-
Virtumonde.sdn
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:47 PM, on 3/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\runservice.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\userinit.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\GetRight\getright.exe
C:\WINNT\FSScrCtl.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://images.google.com/imghp?ie=UTF-8&tab=wi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {082874E6-7542-4935-AE3E-70FA93AD2244} - (no file)
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\CONFLICT.2\lexbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {23502185-02D6-4A95-AA2C-FFB426DF934D} - (no file)
O2 - BHO: (no name) - {2E371025-D2FA-48C2-87E2-C3876309E889} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6127B8EB-9029-4272-96B8-B85023440CFC} - (no file)
O2 - BHO: (no name) - {711AB4CA-3EE7-49D1-9FDE-6312DC3540DF} - (no file)
O2 - BHO: (no name) - {72F305DC-5DBD-4F24-87C9-1F0AA03C32CE} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7B724A89-4D3D-48E5-8186-8ABAC7595D9E} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7F74FE62-B043-4477-822D-D13D44297C6D} - (no file)
O2 - BHO: (no name) - {8350CB80-6ECD-4F2C-A89D-600831FFAA61} - (no file)
O2 - BHO: (no name) - {8A6FB44E-6F96-4972-9B0A-B4604497EC65} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95768BFD-5D96-4D10-95A2-91975E1CF38D} - (no file)
O2 - BHO: (no name) - {A74A11BF-0437-4B05-A1C0-01E5D0F8B3CC} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {B1B95662-608A-4340-8FAB-79DAE16072D7} - (no file)
O2 - BHO: (no name) - {B612F991-D9CE-469D-9738-B3A3AA7185CB} - (no file)
O2 - BHO: (no name) - {BBF82CA3-7093-42A6-A4BE-492FEE0E2288} - (no file)
O2 - BHO: (no name) - {C52EA57A-F4A0-4589-B8FB-0280EC000242} - (no file)
O2 - BHO: (no name) - {C5F74968-726B-42F7-AC61-87F40E9F491A} - (no file)
O2 - BHO: (no name) - {DBC1CB0C-2E5A-4945-9BEA-671A8091D111} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7823DBF-7D4C-4DB3-9531-A9B21BE03593} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\CONFLICT.2\lexbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\BP Go!Zilla v4.1\download-with-gozilla.html
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\docume~1\owner\locals~1\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\docume~1\owner\locals~1\temp\ntdll64.dll
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} -
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/def...andaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124777306750
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bar...webinstall.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/gho...sis/axhost.cab
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents...ck/TMSetup.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/fee...utLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tool...bar/lexico.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: muorshxl - C:\WINNT\
O20 - Winlogon Notify: rdrxekuk - C:\WINNT\
O20 - Winlogon Notify: rlrqgghe - C:\WINNT\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FCF (fcf) - Unknown owner - C:\WINNT\system32\svchost.exe:exe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\
--
End of file - 13978 bytes
also, when i try to update my spybot program, I get a "invalid floating point operation." And I can't seem to get rid of Fraud.xp antivirus either. I'd really appreciate any help. Thank you!
-
Hello RallyReal
Welcome to Safer Networking.
Please read Before You Post
That said, All advice given by anyone volunteering here, is taken at your own risk.
While best efforts are made to assist in removing infections safely, unexpected stuff can happen.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and Paste the entire report in your next reply along with a New Hijackthis log.
-
Malwarebytes Log and HJT Log
Malwarebytes' Anti-Malware 1.34
Database version: 1883
Windows 5.1.2600 Service Pack 3
3/21/2009 8:20:48 PM
mbam-log-2009-03-21 (20-20-48).txt
Scan type: Quick Scan
Objects scanned: 76198
Time elapsed: 6 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 19
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 54
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\ntdll64.dll (Trojan.Vundo) -> Delete on reboot.
c:\documents and settings\Owner\application data\cipvmano.dll (Trojan.Agent) -> Delete on reboot.
c:\WINNT\frmyroqo.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mespw (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mespw (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mespw (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ouken (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ouken (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ouken (Trojan.Agent) -> Delete on reboot.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{820a2c8d-dfc0-4a9f-b3ca-4410ca4f7c04} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\winnt\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Owner\Local Settings\Temp\ntdll64.dll (Trojan.Vundo) -> Delete on reboot.
c:\documents and settings\Owner\application data\cipvmano.dll (Trojan.Agent) -> Delete on reboot.
c:\WINNT\frmyroqo.dll (Trojan.Agent) -> Delete on reboot.
C:\WINNT\Xkilobecebepagu.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINNT\system32\frmwrk32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINNT\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINNT\system32\drivers\117d6292.sys (Backdoor.Rustock) -> Delete on reboot.
C:\lwoa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\mbackyt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\mtaueu.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\rfjcpx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\snnouf.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\ssgjwu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\utyus.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\wkaqjah.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243336035-3055115375-381863305-1553\vslmq.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-8186022457-7722226427-373401629-6478\service.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\095.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\1498161520.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\1784255270.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\475.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\696.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\ibzrw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\fp0zl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\rip10.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\x4kqukrql.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DQ34M2L\aasuper0[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DQ34M2L\aasuper1[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DQ34M2L\pzwwkk[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DQ34M2L\spcmmzmnak[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DQ34M2L\xdqrr[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\aasuper0[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\aasuper1[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\aasuper2[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\ebbxlllly[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\exylmmm[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\loaderadv563[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\lqm[1].exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZRG9PCF0\aasuper3[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZRG9PCF0\fmvff[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZRG9PCF0\mmjjwjxt[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYPE1HF6\aasuper2[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYPE1HF6\aasuper3[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYPE1HF6\jscccdd[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYPE1HF6\wgpqnrfsc[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYPE1HF6\wtddrrsfg[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYPE1HF6\xguudrerr[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\WINNT\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINNT\system32\svchost.exe:exe.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINNT\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINNT\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:01 PM, on 3/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\runservice.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\GetRight\getright.exe
C:\WINNT\FSScrCtl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://images.google.com/imghp?ie=UTF-8&tab=wi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {082874E6-7542-4935-AE3E-70FA93AD2244} - (no file)
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\CONFLICT.2\lexbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {23502185-02D6-4A95-AA2C-FFB426DF934D} - (no file)
O2 - BHO: (no name) - {2E371025-D2FA-48C2-87E2-C3876309E889} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6127B8EB-9029-4272-96B8-B85023440CFC} - (no file)
O2 - BHO: (no name) - {711AB4CA-3EE7-49D1-9FDE-6312DC3540DF} - (no file)
O2 - BHO: (no name) - {72F305DC-5DBD-4F24-87C9-1F0AA03C32CE} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7B724A89-4D3D-48E5-8186-8ABAC7595D9E} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7F74FE62-B043-4477-822D-D13D44297C6D} - (no file)
O2 - BHO: (no name) - {8350CB80-6ECD-4F2C-A89D-600831FFAA61} - (no file)
O2 - BHO: (no name) - {8A6FB44E-6F96-4972-9B0A-B4604497EC65} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {95768BFD-5D96-4D10-95A2-91975E1CF38D} - (no file)
O2 - BHO: (no name) - {A74A11BF-0437-4B05-A1C0-01E5D0F8B3CC} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {B1B95662-608A-4340-8FAB-79DAE16072D7} - (no file)
O2 - BHO: (no name) - {B612F991-D9CE-469D-9738-B3A3AA7185CB} - (no file)
O2 - BHO: (no name) - {BBF82CA3-7093-42A6-A4BE-492FEE0E2288} - (no file)
O2 - BHO: (no name) - {C52EA57A-F4A0-4589-B8FB-0280EC000242} - (no file)
O2 - BHO: (no name) - {C5F74968-726B-42F7-AC61-87F40E9F491A} - (no file)
O2 - BHO: (no name) - {DBC1CB0C-2E5A-4945-9BEA-671A8091D111} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E7823DBF-7D4C-4DB3-9531-A9B21BE03593} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\CONFLICT.2\lexbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\BP Go!Zilla v4.1\download-with-gozilla.html
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/def...andaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124777306750
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bar...webinstall.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/gho...sis/axhost.cab
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents...ck/TMSetup.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/fee...utLauncher.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tool...bar/lexico.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: muorshxl - C:\WINNT\
O20 - Winlogon Notify: rdrxekuk - C:\WINNT\
O20 - Winlogon Notify: rlrqgghe - C:\WINNT\
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\
--
End of file - 13851 bytes
-
Good Morning,
A bit more to do. You may want to print this out as all windows including this one need to be closed.
Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
O2 - BHO: (no name) - {082874E6-7542-4935-AE3E-70FA93AD2244} - (no file)
O2 - BHO: (no name) - {23502185-02D6-4A95-AA2C-FFB426DF934D} - (no file)
O2 - BHO: (no name) - {2E371025-D2FA-48C2-87E2-C3876309E889} - (no file)
O2 - BHO: (no name) - {6127B8EB-9029-4272-96B8-B85023440CFC} - (no file)
O2 - BHO: (no name) - {711AB4CA-3EE7-49D1-9FDE-6312DC3540DF} - (no file)
O2 - BHO: (no name) - {72F305DC-5DBD-4F24-87C9-1F0AA03C32CE} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7B724A89-4D3D-48E5-8186-8ABAC7595D9E} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {7F74FE62-B043-4477-822D-D13D44297C6D} - (no file)
O2 - BHO: (no name) - {8350CB80-6ECD-4F2C-A89D-600831FFAA61} - (no file)
O2 - BHO: (no name) - {8A6FB44E-6F96-4972-9B0A-B4604497EC65} - (no file)
O2 - BHO: (no name) - {95768BFD-5D96-4D10-95A2-91975E1CF38D} - (no file)
O2 - BHO: (no name) - {A74A11BF-0437-4B05-A1C0-01E5D0F8B3CC} - (no file)
O2 - BHO: (no name) - {B1B95662-608A-4340-8FAB-79DAE16072D7} - (no file)
O2 - BHO: (no name) - {B612F991-D9CE-469D-9738-B3A3AA7185CB} - (no file)
O2 - BHO: (no name) - {BBF82CA3-7093-42A6-A4BE-492FEE0E2288} - (no file)
O2 - BHO: (no name) - {C52EA57A-F4A0-4589-B8FB-0280EC000242} - (no file)
O2 - BHO: (no name) - {C5F74968-726B-42F7-AC61-87F40E9F491A} - (no file)
O2 - BHO: (no name) - {DBC1CB0C-2E5A-4945-9BEA-671A8091D111} - (no file)
O2 - BHO: (no name) - {E7823DBF-7D4C-4DB3-9531-A9B21BE03593} - (no file)
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} -
O20 - Winlogon Notify: muorshxl - C:\WINNT\
O20 - Winlogon Notify: rdrxekuk - C:\WINNT\
O20 - Winlogon Notify: rlrqgghe - C:\WINNT\
Please download ATF Cleaner by Atribune to your desktop.
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
-
Combofix.txt
my browser keeps freezing when I try to upload this log, so I suppose I have to post it in stages. I hope that's alright. And thank you so much for all your help. I really appreciate it.
ComboFix 09-03-22.01 - Owner 2009-03-22 16:00:29.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.143 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\winnt\IE4 Error Log.txt
c:\winnt\system32\test.ttt
c:\winnt\system32\tncuaxmv.ini
c:\winnt\system32\ujiqpxss.ini
c:\winnt\system32\umnbrcdl.ini
c:\winnt\system32\uqkakbfu.ini
c:\winnt\system32\vbtaooim.ini
Infected copy of c:\winnt\system32\userinit.exe was found and disinfected
Restored copy from - c:\winnt\$NtServicePackUninstall$\userinit.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_PassThru
((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))
.
2009-03-21 20:10 . 2009-03-21 20:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-21 20:10 . 2009-03-21 20:10 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-21 20:10 . 2009-03-21 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-21 20:10 . 2009-02-11 10:19 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
2009-03-21 20:10 . 2009-02-11 10:19 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
2009-03-20 13:37 . 2009-03-20 13:37 <DIR> d-------- c:\program files\ERUNT
2009-03-20 01:00 . 2009-03-20 01:00 206 --a------ c:\winnt\system32\MRT.INI
2009-03-19 23:49 . 2009-03-20 00:52 19,968 --a------ C:\cpltpc.exe
2009-03-19 23:45 . 2009-03-20 00:52 2 --a------ C:\278134064
2009-03-15 17:02 . 2009-03-15 17:21 <DIR> d-------- c:\program files\Only Astrology
2009-02-25 16:17 . 2009-02-25 16:19 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-22 22:51 --------- d-----w c:\program files\GetRight
2009-03-16 00:08 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-10 21:07 --------- d-----w c:\program files\Java
2009-02-25 22:57 --------- d-----w c:\program files\VideoLAN
2009-02-21 07:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-19 05:06 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-02-19 05:04 --------- d-----w c:\documents and settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-04-13 10:17 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2005-06-03 17:18 26,166,613 ----a-w c:\program files\NAV05ENG.exe
2005-05-30 23:51 315,624 ----a-w c:\program files\dxwebsetup.exe
2005-02-18 07:35 626,884 ----a-w c:\program files\kukuxumusu_2.zip
2005-02-16 07:02 68,257 ----a-w c:\program files\metallix.zip
2004-11-07 09:45 2,663,024 ----a-w c:\program files\lusetup.exe
2004-08-17 19:45 295,120 ----a-w c:\program files\NSSetup.exe
2004-08-07 23:13 420,974 ----a-w c:\program files\XviD-04102002-1.exe
2004-08-07 23:12 325,354 ----a-w c:\program files\ffdshow-20020617.exe
2004-08-06 02:04 273,342 ----a-w c:\program files\DivFix110.zip
2004-03-24 09:24 401,952 ----a-w c:\program files\3DwindowsXP.exe
2004-02-22 01:18 410,644 ----a-w c:\program files\KTAngelSaver.zip
2004-01-31 02:31 795,540 ----a-w c:\program files\fishtank.zip
2004-01-25 04:39 1,678,680 ----a-w c:\program files\monalisa.exe
2004-01-25 04:37 942,790 ----a-w c:\program files\hypno.zip
2004-01-25 04:37 56,785 ----a-w c:\program files\electric.zip
2004-01-25 04:36 103,708 ----a-w c:\program files\julsav10.zip
2004-01-25 04:35 272,666 ----a-w c:\program files\blaze.zip
2004-01-25 04:34 1,098,212 ----a-w c:\program files\living_waterfall_es.exe
2008-09-28 17:40 32,768 --sha-w c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
.
((((((((((((((((((((((((((((( snapshot@2007-12-01_ 3.48.07.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-11 16:35:59 153,088 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2p.dll
+ 2006-10-11 16:35:59 104,960 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2pgasvc.dll
+ 2006-10-11 16:35:59 313,344 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2pgraph.dll
+ 2006-10-11 16:35:59 115,712 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2pnetsh.dll
+ 2006-10-11 16:35:59 553,984 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2psvc.dll
+ 2006-10-11 16:35:59 58,880 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\pnrpnsp.dll
+ 2006-09-26 08:51:38 212,480 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w c:\winnt\$hf_mig$\KB920342\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w c:\winnt\$hf_mig$\KB920342\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w c:\winnt\$hf_mig$\KB920342\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w c:\winnt\$hf_mig$\KB920342\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w c:\winnt\$hf_mig$\KB920342\update\updspapi.dll
+ 2006-10-04 10:40:05 72,704 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2006-10-04 10:40:06 53,760 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 10:40:06 215,552 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2006-10-04 14:05:57 35,840 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\umandlg.dll
+ 2006-10-04 10:40:06 50,176 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2005-10-12 23:16:49 14,048 ----a-w c:\winnt\$hf_mig$\KB925720\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w c:\winnt\$hf_mig$\KB925720\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w c:\winnt\$hf_mig$\KB925720\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w c:\winnt\$hf_mig$\KB925720\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w c:\winnt\$hf_mig$\KB925720\update\updspapi.dll
+ 2006-11-13 06:02:15 116,736 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\lhmstsc.exe
+ 2006-11-13 06:02:15 1,866,240 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\lhmstscx.dll
+ 2006-11-13 06:02:15 288,768 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\tscuinst.vbs
+ 2006-11-13 06:02:15 36,352 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\tsgqec.dll
+ 2005-10-12 23:12:25 14,048 ----a-w c:\winnt\$hf_mig$\KB925876\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w c:\winnt\$hf_mig$\KB925876\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w c:\winnt\$hf_mig$\KB925876\update\spcustom.dll
+ 2006-11-13 06:02:58 38,400 ----a-w c:\winnt\$hf_mig$\KB925876\update\tscupdatecustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w c:\winnt\$hf_mig$\KB925876\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w c:\winnt\$hf_mig$\KB925876\update\updspapi.dll
+ 2008-02-26 11:48:44 297,984 ----a-w c:\winnt\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\winnt\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB938464\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w c:\winnt\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w c:\winnt\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w c:\winnt\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-10-10 23:47:27 124,928 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
+ 2007-10-10 23:47:27 214,528 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
+ 2007-10-10 23:47:27 132,608 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
+ 2007-10-10 23:47:27 63,488 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
+ 2007-10-10 08:16:47 70,656 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
+ 2007-10-10 23:47:27 153,088 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
+ 2007-10-10 23:47:27 230,400 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
+ 2007-10-10 05:47:20 161,792 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
+ 2007-10-10 23:47:27 383,488 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
+ 2007-10-10 23:47:27 388,096 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
+ 2007-10-10 23:47:27 6,067,200 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
+ 2007-10-10 23:47:27 44,544 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
+ 2007-10-10 23:47:27 267,776 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
+ 2007-10-10 08:16:47 13,824 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
+ 2007-10-10 08:16:56 625,664 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
+ 2007-10-10 23:47:28 27,648 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
+ 2007-10-10 23:47:28 459,264 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
+ 2007-10-10 23:47:28 52,224 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
+ 2007-10-30 23:48:49 3,593,216 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
+ 2007-10-10 23:47:28 478,208 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
+ 2007-10-10 23:47:28 193,024 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
+ 2007-10-10 23:47:28 671,232 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
+ 2007-10-10 23:47:28 102,912 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
+ 2007-10-10 23:47:28 105,984 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
+ 2007-10-10 23:47:29 1,162,240 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
+ 2007-10-10 23:47:29 233,472 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
+ 2007-10-10 23:47:29 825,344 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w c:\winnt\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w c:\winnt\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w c:\winnt\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-07 02:01:07 124,928 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\advpack.dll
+ 2007-12-19 22:57:52 347,136 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\dxtmsft.dll
+ 2007-12-07 02:01:07 214,528 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\dxtrans.dll
+ 2007-12-07 02:01:07 133,120 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\extmgr.dll
+ 2007-12-07 02:01:07 63,488 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\icardie.dll
+ 2007-12-06 08:34:28 70,656 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
+ 2007-12-07 02:01:08 153,088 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieakeng.dll
+ 2007-12-07 02:01:08 230,400 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieaksie.dll
+ 2007-12-06 05:00:02 161,792 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dat
+ 2007-12-07 02:01:08 383,488 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dll
+ 2007-12-07 02:01:08 388,096 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iedkcs32.dll
+ 2007-12-07 02:01:10 6,067,200 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieframe.dll
+ 2007-12-07 02:01:10 44,544 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iernonce.dll
+ 2007-12-07 02:01:11 267,776 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iertutil.dll
+ 2007-12-06 08:34:29 13,824 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
+ 2007-12-06 08:34:45 625,664 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
+ 2007-12-07 02:01:11 27,648 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\jsproxy.dll
+ 2007-12-07 02:01:11 459,264 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\msfeeds.dll
+ 2007-12-07 02:01:11 52,224 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\msfeedsbs.dll
+ 2007-12-07 02:01:12 3,593,216 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
+ 2007-12-07 02:01:12 478,208 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\mshtmled.dll
+ 2007-12-07 02:01:13 193,024 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\msrating.dll
+ 2007-12-07 02:01:13 671,232 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\mstime.dll
+ 2007-12-07 02:01:13 102,912 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\occache.dll
+ 2008-01-11 05:57:26 44,544 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll
+ 2007-12-07 02:01:13 105,984 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\url.dll
+ 2007-12-07 02:01:13 1,162,752 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll
+ 2007-12-07 02:01:13 233,472 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\webcheck.dll
+ 2007-12-07 02:01:13 825,344 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w c:\winnt\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB944653\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w c:\winnt\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w c:\winnt\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w c:\winnt\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-05-02 13:30:08 83,968 ----a-w c:\winnt\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:49 83,968 ----a-w c:\winnt\$hf_mig$\KB946648\SP3GDR\msgsc.dll
+ 2008-05-02 13:42:10 83,968 ----a-w c:\winnt\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\winnt\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-03-01 13:03:00 124,928 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
+ 2008-03-01 13:03:00 347,136 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
+ 2008-03-01 13:03:00 214,528 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
+ 2008-03-01 13:03:00 132,608 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
+ 2008-03-01 13:03:00 63,488 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
+ 2008-02-22 09:39:56 70,656 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
+ 2008-03-01 13:03:00 153,088 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
+ 2008-03-01 13:03:00 230,400 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
+ 2008-03-01 13:03:00 383,488 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
+ 2008-03-01 13:03:00 388,608 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
+ 2008-03-01 13:03:01 6,067,712 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
+ 2008-03-01 13:03:01 44,544 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
+ 2008-03-01 13:03:01 267,776 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
+ 2008-02-22 09:39:56 13,824 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
+ 2008-02-22 09:40:22 625,664 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
+ 2008-03-01 13:03:01 27,648 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
+ 2008-03-01 13:03:01 459,264 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
+ 2008-03-01 13:03:01 52,224 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
+ 2008-03-01 13:03:01 3,593,216 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
+ 2008-03-01 13:03:01 478,208 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
+ 2008-03-01 13:03:01 193,024 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
+ 2008-03-01 13:03:01 671,232 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
+ 2008-03-01 13:03:01 102,912 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
+ 2008-03-01 13:03:01 44,544 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
+ 2008-03-01 13:03:02 105,984 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
+ 2008-03-01 13:03:02 1,162,752 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
+ 2008-03-01 13:03:02 233,472 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
+ 2008-03-01 13:03:02 827,392 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w c:\winnt\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB948590\spmsg.dll
-
A question?
Actually, are there particular segments of the log that you want for Combofix? It's quite large and I'm having trouble trying to piece it together on the forum posts. And also I'm limited by the size of each post. Please advise.
I'll follow this post with the HJT scan log. Thanks again Ken545.
-
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:53 PM, on 3/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\runservice.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\GetRight\getright.exe
C:\WINNT\FSScrCtl.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://images.google.com/imghp?ie=UTF-8&tab=wi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\CONFLICT.2\lexbar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\CONFLICT.2\lexbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - .DEFAULT Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\BP Go!Zilla v4.1\download-with-gozilla.html
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/def...andaonline.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124777306750
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bar...webinstall.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/gho...sis/axhost.cab
O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents...ck/TMSetup.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/fee...utLauncher.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tool...bar/lexico.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\
--
End of file - 11949 bytes
-
I would like to see all after this entry, take as many replies as you need to post it.
((((((((((((((((((((((((((((( snapshot@2007-12-01_ 3.48.07.20 )))))))))))))))))))))))))))))))))))))))))
-
Combofix.txt
I will repost and finish everything, starting with ((((((((((((((((((((((((((((( snapshot@2007-12-01_ 3.48.07.20 )))))))))))))))))))))))))))))))))))))))))
.
((((((((((((((((((((((((((((( snapshot@2007-12-01_ 3.48.07.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-11 16:35:59 153,088 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2p.dll
+ 2006-10-11 16:35:59 104,960 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2pgasvc.dll
+ 2006-10-11 16:35:59 313,344 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2pgraph.dll
+ 2006-10-11 16:35:59 115,712 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2pnetsh.dll
+ 2006-10-11 16:35:59 553,984 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2psvc.dll
+ 2006-10-11 16:35:59 58,880 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\pnrpnsp.dll
+ 2006-09-26 08:51:38 212,480 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w c:\winnt\$hf_mig$\KB920342\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w c:\winnt\$hf_mig$\KB920342\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w c:\winnt\$hf_mig$\KB920342\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w c:\winnt\$hf_mig$\KB920342\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w c:\winnt\$hf_mig$\KB920342\update\updspapi.dll
+ 2006-10-04 10:40:05 72,704 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2006-10-04 10:40:06 53,760 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 10:40:06 215,552 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2006-10-04 14:05:57 35,840 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\umandlg.dll
+ 2006-10-04 10:40:06 50,176 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2005-10-12 23:16:49 14,048 ----a-w c:\winnt\$hf_mig$\KB925720\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w c:\winnt\$hf_mig$\KB925720\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w c:\winnt\$hf_mig$\KB925720\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w c:\winnt\$hf_mig$\KB925720\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w c:\winnt\$hf_mig$\KB925720\update\updspapi.dll
+ 2006-11-13 06:02:15 116,736 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\aaclient.dll
+ 2006-11-07 08:06:47 600,576 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\lhmstsc.exe
+ 2006-11-13 06:02:15 1,866,240 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\lhmstscx.dll
+ 2006-11-13 06:02:15 288,768 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\rhttpaa.dll
+ 2006-11-07 08:06:47 16,832 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\tscinst.vbs
+ 2006-11-07 08:06:47 12,451 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\tscuinst.vbs
+ 2006-11-13 06:02:15 36,352 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\tsgqec.dll
+ 2005-10-12 23:12:25 14,048 ----a-w c:\winnt\$hf_mig$\KB925876\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w c:\winnt\$hf_mig$\KB925876\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w c:\winnt\$hf_mig$\KB925876\update\spcustom.dll
+ 2006-11-13 06:02:58 38,400 ----a-w c:\winnt\$hf_mig$\KB925876\update\tscupdatecustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w c:\winnt\$hf_mig$\KB925876\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w c:\winnt\$hf_mig$\KB925876\update\updspapi.dll
+ 2008-02-26 11:48:44 297,984 ----a-w c:\winnt\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\winnt\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB938464\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w c:\winnt\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w c:\winnt\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w c:\winnt\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-10-10 23:47:27 124,928 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
+ 2007-10-10 23:47:27 214,528 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
+ 2007-10-10 23:47:27 132,608 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
+ 2007-10-10 23:47:27 63,488 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
+ 2007-10-10 08:16:47 70,656 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
+ 2007-10-10 23:47:27 153,088 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
+ 2007-10-10 23:47:27 230,400 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
+ 2007-10-10 05:47:20 161,792 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
+ 2007-10-10 23:47:27 383,488 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
+ 2007-10-10 23:47:27 388,096 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
+ 2007-10-10 23:47:27 6,067,200 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
+ 2007-10-10 23:47:27 44,544 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
+ 2007-10-10 23:47:27 267,776 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
+ 2007-10-10 08:16:47 13,824 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
+ 2007-10-10 08:16:56 625,664 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
+ 2007-10-10 23:47:28 27,648 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
+ 2007-10-10 23:47:28 459,264 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
+ 2007-10-10 23:47:28 52,224 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
+ 2007-10-30 23:48:49 3,593,216 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
+ 2007-10-10 23:47:28 478,208 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
+ 2007-10-10 23:47:28 193,024 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
+ 2007-10-10 23:47:28 671,232 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
+ 2007-10-10 23:47:28 102,912 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
+ 2007-10-10 23:47:28 105,984 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
+ 2007-10-10 23:47:29 1,162,240 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
+ 2007-10-10 23:47:29 233,472 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
+ 2007-10-10 23:47:29 825,344 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w c:\winnt\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w c:\winnt\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w c:\winnt\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-07 02:01:07 124,928 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\advpack.dll
+ 2007-12-19 22:57:52 347,136 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\dxtmsft.dll
+ 2007-12-07 02:01:07 214,528 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\dxtrans.dll
+ 2007-12-07 02:01:07 133,120 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\extmgr.dll
+ 2007-12-07 02:01:07 63,488 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\icardie.dll
+ 2007-12-06 08:34:28 70,656 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
+ 2007-12-07 02:01:08 153,088 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieakeng.dll
+ 2007-12-07 02:01:08 230,400 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieaksie.dll
+ 2007-12-06 05:00:02 161,792 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dat
+ 2007-12-07 02:01:08 383,488 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dll
+ 2007-12-07 02:01:08 388,096 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iedkcs32.dll
+ 2007-12-07 02:01:10 6,067,200 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieframe.dll
+ 2007-12-07 02:01:10 44,544 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iernonce.dll
+ 2007-12-07 02:01:11 267,776 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iertutil.dll
+ 2007-12-06 08:34:29 13,824 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
+ 2007-12-06 08:34:45 625,664 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
+ 2007-12-07 02:01:11 27,648 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\jsproxy.dll
+ 2007-12-07 02:01:11 459,264 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\msfeeds.dll
+ 2007-12-07 02:01:11 52,224 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\msfeedsbs.dll
+ 2007-12-07 02:01:12 3,593,216 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
+ 2007-12-07 02:01:12 478,208 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\mshtmled.dll
+ 2007-12-07 02:01:13 193,024 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\msrating.dll
+ 2007-12-07 02:01:13 671,232 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\mstime.dll
+ 2007-12-07 02:01:13 102,912 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\occache.dll
+ 2008-01-11 05:57:26 44,544 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll
+ 2007-12-07 02:01:13 105,984 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\url.dll
+ 2007-12-07 02:01:13 1,162,752 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll
+ 2007-12-07 02:01:13 233,472 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\webcheck.dll
+ 2007-12-07 02:01:13 825,344 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w c:\winnt\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB944653\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 ----a-w c:\winnt\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 ----a-w c:\winnt\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w c:\winnt\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-05-02 13:30:08 83,968 ----a-w c:\winnt\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:49 83,968 ----a-w c:\winnt\$hf_mig$\KB946648\SP3GDR\msgsc.dll
+ 2008-05-02 13:42:10 83,968 ----a-w c:\winnt\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\winnt\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-03-01 13:03:00 124,928 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
+ 2008-03-01 13:03:00 347,136 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
+ 2008-03-01 13:03:00 214,528 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
+ 2008-03-01 13:03:00 132,608 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
+ 2008-03-01 13:03:00 63,488 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
+ 2008-02-22 09:39:56 70,656 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
+ 2008-03-01 13:03:00 153,088 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
+ 2008-03-01 13:03:00 230,400 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
+ 2008-03-01 13:03:00 383,488 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
+ 2008-03-01 13:03:00 388,608 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
+ 2008-03-01 13:03:01 6,067,712 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
+ 2008-03-01 13:03:01 44,544 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
+ 2008-03-01 13:03:01 267,776 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
+ 2008-02-22 09:39:56 13,824 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
+ 2008-02-22 09:40:22 625,664 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
+ 2008-03-01 13:03:01 27,648 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
+ 2008-03-01 13:03:01 459,264 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
+ 2008-03-01 13:03:01 52,224 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
+ 2008-03-01 13:03:01 3,593,216 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
+ 2008-03-01 13:03:01 478,208 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
+ 2008-03-01 13:03:01 193,024 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
+ 2008-03-01 13:03:01 671,232 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
+ 2008-03-01 13:03:01 102,912 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
+ 2008-03-01 13:03:01 44,544 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
+ 2008-03-01 13:03:02 105,984 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
+ 2008-03-01 13:03:02 1,162,752 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
+ 2008-03-01 13:03:02 233,472 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
+ 2008-03-01 13:03:02 827,392 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 ----a-w c:\winnt\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w c:\winnt\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-23 03:35:35 124,928 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll
+ 2008-04-23 03:35:35 347,136 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll
+ 2008-04-23 03:35:35 214,528 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll
+ 2008-04-23 03:35:35 132,608 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll
+ 2008-04-23 03:35:35 63,488 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll
+ 2008-04-22 08:02:19 70,656 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe
+ 2008-04-23 03:35:35 153,088 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll
+ 2008-04-23 03:35:35 230,400 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll
+ 2008-04-20 05:07:38 161,792 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat
+ 2008-04-23 03:35:35 383,488 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll
+ 2008-04-23 03:35:35 388,608 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll
+ 2008-04-23 03:35:36 6,068,224 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll
+ 2008-04-23 03:35:36 44,544 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll
+ 2008-04-23 03:35:36 267,776 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll
+ 2008-04-22 08:02:19 13,824 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe
+ 2008-04-22 08:02:46 625,664 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
+ 2008-04-23 03:35:36 27,648 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll
+ 2008-04-23 03:35:36 459,264 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll
+ 2008-04-23 03:35:36 52,224 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll
+ 2008-04-23 03:35:36 3,593,728 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
+ 2008-04-23 03:35:36 478,208 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll
+ 2008-04-23 03:35:36 193,024 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll
+ 2008-04-23 03:35:36 671,232 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll
+ 2008-04-23 03:35:36 102,912 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll
+ 2008-04-23 03:35:36 44,544 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll
+ 2008-04-23 03:35:36 105,984 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\url.dll
+ 2008-04-23 03:35:36 1,162,752 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll
+ 2008-04-23 03:35:36 233,472 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll
+ 2008-04-23 03:35:36 827,392 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 ----a-w c:\winnt\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w c:\winnt\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 ----a-w c:\winnt\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w c:\winnt\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w c:\winnt\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w c:\winnt\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\winnt\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\winnt\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 18:39:39 683,520 ----a-w c:\winnt\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w c:\winnt\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-12 07:22:26 691,712 ----a-w c:\winnt\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:31 755,576 ----a-w c:\winnt\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w c:\winnt\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w c:\winnt\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w c:\winnt\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-13 09:52:16 272,128 ----a-w c:\winnt\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-13 11:05:51 272,128 ----a-w c:\winnt\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-13 11:27:43 272,128 ----a-w c:\winnt\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-04-14 11:00:16 272,128 ----a-w c:\winnt\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 12:30:49 272,128 ----a-w c:\winnt\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 12:36:35 272,128 ----a-w c:\winnt\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w c:\winnt\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w c:\winnt\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w c:\winnt\$hf_mig$\KB951698\SP3QFE\quartz.dll
-
Combofix Cont.
+ 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w c:\winnt\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w c:\winnt\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w c:\winnt\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w c:\winnt\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w c:\winnt\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w c:\winnt\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w c:\winnt\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w c:\winnt\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w c:\winnt\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w c:\winnt\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w c:\winnt\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w c:\winnt\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w c:\winnt\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w c:\winnt\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w c:\winnt\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w c:\winnt\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\winnt\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\winnt\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:15 512,000 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16 180,224 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16 172,032 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16 430,080 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:17 90,112 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\winnt\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\winnt\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-05-01 15:04:00 331,776 ----a-w c:\winnt\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:33:02 331,776 ----a-w c:\winnt\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:38:05 331,776 ----a-w c:\winnt\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w c:\winnt\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w c:\winnt\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w c:\winnt\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 16:01:38 124,928 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll
+ 2008-06-23 16:01:38 347,136 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:01:39 214,528 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll
+ 2008-06-23 16:01:39 132,608 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll
+ 2008-06-23 16:01:39 63,488 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll
+ 2008-06-23 08:23:18 70,656 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
+ 2008-06-23 16:01:39 153,088 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll
+ 2008-06-23 16:01:39 230,400 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll
+ 2008-06-21 05:23:53 161,792 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat
+ 2008-06-23 16:01:40 383,488 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll
+ 2008-06-23 16:01:40 388,608 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll
+ 2008-06-23 16:01:43 6,068,736 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll
+ 2008-06-23 16:01:43 44,544 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll
+ 2008-06-23 16:01:44 267,776 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll
+ 2008-06-23 08:23:18 13,824 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
+ 2008-06-23 08:23:52 625,664 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
+ 2008-06-23 16:01:46 27,648 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll
+ 2008-06-23 16:01:46 459,264 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll
+ 2008-06-23 16:01:46 52,224 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll
+ 2008-06-23 16:01:49 3,594,240 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
+ 2008-06-23 16:01:49 477,696 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll
+ 2008-06-23 16:01:49 193,024 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll
+ 2008-06-23 16:01:50 671,232 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll
+ 2008-06-23 16:01:50 102,912 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll
+ 2008-06-23 16:01:50 44,544 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll
+ 2008-06-23 16:01:50 105,984 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\url.dll
+ 2008-06-23 16:01:51 1,162,752 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll
+ 2008-06-23 16:01:51 233,472 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll
+ 2008-06-23 16:01:51 827,904 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB953839\update\updspapi.dll
+ 2008-09-15 12:25:27 1,846,912 ----a-w c:\winnt\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\winnt\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\winnt\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-10-03 09:49:31 247,326 ----a-w c:\winnt\$hf_mig$\KB954600\SP3QFE\strmdll.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB954600\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB954600\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB954600\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB954600\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB954600\update\updspapi.dll
+ 2008-09-04 17:12:27 1,106,944 ----a-w c:\winnt\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 21:08:38 382,840 ----a-w c:\winnt\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\winnt\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\winnt\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\winnt\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\winnt\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\winnt\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\winnt\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\winnt\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-14 10:34:26 138,496 ----a-w c:\winnt\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 10:39:28 2,145,280 ----a-w c:\winnt\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 22:39:46 2,066,048 ----a-w c:\winnt\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 10:09:44 2,023,936 ----a-w c:\winnt\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 23:11:10 2,189,184 ----a-w c:\winnt\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\winnt\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-09-08 11:37:19 333,824 ----a-w c:\winnt\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-24 11:41:11 455,936 ----a-w c:\winnt\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:01 17,272 ----a-w c:\winnt\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\winnt\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\winnt\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04 755,576 ----a-w c:\winnt\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12 382,840 ----a-w c:\winnt\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-16 20:24:09 124,928 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
+ 2008-10-16 20:24:09 347,136 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
+ 2008-10-16 20:24:09 214,528 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
+ 2008-10-16 20:24:09 132,608 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
+ 2008-10-16 20:24:09 63,488 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
+ 2008-10-16 12:46:08 70,656 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
+ 2008-10-16 20:24:09 153,088 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
+ 2008-10-16 20:24:09 230,400 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
+ 2008-10-15 06:33:26 161,792 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
+ 2008-10-16 20:24:09 380,928 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
+ 2008-10-16 20:24:09 388,608 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-16 20:24:09 6,068,224 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
+ 2008-10-16 20:24:09 44,544 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
+ 2008-10-16 20:24:09 267,776 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
+ 2008-10-16 12:46:08 13,824 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
+ 2008-10-15 06:34:58 633,632 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
+ 2008-10-16 20:24:10 27,648 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
+ 2008-10-16 20:24:10 459,264 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
+ 2008-10-16 20:24:10 52,224 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
+ 2008-10-16 20:24:10 3,595,264 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
+ 2008-10-16 20:24:10 477,696 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
+ 2008-10-16 20:24:10 193,024 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
+ 2008-10-16 20:24:10 671,232 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
+ 2008-10-16 20:24:10 102,912 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
+ 2008-10-16 20:24:10 44,544 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
+ 2008-10-16 20:24:10 105,984 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
+ 2008-10-16 20:24:11 1,163,264 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
+ 2008-10-16 20:24:11 233,472 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
+ 2008-10-16 20:24:11 827,904 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\update\updspapi.dll
+ 2008-10-15 16:25:53 339,456 ----a-w c:\winnt\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB958644\update\updspapi.dll
+ 2008-12-11 12:33:59 333,952 ----a-w c:\winnt\$hf_mig$\KB958687\SP3QFE\srv.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB958687\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB958687\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB958687\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB958687\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB958687\update\updspapi.dll
+ 2008-12-13 06:26:56 3,594,752 ----a-w c:\winnt\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB960714-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB960714-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB960714-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB960714-IE7\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w c:\winnt\$hf_mig$\KB960714-IE7\update\updspapi.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\winnt\$hf_mig$\KB960715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\winnt\$hf_mig$\KB960715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\winnt\$hf_mig$\KB960715\update\spcustom.dll
+ 2008-11-15 17:18:04 755,576 ----a-w c:\winnt\$hf_mig$\KB960715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\winnt\$hf_mig$\KB960715\update\updspapi.dll
+ 2008-12-20 23:55:43 124,928 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\advpack.dll
+ 2008-12-20 23:55:44 347,136 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\dxtmsft.dll
+ 2008-12-20 23:55:44 214,528 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\dxtrans.dll
+ 2008-12-20 23:55:44 132,608 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\extmgr.dll
+ 2008-12-20 23:55:45 63,488 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\icardie.dll
+ 2008-12-19 09:41:51 70,656 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ie4uinit.exe
+ 2008-12-20 23:55:45 153,088 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieakeng.dll
+ 2008-12-20 23:55:45 230,400 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieaksie.dll
+ 2008-12-19 05:24:02 161,792 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dat
+ 2008-12-20 23:55:46 380,928 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dll
+ 2008-12-20 23:55:46 388,608 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\iedkcs32.dll
+ 2008-12-20 23:55:50 6,068,736 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieframe.dll
+ 2008-12-20 23:55:50 44,544 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\iernonce.dll
+ 2008-12-20 23:55:50 267,776 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\iertutil.dll
+ 2008-12-19 09:41:52 13,824 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieudinit.exe
+ 2008-12-19 05:25:30 634,024 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
+ 2008-12-20 23:55:51 27,648 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\jsproxy.dll
+ 2008-12-20 23:55:51 459,264 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\msfeeds.dll
+ 2008-12-20 23:55:51 52,224 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\msfeedsbs.dll
+ 2009-01-16 16:24:38 3,596,288 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
+ 2008-12-20 23:55:56 477,696 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\mshtmled.dll
+ 2008-12-20 23:55:56 193,024 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\msrating.dll
+ 2008-12-20 23:55:57 671,232 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\mstime.dll
+ 2008-12-20 23:55:57 102,912 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\occache.dll
+ 2008-12-20 23:55:57 44,544 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\pngfilt.dll
+ 2008-12-20 23:55:57 105,984 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\url.dll
+ 2008-12-20 23:55:59 1,163,264 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\urlmon.dll
+ 2008-12-20 23:55:59 233,472 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\webcheck.dll
+ 2008-12-20 23:56:00 827,904 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\update\updspapi.dll
- 2002-08-29 07:33:20 50,560 -c----w c:\winnt\$NtServicePackUninstall$\1394bus.sys
+ 2004-08-04 06:10:06 53,248 -c----w c:\winnt\$NtServicePackUninstall$\1394bus.sys
+ 2004-08-04 06:00:03 12,288 -c----w c:\winnt\$NtServicePackUninstall$\4mmdat.sys
+ 2004-08-04 06:10:10 48,128 -c----w c:\winnt\$NtServicePackUninstall$\61883.sys
- 2003-03-31 12:00:00 59,392 -c----w c:\winnt\$NtServicePackUninstall$\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 -c----w c:\winnt\$NtServicePackUninstall$\6to4svc.dll
+ 2006-11-13 06:02:58 116,736 -c----w c:\winnt\$NtServicePackUninstall$\aaclient.dll
+ 2006-10-04 14:05:26 39,424 -c----w c:\winnt\$NtServicePackUninstall$\acadproc.dll
+ 2006-10-04 14:05:26 39,424 -c----w c:\winnt\$NtServicePackUninstall$\acadproc.dll.000
- 2002-11-20 17:50:50 179,200 -c----w c:\winnt\$NtServicePackUninstall$\accwiz.exe
+ 2004-08-04 07:56:47 183,808 -c----w c:\winnt\$NtServicePackUninstall$\accwiz.exe
- 2003-02-19 20:15:36 1,821,696 -c----w c:\winnt\$NtServicePackUninstall$\acgenral.dll
+ 2004-08-04 07:56:41 1,852,416 -c----w c:\winnt\$NtServicePackUninstall$\acgenral.dll
+ 2004-08-04 07:56:41 1,852,416 -c----w c:\winnt\$NtServicePackUninstall$\acgenral.dll.000
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules