windows\system32\nxtepad.exe" "%1"

    =============== Created Last 30 ================

    2009-03-10 16:12 161,792 a------- c:\windows\SWREG.exe
    2009-03-10 16:12 98,816 a------- c:\windows\sed.exe
    2009-03-09 02:56 <DIR> --d----- c:\program files\Koei
    2009-03-08 07:48 0 a------- c:\windows\system32\nfr.assembly
    2009-03-08 07:46 12,800 a------- c:\windows\system32\dll32.dll
    2009-03-08 07:46 1 a------- c:\windows\9gdfgjf23
    2009-03-08 07:46 11,776 ----h--- c:\windows\pp2.exe
    2009-03-08 07:46 1 ----h--- c:\windows\t55ft3518f44.dat
    2009-03-08 07:46 12,288 ----h--- c:\windows\ld02.exe
    2009-03-08 05:47 <DIR> --d----- c:\program files\Sim Brothel
    2009-03-06 15:13 44,032 a------- c:\windows\system32\kmsvc32.dll
    2009-03-05 12:17 11,264 a------- c:\windows\system32\imdds.dll
    2009-03-05 12:13 100 a------- c:\windows\system32\wh
    2009-03-03 11:20 <DIR> --dsh--- c:\windows\$ntunistalls
    2009-03-02 12:05 2,713 ---sh--- c:\windows\system32\nelesoye.dll
    2009-03-01 12:51 32 a------- c:\windows\system32\work.ini
    2009-03-01 12:51 227 a------- c:\windows\system32\hgset.ini
    2009-03-01 12:50 <DIR> --d----- c:\windows\system32\3361
    2009-02-28 12:09 676,352 a------- c:\windows\system32\rtl60.bpl
    2009-02-28 12:08 <DIR> --d----- c:\windows\system32\inf
    2009-02-20 21:02 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\The Creative Assembly
    2009-02-18 23:48 <DIR> --d----- c:\program files\OptimiData
    2009-02-18 18:54 <DIR> --d----- c:\program files\Freelancer Mod Manager
    2009-02-08 20:26 <DIR> --d----- c:\program files\Battle for Wesnoth 1.5.9

    ==================== Find3M ====================

    2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
    2009-01-21 12:01 133,632 a------- c:\windows\awepajon.dll
    2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
    2008-12-11 05:57 333,184 a------- c:\windows\system32\dllcache\srv.sys
    2007-11-15 20:07 22,328 a------- c:\docume~1\hp_adm~1\applic~1\PnkBstrK.sys
    2003-12-18 11:33 20,102 a------- c:\program files\Readme.txt
    2003-09-03 07:46 10,960 a------- c:\program files\EULA.txt
    2006-09-20 15:59 22 a--sh--- c:\windows\sminst\HPCD.sys

    ============= FINISH: 17:04:59.67 ===============

    On the bright side, the internet connection is back up.

  6. #6
    Junior Member
    Join Date
    Mar 2009
    Posts
    12

    Default

    Man, this thing is huge.

    ComboFix 09-03-10.01 - HP_Administrator 2009-03-10 16:20:44.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3129 [GMT -6:00]
    Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\program files\INSTALL.LOG
    c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
    c:\windows\IE4 Error Log.txt
    c:\windows\Install.txt
    c:\windows\jestertb.dll
    c:\windows\system32\_005181_.tmp.dll
    c:\windows\system32\_005182_.tmp.dll
    c:\windows\system32\_005183_.tmp.dll
    c:\windows\system32\_005184_.tmp.dll
    c:\windows\system32\_005191_.tmp.dll
    c:\windows\system32\_005192_.tmp.dll
    c:\windows\system32\_005193_.tmp.dll
    c:\windows\system32\_005194_.tmp.dll
    c:\windows\system32\_005195_.tmp.dll
    c:\windows\system32\_005196_.tmp.dll
    c:\windows\system32\_005197_.tmp.dll
    c:\windows\system32\_005198_.tmp.dll
    c:\windows\system32\_005199_.tmp.dll
    c:\windows\system32\_005200_.tmp.dll
    c:\windows\system32\_005201_.tmp.dll
    c:\windows\system32\_005202_.tmp.dll
    c:\windows\system32\_005203_.tmp.dll
    c:\windows\system32\_005204_.tmp.dll
    c:\windows\system32\_005205_.tmp.dll
    c:\windows\system32\_005206_.tmp.dll
    c:\windows\system32\_005207_.tmp.dll
    c:\windows\system32\_005208_.tmp.dll
    c:\windows\system32\_005209_.tmp.dll
    c:\windows\system32\_005210_.tmp.dll
    c:\windows\system32\_005211_.tmp.dll
    c:\windows\system32\_005212_.tmp.dll
    c:\windows\system32\_005213_.tmp.dll
    c:\windows\system32\_005214_.tmp.dll
    c:\windows\system32\_005215_.tmp.dll
    c:\windows\system32\_005216_.tmp.dll
    c:\windows\system32\_005217_.tmp.dll
    c:\windows\system32\_005218_.tmp.dll
    c:\windows\system32\_005219_.tmp.dll
    c:\windows\system32\_005220_.tmp.dll
    c:\windows\system32\_005221_.tmp.dll
    c:\windows\system32\_005222_.tmp.dll
    c:\windows\system32\_005223_.tmp.dll
    c:\windows\system32\_005224_.tmp.dll
    c:\windows\system32\_005225_.tmp.dll
    c:\windows\system32\_005226_.tmp.dll
    c:\windows\system32\_005227_.tmp.dll
    c:\windows\system32\_005228_.tmp.dll
    c:\windows\system32\_005229_.tmp.dll
    c:\windows\system32\_005230_.tmp.dll
    c:\windows\system32\_005231_.tmp.dll
    c:\windows\system32\_005232_.tmp.dll
    c:\windows\system32\_005233_.tmp.dll
    c:\windows\system32\_005234_.tmp.dll
    c:\windows\system32\_005235_.tmp.dll
    c:\windows\system32\_005236_.tmp.dll
    c:\windows\system32\_005238_.tmp.dll
    c:\windows\system32\_005239_.tmp.dll
    c:\windows\system32\_005240_.tmp.dll
    c:\windows\system32\_005241_.tmp.dll
    c:\windows\system32\_005243_.tmp.dll
    c:\windows\system32\_005244_.tmp.dll
    c:\windows\system32\_005245_.tmp.dll
    c:\windows\system32\_005246_.tmp.dll
    c:\windows\system32\_005247_.tmp.dll
    c:\windows\system32\_005248_.tmp.dll
    c:\windows\system32\_005249_.tmp.dll
    c:\windows\system32\_005250_.tmp.dll
    c:\windows\system32\_005251_.tmp.dll
    c:\windows\system32\_005253_.tmp.dll
    c:\windows\system32\_005254_.tmp.dll
    c:\windows\system32\_005255_.tmp.dll
    c:\windows\system32\_005256_.tmp.dll
    c:\windows\system32\_005258_.tmp.dll
    c:\windows\system32\_005260_.tmp.dll
    c:\windows\system32\_005261_.tmp.dll
    c:\windows\system32\_005262_.tmp.dll
    c:\windows\system32\_005263_.tmp.dll
    c:\windows\system32\_005264_.tmp.dll
    c:\windows\system32\_005265_.tmp.dll
    c:\windows\system32\_005266_.tmp.dll
    c:\windows\system32\_005267_.tmp.dll
    c:\windows\system32\_005269_.tmp.dll
    c:\windows\system32\_005270_.tmp.dll
    c:\windows\system32\_005271_.tmp.dll
    c:\windows\system32\_005272_.tmp.dll
    c:\windows\system32\_005273_.tmp.dll
    c:\windows\system32\_005274_.tmp.dll
    c:\windows\system32\_005275_.tmp.dll
    c:\windows\system32\_005276_.tmp.dll
    c:\windows\system32\_005277_.tmp.dll
    c:\windows\system32\_005278_.tmp.dll
    c:\windows\system32\_005279_.tmp.dll
    c:\windows\system32\_005280_.tmp.dll
    c:\windows\system32\_005281_.tmp.dll
    c:\windows\system32\_005282_.tmp.dll
    c:\windows\system32\_005283_.tmp.dll
    c:\windows\system32\_005284_.tmp.dll
    c:\windows\system32\_005286_.tmp.dll
    c:\windows\system32\_005287_.tmp.dll
    c:\windows\system32\_005288_.tmp.dll
    c:\windows\system32\_005289_.tmp.dll
    c:\windows\system32\_005291_.tmp.dll
    c:\windows\system32\_005293_.tmp.dll
    c:\windows\system32\_005294_.tmp.dll
    c:\windows\system32\_005295_.tmp.dll
    c:\windows\system32\_005296_.tmp.dll
    c:\windows\system32\_005297_.tmp.dll
    c:\windows\system32\_005298_.tmp.dll
    c:\windows\system32\_005299_.tmp.dll
    c:\windows\system32\_005300_.tmp.dll
    c:\windows\system32\_005302_.tmp.dll
    c:\windows\system32\_005303_.tmp.dll
    c:\windows\system32\_005304_.tmp.dll
    c:\windows\system32\_005305_.tmp.dll
    c:\windows\system32\_005306_.tmp.dll
    c:\windows\system32\_005307_.tmp.dll
    c:\windows\system32\_005308_.tmp.dll
    c:\windows\system32\_005309_.tmp.dll
    c:\windows\system32\_005311_.tmp.dll
    c:\windows\system32\_005312_.tmp.dll
    c:\windows\system32\_005313_.tmp.dll
    c:\windows\system32\_005316_.tmp.dll
    c:\windows\system32\_005317_.tmp.dll
    c:\windows\system32\_005321_.tmp.dll
    c:\windows\system32\_005322_.tmp.dll
    c:\windows\system32\_005324_.tmp.dll
    c:\windows\system32\_005326_.tmp.dll
    c:\windows\system32\_005327_.tmp.dll
    c:\windows\system32\_005329_.tmp.dll
    c:\windows\system32\_005330_.tmp.dll
    c:\windows\system32\_005331_.tmp.dll
    c:\windows\system32\_005332_.tmp.dll
    c:\windows\system32\_005335_.tmp.dll
    c:\windows\system32\_005336_.tmp.dll
    c:\windows\system32\_005337_.tmp.dll
    c:\windows\system32\_005338_.tmp.dll
    c:\windows\system32\_005339_.tmp.dll
    c:\windows\system32\_005344_.tmp.dll
    c:\windows\system32\_005346_.tmp.dll
    c:\windows\system32\303357.exe
    c:\windows\system32\ahtn.htm
    c:\windows\system32\bb1.dat
    c:\windows\system32\comsa32.sys
    c:\windows\system32\cookie1.dat
    c:\windows\system32\cs.dat
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\drivers\seneka.sys
    c:\windows\system32\drivers\senekavlwgrmov.sys
    c:\windows\system32\eyhmsigd.ini
    c:\windows\system32\frmwrk32.exe
    c:\windows\system32\inf\rundll33.exe
    c:\windows\system32\init32.exe
    c:\windows\system32\packet.dll
    c:\windows\system32\ps1.dat
    c:\windows\system32\rc.dat
    c:\windows\system32\senekaaflfeyrk.dll
    c:\windows\system32\senekacijsoela.dll
    c:\windows\system32\senekafsjwrwsu.dat
    c:\windows\system32\senekavmduvqvk.dat
    c:\windows\system32\sopidkc.exe
    c:\windows\system32\tb.dr
    c:\windows\system32\test.ttt
    c:\windows\system32\tmpxccacj1.exe
    c:\windows\system32\tpszxyd.sys
    c:\windows\system32\warning.gif
    c:\windows\system32\win32hlp.cnf
    c:\windows\system32\wpcap.dll
    c:\windows\system32\xcchit32.ini
    c:\windows\xccdf32_090131a.dll
    c:\windows\xccwinsys.ini

    ----- BITS: Possible infected sites -----

    hxxp://82.98.235.205
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_SENEKA
    -------\Legacy_AFISICX
    -------\Legacy_DEFAULTLIB
    -------\Legacy_IAS
    -------\Legacy_MABIDWE
    -------\Legacy_SOFTYINFORWOW1
    -------\Legacy_SOPIDKC
    -------\Service_defaultlib
    -------\Service_Ias
    -------\Service_NPF
    -------\Service_softyinforwow1
    -------\Service_sopidkc


    ((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
    .

    2009-03-09 02:56 . 2009-03-10 02:24 <DIR> d-------- c:\program files\Koei
    2009-03-08 07:48 . 2009-03-08 07:48 0 --a------ c:\windows\system32\nfr.assembly
    2009-03-08 07:46 . 2009-03-08 07:46 12,800 --a------ c:\windows\system32\dll32.dll
    2009-03-08 07:46 . 2009-03-08 07:46 12,288 ---h----- c:\windows\ld02.exe
    2009-03-08 07:46 . 2009-03-08 07:46 11,776 ---h----- c:\windows\pp2.exe
    2009-03-08 07:46 . 2009-03-08 07:46 1 ---h----- c:\windows\t55ft3518f44.dat
    2009-03-08 07:46 . 2009-03-08 07:46 1 --a------ c:\windows\9gdfgjf23
    2009-03-08 05:47 . 2009-03-08 07:28 <DIR> d-------- c:\program files\Sim Brothel
    2009-03-08 00:16 . 2009-03-08 00:17 <DIR> d-------- c:\program files\ERUNT
    2009-03-06 15:13 . 2009-03-06 15:13 44,032 --a------ c:\windows\system32\kmsvc32.dll
    2009-03-05 12:17 . 2009-03-05 12:17 11,264 --a------ c:\windows\system32\imdds.dll
    2009-03-05 12:13 . 2009-03-06 15:13 100 --a------ c:\windows\system32\wh
    2009-03-03 11:20 . 2009-03-08 23:28 <DIR> d--hs---- c:\windows\$ntunistalls
    2009-03-02 12:05 . 2009-03-02 12:05 2,713 ---hs---- c:\windows\system32\nelesoye.dll
    2009-03-01 12:51 . 2009-03-01 14:51 227 --a------ c:\windows\system32\hgset.ini
    2009-03-01 12:51 . 2009-03-01 12:51 32 --a------ c:\windows\system32\work.ini
    2009-03-01 12:50 . 2009-03-01 13:27 <DIR> d-------- c:\windows\system32\3361
    2009-02-28 12:09 . 2002-02-15 15:02 676,352 --a------ c:\windows\system32\rtl60.bpl
    2009-02-28 12:08 . 2009-03-10 16:28 <DIR> d-------- c:\windows\system32\inf
    2009-02-20 21:02 . 2009-02-20 21:02 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\The Creative Assembly
    2009-02-18 23:48 . 2009-02-18 23:48 <DIR> d-------- c:\program files\OptimiData
    2009-02-18 18:54 . 2009-02-18 18:54 <DIR> d-------- c:\program files\Freelancer Mod Manager

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-10 22:17 --------- d-----w c:\program files\Eraser
    2009-03-10 22:09 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Hamachi
    2009-03-10 22:08 --------- d-----w c:\program files\Warcraft III
    2009-03-10 10:41 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\uTorrent
    2009-03-09 21:07 --------- d-----w c:\program files\DAEMON Tools Pro
    2009-03-08 18:20 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\HTSKApp
    2009-03-07 06:45 --------- d-----w c:\program files\THQ
    2009-03-07 06:43 --------- d-----w c:\program files\Microsoft Games
    2009-03-07 06:42 --------- d-----w c:\program files\Activision
    2009-03-07 06:00 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-03-05 18:47 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-02-28 19:37 --------- d-----w c:\program files\Opera 9
    2009-02-28 18:58 --------- d-----w c:\program files\Google
    2009-02-24 11:12 --------- d-----w c:\program files\Ubisoft
    2009-02-14 21:48 --------- d-----w c:\program files\Battle for Wesnoth 1.5.9
    2009-02-11 17:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-04 17:57 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Activision
    2009-02-01 03:42 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Canon
    2009-01-28 07:15 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
    2009-01-21 20:46 --------- d-----w c:\program files\Magic Workstation
    2009-01-21 18:01 133,632 ----a-w c:\windows\awepajon.dll
    2009-01-20 03:50 --------- d-----w c:\program files\Trend Micro
    2009-01-12 07:51 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Tilted Mill
    2007-11-16 02:07 22,328 ----a-w c:\documents and settings\HP_Administrator\Application Data\PnkBstrK.sys
    2003-12-18 17:33 20,102 ----a-w c:\program files\Readme.txt
    2003-09-03 13:46 10,960 ----a-w c:\program files\EULA.txt
    2006-09-20 21:59 22 --sha-w c:\windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2007-11-12_20.05.04.85 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-10-04 10:40:05 72,704 ----a-w c:\windows\$hf_mig$\KB925720\SP2QFE\magnify.exe
    + 2006-10-04 10:40:06 53,760 ----a-w c:\windows\$hf_mig$\KB925720\SP2QFE\narrator.exe
    + 2006-10-04 10:40:06 215,552 ----a-w c:\windows\$hf_mig$\KB925720\SP2QFE\osk.exe
    + 2006-10-04 14:05:57 35,840 ----a-w c:\windows\$hf_mig$\KB925720\SP2QFE\umandlg.dll
    + 2006-10-04 10:40:06 50,176 ----a-w c:\windows\$hf_mig$\KB925720\SP2QFE\utilman.exe
    + 2005-10-12 23:16:49 14,048 ----a-w c:\windows\$hf_mig$\KB925720\spmsg.dll
    + 2005-10-12 23:16:49 213,216 ----a-w c:\windows\$hf_mig$\KB925720\spuninst.exe
    + 2005-10-12 23:16:49 22,752 ----a-w c:\windows\$hf_mig$\KB925720\update\spcustom.dll
    + 2005-10-12 23:16:51 716,000 ----a-w c:\windows\$hf_mig$\KB925720\update\update.exe
    + 2005-10-12 23:16:56 371,424 ----a-w c:\windows\$hf_mig$\KB925720\update\updspapi.dll
    + 2008-02-26 11:48:44 297,984 ----a-w c:\windows\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB932823-v3\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB932823-v3\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB932823-v3\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB932823-v3\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB932823-v3\update\updspapi.dll
    + 2007-07-06 09:52:38 72,960 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqac.sys
    + 2007-07-06 13:08:11 138,240 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqad.dll
    + 2007-07-06 13:08:11 47,104 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
    + 2007-07-06 13:08:11 16,896 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqise.dll
    + 2007-07-06 13:08:11 660,992 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqqm.dll
    + 2007-07-06 13:08:11 177,152 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqrt.dll
    + 2007-07-06 13:08:11 95,744 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqsec.dll
    + 2007-07-06 13:08:11 48,640 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
    + 2007-07-06 13:08:11 471,552 ----a-w c:\windows\$hf_mig$\KB937894\SP2QFE\mqutil.dll
    + 2005-10-12 23:12:25 14,048 ----a-w c:\windows\$hf_mig$\KB937894\spmsg.dll
    + 2005-10-12 23:12:26 213,216 ----a-w c:\windows\$hf_mig$\KB937894\spuninst.exe
    + 2005-10-12 23:12:25 22,752 ----a-w c:\windows\$hf_mig$\KB937894\update\spcustom.dll
    + 2005-10-12 23:12:29 716,000 ----a-w c:\windows\$hf_mig$\KB937894\update\update.exe
    + 2005-10-12 23:12:34 371,424 ----a-w c:\windows\$hf_mig$\KB937894\update\updspapi.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll
    + 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll
    + 2007-10-30 16:53:32 360,832 ----a-w c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB941644\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB941644\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB941644\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB941644\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB941644\update\updspapi.dll
    + 2008-03-19 09:40:27 1,845,888 ----a-w c:\windows\$hf_mig$\KB941693\SP2QFE\win32k.sys
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB941693\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB941693\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB941693\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB941693\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB941693\update\updspapi.dll
    + 2007-10-10 23:47:27 124,928 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
    + 2007-10-10 23:47:27 214,528 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
    + 2007-10-10 23:47:27 132,608 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
    + 2007-10-10 23:47:27 63,488 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
    + 2007-10-10 08:16:47 70,656 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
    + 2007-10-10 23:47:27 153,088 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
    + 2007-10-10 23:47:27 230,400 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
    + 2007-10-10 05:47:20 161,792 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:28:12 2,455,488 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
    + 2007-10-10 23:47:27 383,488 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
    + 2007-10-10 23:47:27 388,096 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
    + 2007-10-10 23:47:27 6,067,200 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
    + 2007-10-10 23:47:27 44,544 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
    + 2007-10-10 23:47:27 267,776 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
    + 2007-10-10 08:16:47 13,824 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
    + 2007-10-10 08:16:56 625,664 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
    + 2007-10-10 23:47:28 27,648 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
    + 2007-10-10 23:47:28 459,264 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
    + 2007-10-10 23:47:28 52,224 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
    + 2007-10-30 23:48:49 3,593,216 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
    + 2007-10-10 23:47:28 478,208 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
    + 2007-10-10 23:47:28 193,024 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
    + 2007-10-10 23:47:28 671,232 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
    + 2007-10-10 23:47:28 102,912 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
    + 2007-10-10 23:47:28 105,984 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
    + 2007-10-10 23:47:29 1,162,240 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
    + 2007-10-10 23:47:29 233,472 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
    + 2007-10-10 23:47:29 825,344 ----a-w c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB942615-IE7\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB942615-IE7\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB942615-IE7\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB942615-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB942615-IE7\update\updspapi.dll
    + 2007-11-13 11:02:46 60,416 ----a-w c:\windows\$hf_mig$\KB942763\SP2QFE\tzchange.exe
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB942763\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB942763\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB942763\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB942763\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB942763\update\updspapi.dll
    + 2007-12-04 18:29:10 551,936 ----a-w c:\windows\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB943055\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB943055\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB943055\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB943055\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB943055\update\updspapi.dll
    + 2007-11-07 09:50:47 727,040 ----a-w c:\windows\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB943485\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB943485\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB943485\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB943485\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB943485\update\updspapi.dll
    + 2007-12-07 02:01:07 124,928 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\advpack.dll
    + 2007-12-19 22:57:52 347,136 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\dxtmsft.dll
    + 2007-12-07 02:01:07 214,528 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\dxtrans.dll
    + 2007-12-07 02:01:07 133,120 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\extmgr.dll
    + 2007-12-07 02:01:07 63,488 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\icardie.dll
    + 2007-12-06 08:34:28 70,656 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
    + 2007-12-07 02:01:08 153,088 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\ieakeng.dll
    + 2007-12-07 02:01:08 230,400 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\ieaksie.dll
    + 2007-12-06 05:00:02 161,792 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:28:12 2,455,488 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dat
    + 2007-12-07 02:01:08 383,488 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dll
    + 2007-12-07 02:01:08 388,096 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iedkcs32.dll
    + 2007-12-07 02:01:10 6,067,200 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\ieframe.dll
    + 2007-12-07 02:01:10 44,544 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iernonce.dll
    + 2007-12-07 02:01:11 267,776 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iertutil.dll
    + 2007-12-06 08:34:29 13,824 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
    + 2007-12-06 08:34:45 625,664 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
    + 2007-12-07 02:01:11 27,648 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\jsproxy.dll
    + 2007-12-07 02:01:11 459,264 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\msfeeds.dll
    + 2007-12-07 02:01:11 52,224 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\msfeedsbs.dll
    + 2007-12-07 02:01:12 3,593,216 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
    + 2007-12-07 02:01:12 478,208 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtmled.dll
    + 2007-12-07 02:01:13 193,024 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\msrating.dll
    + 2007-12-07 02:01:13 671,232 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mstime.dll
    + 2007-12-07 02:01:13 102,912 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\occache.dll
    + 2008-01-11 05:57:26 44,544 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll
    + 2007-12-07 02:01:13 105,984 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\url.dll
    + 2007-12-07 02:01:13 1,162,752 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll
    + 2007-12-07 02:01:13 233,472 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\webcheck.dll
    + 2007-12-07 02:01:13 825,344 ----a-w c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB944533-IE7\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB944533-IE7\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB944533-IE7\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB944533-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB944533-IE7\update\updspapi.dll
    + 2007-11-13 08:47:45 20,480 ----a-w c:\windows\$hf_mig$\KB944653\SP2QFE\secdrv.sys
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB944653\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB944653\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB944653\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB944653\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB944653\update\updspapi.dll
    + 2008-02-20 05:19:35 147,968 ----a-w c:\windows\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
    + 2008-02-20 18:49:36 45,568 ----a-w c:\windows\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB945553\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB945553\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB945553\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB945553\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB945553\update\updspapi.dll
    + 2007-12-18 09:38:59 179,712 ----a-w c:\windows\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB946026\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB946026\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB946026\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB946026\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB946026\update\updspapi.dll
    + 2008-05-02 13:30:08 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP2QFE\msgsc.dll
    + 2008-05-02 14:01:49 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3GDR\msgsc.dll
    + 2008-05-02 13:42:10 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll
    + 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll
    + 2008-03-01 13:03:00 124,928 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
    + 2008-03-01 13:03:00 347,136 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
    + 2008-03-01 13:03:00 214,528 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
    + 2008-03-01 13:03:00 132,608 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
    + 2008-03-01 13:03:00 63,488 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
    + 2008-02-22 09:39:56 70,656 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
    + 2008-03-01 13:03:00 153,088 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
    + 2008-03-01 13:03:00 230,400 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
    + 2008-02-15 05:44:25 161,792 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
    + 2008-03-01 13:03:00 383,488 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
    + 2008-03-01 13:03:00 388,608 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
    + 2008-03-01 13:03:01 6,067,712 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
    + 2008-03-01 13:03:01 44,544 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
    + 2008-03-01 13:03:01 267,776 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
    + 2008-02-22 09:39:56 13,824 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
    + 2008-02-22 09:40:22 625,664 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
    + 2008-03-01 13:03:01 27,648 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
    + 2008-03-01 13:03:01 459,264 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
    + 2008-03-01 13:03:01 52,224 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
    + 2008-03-01 13:03:01 3,593,216 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
    + 2008-03-01 13:03:01 478,208 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
    + 2008-03-01 13:03:01 193,024 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
    + 2008-03-01 13:03:01 671,232 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
    + 2008-03-01 13:03:01 102,912 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
    + 2008-03-01 13:03:01 44,544 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
    + 2008-03-01 13:03:02 105,984 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
    + 2008-03-01 13:03:02 1,162,752 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
    + 2008-03-01 13:03:02 233,472 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
    + 2008-03-01 13:03:02 827,392 ----a-w c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB947864-IE7\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB947864-IE7\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB947864-IE7\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB947864-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB947864-IE7\update\updspapi.dll
    + 2008-02-20 06:52:43 282,624 ----a-w c:\windows\$hf_mig$\KB948590\SP2QFE\gdi32.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB948590\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB948590\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB948590\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB948590\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB948590\update\updspapi.dll
    + 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB948881\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB948881\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB948881\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB948881\update\update.exe
    + 2007-03-06 01:23:47 371,424 ----a-w c:\windows\$hf_mig$\KB948881\update\updspapi.dll
    + 2008-01-23 04:56:21 554,008 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\dao360.dll
    + 2007-12-10 12:41:11 518,944 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexch40.dll
    + 2007-12-10 12:41:11 326,432 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
    + 2007-12-10 12:41:11 1,516,568 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjet40.dll
    + 2007-12-10 12:41:11 355,112 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
    + 2008-03-27 07:39:13 151,583 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjint40.dll
    + 2007-12-10 12:41:12 60,192 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjter40.dll
    + 2007-12-10 12:41:12 248,608 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
    + 2007-12-10 12:41:12 219,936 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msltus40.dll
    + 2007-12-10 12:41:12 355,104 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
    + 2007-12-10 12:41:13 432,928 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
    + 2007-12-10 12:41:13 322,336 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
    + 2007-12-10 12:41:13 559,904 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
    + 2007-12-10 12:41:13 264,992 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mstext40.dll
    + 2007-12-10 12:41:13 838,432 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
    + 2007-12-10 12:41:14 621,344 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
    + 2007-12-10 12:41:14 355,104 ----a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB950749\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB950749\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB950749\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB950749\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB950749\update\updspapi.dll
    + 2008-04-23 03:35:35 124,928 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll
    + 2008-04-23 03:35:35 347,136 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll
    + 2008-04-23 03:35:35 214,528 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll
    + 2008-04-23 03:35:35 132,608 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll
    + 2008-04-23 03:35:35 63,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll
    + 2008-04-22 08:02:19 70,656 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe
    + 2008-04-23 03:35:35 153,088 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll
    + 2008-04-23 03:35:35 230,400 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll
    + 2008-04-20 05:07:38 161,792 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat
    + 2008-04-23 03:35:35 383,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll
    + 2008-04-23 03:35:35 388,608 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll
    + 2008-04-23 03:35:36 6,068,224 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll
    + 2008-04-23 03:35:36 44,544 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll
    + 2008-04-23 03:35:36 267,776 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll
    + 2008-04-22 08:02:19 13,824 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe
    + 2008-04-22 08:02:46 625,664 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
    + 2008-04-23 03:35:36 27,648 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll
    + 2008-04-23 03:35:36 459,264 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll
    + 2008-04-23 03:35:36 52,224 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll
    + 2008-04-23 03:35:36 3,593,728 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
    + 2008-04-23 03:35:36 478,208 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll
    + 2008-04-23 03:35:36 193,024 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll
    + 2008-04-23 03:35:36 671,232 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll
    + 2008-04-23 03:35:36 102,912 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll
    + 2008-04-23 03:35:36 44,544 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll
    + 2008-04-23 03:35:36 105,984 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\url.dll
    + 2008-04-23 03:35:36 1,162,752 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll
    + 2008-04-23 03:35:36 233,472 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll
    + 2008-04-23 03:35:36 827,392 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB950759-IE7\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB950759-IE7\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB950759-IE7\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB950759-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB950759-IE7\update\updspapi.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950760\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950760\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950760\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950760\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950760\update\updspapi.dll
    + 2008-05-08 12:14:51 203,008 ----a-w c:\windows\$hf_mig$\KB950762\SP2QFE\rmcast.sys
    + 2008-05-08 14:02:52 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3GDR\rmcast.sys
    + 2008-05-08 13:58:17 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3QFE\rmcast.sys
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950762\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950762\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950762\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950762\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950762\update\updspapi.dll
    + 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
    + 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
    + 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
    + 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
    + 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
    + 2008-04-11 18:39:39 683,520 ----a-w c:\windows\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
    + 2008-04-11 19:04:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
    + 2008-04-12 06:22:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951066\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951066\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951066\update\spcustom.dll
    + 2007-12-03 15:25:31 755,576 ----a-w c:\windows\$hf_mig$\KB951066\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951066\update\updspapi.dll
    + 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
    + 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
    + 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
    + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
    + 2008-06-13 09:52:16 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
    + 2008-06-13 11:05:51 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
    + 2008-06-13 11:27:43 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
    + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951376-v2\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951376-v2\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\updspapi.dll
    + 2008-04-14 11:00:16 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP2QFE\bthport.sys
    + 2008-04-14 12:30:49 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP3GDR\bthport.sys
    + 2008-04-14 12:36:35 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP3QFE\bthport.sys
    + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951376\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951376\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951376\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB951376\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB951376\update\updspapi.dll
    + 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll
    + 2008-05-07 05:04:15 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll
    + 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll
    + 2006-08-16 12:08:32 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
    + 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys
    + 2008-06-20 17:36:11 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
    + 2008-06-20 17:36:11 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    + 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    + 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
    + 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •