Page 1 of 5 12345 LastLast
Results 1 to 10 of 47

Thread: Virtumonde.sdn

  1. #1
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Virtumonde.sdn

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:38:47 PM, on 3/20/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINNT\runservice.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\WLTRYSVC.EXE
    C:\WINNT\System32\bcmwltry.exe
    C:\WINNT\system32\userinit.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\GetRight\getright.exe
    C:\WINNT\FSScrCtl.exe
    C:\WINNT\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://images.google.com/imghp?ie=UTF-8&tab=wi
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {082874E6-7542-4935-AE3E-70FA93AD2244} - (no file)
    O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\CONFLICT.2\lexbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {23502185-02D6-4A95-AA2C-FFB426DF934D} - (no file)
    O2 - BHO: (no name) - {2E371025-D2FA-48C2-87E2-C3876309E889} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {6127B8EB-9029-4272-96B8-B85023440CFC} - (no file)
    O2 - BHO: (no name) - {711AB4CA-3EE7-49D1-9FDE-6312DC3540DF} - (no file)
    O2 - BHO: (no name) - {72F305DC-5DBD-4F24-87C9-1F0AA03C32CE} - (no file)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: (no name) - {7B724A89-4D3D-48E5-8186-8ABAC7595D9E} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7F74FE62-B043-4477-822D-D13D44297C6D} - (no file)
    O2 - BHO: (no name) - {8350CB80-6ECD-4F2C-A89D-600831FFAA61} - (no file)
    O2 - BHO: (no name) - {8A6FB44E-6F96-4972-9B0A-B4604497EC65} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {95768BFD-5D96-4D10-95A2-91975E1CF38D} - (no file)
    O2 - BHO: (no name) - {A74A11BF-0437-4B05-A1C0-01E5D0F8B3CC} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: (no name) - {B1B95662-608A-4340-8FAB-79DAE16072D7} - (no file)
    O2 - BHO: (no name) - {B612F991-D9CE-469D-9738-B3A3AA7185CB} - (no file)
    O2 - BHO: (no name) - {BBF82CA3-7093-42A6-A4BE-492FEE0E2288} - (no file)
    O2 - BHO: (no name) - {C52EA57A-F4A0-4589-B8FB-0280EC000242} - (no file)
    O2 - BHO: (no name) - {C5F74968-726B-42F7-AC61-87F40E9F491A} - (no file)
    O2 - BHO: (no name) - {DBC1CB0C-2E5A-4945-9BEA-671A8091D111} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E7823DBF-7D4C-4DB3-9531-A9B21BE03593} - (no file)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\CONFLICT.2\lexbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
    O4 - .DEFAULT Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\BP Go!Zilla v4.1\download-with-gozilla.html
    O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
    O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\docume~1\owner\locals~1\temp\ntdll64.dll
    O10 - Unknown file in Winsock LSP: c:\docume~1\owner\locals~1\temp\ntdll64.dll
    O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} -
    O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/def...andaonline.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124777306750
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bar...webinstall.cab
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/gho...sis/axhost.cab
    O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents...ck/TMSetup.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...a/SymAData.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/fee...utLauncher.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab
    O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tool...bar/lexico.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: muorshxl - C:\WINNT\
    O20 - Winlogon Notify: rdrxekuk - C:\WINNT\
    O20 - Winlogon Notify: rlrqgghe - C:\WINNT\
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FCF (fcf) - Unknown owner - C:\WINNT\system32\svchost.exe:exe.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\

    --
    End of file - 13978 bytes



    also, when i try to update my spybot program, I get a "invalid floating point operation." And I can't seem to get rid of Fraud.xp antivirus either. I'd really appreciate any help. Thank you!

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hello RallyReal

    Welcome to Safer Networking.

    Please read Before You Post
    That said, All advice given by anyone volunteering here, is taken at your own risk.
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen.



    Please download Malwarebytes' Anti-Malware from Here or Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.<-- Don't forget this
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and Paste the entire report in your next reply along with a New Hijackthis log.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Malwarebytes Log and HJT Log

    Malwarebytes' Anti-Malware 1.34
    Database version: 1883
    Windows 5.1.2600 Service Pack 3

    3/21/2009 8:20:48 PM
    mbam-log-2009-03-21 (20-20-48).txt

    Scan type: Quick Scan
    Objects scanned: 76198
    Time elapsed: 6 minute(s), 18 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 3
    Registry Keys Infected: 19
    Registry Values Infected: 0
    Registry Data Items Infected: 6
    Folders Infected: 0
    Files Infected: 54

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\Documents and Settings\Owner\Local Settings\Temp\ntdll64.dll (Trojan.Vundo) -> Delete on reboot.
    c:\documents and settings\Owner\application data\cipvmano.dll (Trojan.Agent) -> Delete on reboot.
    c:\WINNT\frmyroqo.dll (Trojan.Agent) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mespw (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mespw (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mespw (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ouken (Trojan.Agent) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ouken (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ouken (Trojan.Agent) -> Delete on reboot.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{820a2c8d-dfc0-4a9f-b3ca-4410ca4f7c04} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fcf (Rootkit.ADS) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\winnt\system32\userinit.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\Owner\Local Settings\Temp\ntdll64.dll (Trojan.Vundo) -> Delete on reboot.
    c:\documents and settings\Owner\application data\cipvmano.dll (Trojan.Agent) -> Delete on reboot.
    c:\WINNT\frmyroqo.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINNT\Xkilobecebepagu.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
    C:\WINNT\system32\frmwrk32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINNT\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
    C:\WINNT\system32\drivers\117d6292.sys (Backdoor.Rustock) -> Delete on reboot.
    C:\lwoa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\mbackyt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\mtaueu.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    C:\rfjcpx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\snnouf.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    C:\ssgjwu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\utyus.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\wkaqjah.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-0243336035-3055115375-381863305-1553\vslmq.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
    C:\RECYCLER\S-1-5-21-8186022457-7722226427-373401629-6478\service.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\095.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\1498161520.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\1784255270.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\475.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\696.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\ibzrw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\fp0zl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\rip10.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\x4kqukrql.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DQ34M2L\aasuper0[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DQ34M2L\aasuper1[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DQ34M2L\pzwwkk[1].txt (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DQ34M2L\spcmmzmnak[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2DQ34M2L\xdqrr[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\aasuper0[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\aasuper1[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\aasuper2[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\ebbxlllly[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\exylmmm[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\loaderadv563[1].exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7YKVYRX1\lqm[1].exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZRG9PCF0\aasuper3[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZRG9PCF0\fmvff[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZRG9PCF0\mmjjwjxt[1].htm (Trojan.Hiloti) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYPE1HF6\aasuper2[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYPE1HF6\aasuper3[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYPE1HF6\jscccdd[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYPE1HF6\wgpqnrfsc[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYPE1HF6\wtddrrsfg[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZYPE1HF6\xguudrerr[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
    C:\WINNT\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINNT\system32\svchost.exe:exe.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
    C:\WINNT\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Owner\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Delete on reboot.
    C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\WINNT\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:26:01 PM, on 3/21/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINNT\runservice.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\WLTRYSVC.EXE
    C:\WINNT\System32\bcmwltry.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\GetRight\getright.exe
    C:\WINNT\FSScrCtl.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINNT\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINNT\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://images.google.com/imghp?ie=UTF-8&tab=wi
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: (no name) - {082874E6-7542-4935-AE3E-70FA93AD2244} - (no file)
    O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\CONFLICT.2\lexbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {23502185-02D6-4A95-AA2C-FFB426DF934D} - (no file)
    O2 - BHO: (no name) - {2E371025-D2FA-48C2-87E2-C3876309E889} - (no file)
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {6127B8EB-9029-4272-96B8-B85023440CFC} - (no file)
    O2 - BHO: (no name) - {711AB4CA-3EE7-49D1-9FDE-6312DC3540DF} - (no file)
    O2 - BHO: (no name) - {72F305DC-5DBD-4F24-87C9-1F0AA03C32CE} - (no file)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: (no name) - {7B724A89-4D3D-48E5-8186-8ABAC7595D9E} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7F74FE62-B043-4477-822D-D13D44297C6D} - (no file)
    O2 - BHO: (no name) - {8350CB80-6ECD-4F2C-A89D-600831FFAA61} - (no file)
    O2 - BHO: (no name) - {8A6FB44E-6F96-4972-9B0A-B4604497EC65} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {95768BFD-5D96-4D10-95A2-91975E1CF38D} - (no file)
    O2 - BHO: (no name) - {A74A11BF-0437-4B05-A1C0-01E5D0F8B3CC} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: (no name) - {B1B95662-608A-4340-8FAB-79DAE16072D7} - (no file)
    O2 - BHO: (no name) - {B612F991-D9CE-469D-9738-B3A3AA7185CB} - (no file)
    O2 - BHO: (no name) - {BBF82CA3-7093-42A6-A4BE-492FEE0E2288} - (no file)
    O2 - BHO: (no name) - {C52EA57A-F4A0-4589-B8FB-0280EC000242} - (no file)
    O2 - BHO: (no name) - {C5F74968-726B-42F7-AC61-87F40E9F491A} - (no file)
    O2 - BHO: (no name) - {DBC1CB0C-2E5A-4945-9BEA-671A8091D111} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {E7823DBF-7D4C-4DB3-9531-A9B21BE03593} - (no file)
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\CONFLICT.2\lexbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
    O4 - S-1-5-18 Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
    O4 - .DEFAULT Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\BP Go!Zilla v4.1\download-with-gozilla.html
    O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
    O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} -
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/def...andaonline.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124777306750
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bar...webinstall.cab
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/gho...sis/axhost.cab
    O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents...ck/TMSetup.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...a/SymAData.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/fee...utLauncher.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab
    O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tool...bar/lexico.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: muorshxl - C:\WINNT\
    O20 - Winlogon Notify: rdrxekuk - C:\WINNT\
    O20 - Winlogon Notify: rlrqgghe - C:\WINNT\
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\

    --
    End of file - 13851 bytes

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    A bit more to do. You may want to print this out as all windows including this one need to be closed.

    Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

    O2 - BHO: (no name) - {082874E6-7542-4935-AE3E-70FA93AD2244} - (no file)
    O2 - BHO: (no name) - {23502185-02D6-4A95-AA2C-FFB426DF934D} - (no file)
    O2 - BHO: (no name) - {2E371025-D2FA-48C2-87E2-C3876309E889} - (no file)
    O2 - BHO: (no name) - {6127B8EB-9029-4272-96B8-B85023440CFC} - (no file)
    O2 - BHO: (no name) - {711AB4CA-3EE7-49D1-9FDE-6312DC3540DF} - (no file)
    O2 - BHO: (no name) - {72F305DC-5DBD-4F24-87C9-1F0AA03C32CE} - (no file)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
    O2 - BHO: (no name) - {7B724A89-4D3D-48E5-8186-8ABAC7595D9E} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {7F74FE62-B043-4477-822D-D13D44297C6D} - (no file)
    O2 - BHO: (no name) - {8350CB80-6ECD-4F2C-A89D-600831FFAA61} - (no file)
    O2 - BHO: (no name) - {8A6FB44E-6F96-4972-9B0A-B4604497EC65} - (no file)
    O2 - BHO: (no name) - {95768BFD-5D96-4D10-95A2-91975E1CF38D} - (no file)
    O2 - BHO: (no name) - {A74A11BF-0437-4B05-A1C0-01E5D0F8B3CC} - (no file)
    O2 - BHO: (no name) - {B1B95662-608A-4340-8FAB-79DAE16072D7} - (no file)
    O2 - BHO: (no name) - {B612F991-D9CE-469D-9738-B3A3AA7185CB} - (no file)
    O2 - BHO: (no name) - {BBF82CA3-7093-42A6-A4BE-492FEE0E2288} - (no file)
    O2 - BHO: (no name) - {C52EA57A-F4A0-4589-B8FB-0280EC000242} - (no file)
    O2 - BHO: (no name) - {C5F74968-726B-42F7-AC61-87F40E9F491A} - (no file)
    O2 - BHO: (no name) - {DBC1CB0C-2E5A-4945-9BEA-671A8091D111} - (no file)
    O2 - BHO: (no name) - {E7823DBF-7D4C-4DB3-9531-A9B21BE03593} - (no file)

    O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} -

    O20 - Winlogon Notify: muorshxl - C:\WINNT\
    O20 - Winlogon Notify: rdrxekuk - C:\WINNT\
    O20 - Winlogon Notify: rlrqgghe - C:\WINNT\





    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.







    Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Combofix.txt

    my browser keeps freezing when I try to upload this log, so I suppose I have to post it in stages. I hope that's alright. And thank you so much for all your help. I really appreciate it.



    ComboFix 09-03-22.01 - Owner 2009-03-22 16:00:29.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.143 [GMT -7:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\winnt\IE4 Error Log.txt
    c:\winnt\system32\test.ttt
    c:\winnt\system32\tncuaxmv.ini
    c:\winnt\system32\ujiqpxss.ini
    c:\winnt\system32\umnbrcdl.ini
    c:\winnt\system32\uqkakbfu.ini
    c:\winnt\system32\vbtaooim.ini

    Infected copy of c:\winnt\system32\userinit.exe was found and disinfected
    Restored copy from - c:\winnt\$NtServicePackUninstall$\userinit.exe


    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_PassThru


    ((((((((((((((((((((((((( Files Created from 2009-02-22 to 2009-03-22 )))))))))))))))))))))))))))))))
    .

    2009-03-21 20:10 . 2009-03-21 20:10 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-03-21 20:10 . 2009-03-21 20:10 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
    2009-03-21 20:10 . 2009-03-21 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-03-21 20:10 . 2009-02-11 10:19 38,496 --a------ c:\winnt\system32\drivers\mbamswissarmy.sys
    2009-03-21 20:10 . 2009-02-11 10:19 15,504 --a------ c:\winnt\system32\drivers\mbam.sys
    2009-03-20 13:37 . 2009-03-20 13:37 <DIR> d-------- c:\program files\ERUNT
    2009-03-20 01:00 . 2009-03-20 01:00 206 --a------ c:\winnt\system32\MRT.INI
    2009-03-19 23:49 . 2009-03-20 00:52 19,968 --a------ C:\cpltpc.exe
    2009-03-19 23:45 . 2009-03-20 00:52 2 --a------ C:\278134064
    2009-03-15 17:02 . 2009-03-15 17:21 <DIR> d-------- c:\program files\Only Astrology
    2009-02-25 16:17 . 2009-02-25 16:19 <DIR> d-------- c:\documents and settings\Owner\Application Data\vlc

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-03-22 22:51 --------- d-----w c:\program files\GetRight
    2009-03-16 00:08 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-03-10 21:07 --------- d-----w c:\program files\Java
    2009-02-25 22:57 --------- d-----w c:\program files\VideoLAN
    2009-02-21 07:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-19 05:06 --------- d-----w c:\program files\Common Files\Adobe AIR
    2009-02-19 05:04 --------- d-----w c:\documents and settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2008-04-13 10:17 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2005-06-03 17:18 26,166,613 ----a-w c:\program files\NAV05ENG.exe
    2005-05-30 23:51 315,624 ----a-w c:\program files\dxwebsetup.exe
    2005-02-18 07:35 626,884 ----a-w c:\program files\kukuxumusu_2.zip
    2005-02-16 07:02 68,257 ----a-w c:\program files\metallix.zip
    2004-11-07 09:45 2,663,024 ----a-w c:\program files\lusetup.exe
    2004-08-17 19:45 295,120 ----a-w c:\program files\NSSetup.exe
    2004-08-07 23:13 420,974 ----a-w c:\program files\XviD-04102002-1.exe
    2004-08-07 23:12 325,354 ----a-w c:\program files\ffdshow-20020617.exe
    2004-08-06 02:04 273,342 ----a-w c:\program files\DivFix110.zip
    2004-03-24 09:24 401,952 ----a-w c:\program files\3DwindowsXP.exe
    2004-02-22 01:18 410,644 ----a-w c:\program files\KTAngelSaver.zip
    2004-01-31 02:31 795,540 ----a-w c:\program files\fishtank.zip
    2004-01-25 04:39 1,678,680 ----a-w c:\program files\monalisa.exe
    2004-01-25 04:37 942,790 ----a-w c:\program files\hypno.zip
    2004-01-25 04:37 56,785 ----a-w c:\program files\electric.zip
    2004-01-25 04:36 103,708 ----a-w c:\program files\julsav10.zip
    2004-01-25 04:35 272,666 ----a-w c:\program files\blaze.zip
    2004-01-25 04:34 1,098,212 ----a-w c:\program files\living_waterfall_es.exe
    2008-09-28 17:40 32,768 --sha-w c:\winnt\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092820080929\index.dat
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-01_ 3.48.07.20 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-10-11 16:35:59 153,088 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2p.dll
    + 2006-10-11 16:35:59 104,960 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2pgasvc.dll
    + 2006-10-11 16:35:59 313,344 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2pgraph.dll
    + 2006-10-11 16:35:59 115,712 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2pnetsh.dll
    + 2006-10-11 16:35:59 553,984 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2psvc.dll
    + 2006-10-11 16:35:59 58,880 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\pnrpnsp.dll
    + 2006-09-26 08:51:38 212,480 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\xpsp3res.dll
    + 2005-10-12 23:12:25 14,048 ----a-w c:\winnt\$hf_mig$\KB920342\spmsg.dll
    + 2005-10-12 23:12:26 213,216 ----a-w c:\winnt\$hf_mig$\KB920342\spuninst.exe
    + 2005-10-12 23:12:25 22,752 ----a-w c:\winnt\$hf_mig$\KB920342\update\spcustom.dll
    + 2005-10-12 23:12:29 716,000 ----a-w c:\winnt\$hf_mig$\KB920342\update\update.exe
    + 2005-10-12 23:12:34 371,424 ----a-w c:\winnt\$hf_mig$\KB920342\update\updspapi.dll
    + 2006-10-04 10:40:05 72,704 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\magnify.exe
    + 2006-10-04 10:40:06 53,760 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\narrator.exe
    + 2006-10-04 10:40:06 215,552 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\osk.exe
    + 2006-10-04 14:05:57 35,840 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\umandlg.dll
    + 2006-10-04 10:40:06 50,176 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\utilman.exe
    + 2005-10-12 23:16:49 14,048 ----a-w c:\winnt\$hf_mig$\KB925720\spmsg.dll
    + 2005-10-12 23:16:49 213,216 ----a-w c:\winnt\$hf_mig$\KB925720\spuninst.exe
    + 2005-10-12 23:16:49 22,752 ----a-w c:\winnt\$hf_mig$\KB925720\update\spcustom.dll
    + 2005-10-12 23:16:51 716,000 ----a-w c:\winnt\$hf_mig$\KB925720\update\update.exe
    + 2005-10-12 23:16:56 371,424 ----a-w c:\winnt\$hf_mig$\KB925720\update\updspapi.dll
    + 2006-11-13 06:02:15 116,736 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\aaclient.dll
    + 2006-11-07 08:06:47 600,576 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\lhmstsc.exe
    + 2006-11-13 06:02:15 1,866,240 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\lhmstscx.dll
    + 2006-11-13 06:02:15 288,768 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\rhttpaa.dll
    + 2006-11-07 08:06:47 16,832 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\tscinst.vbs
    + 2006-11-07 08:06:47 12,451 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\tscuinst.vbs
    + 2006-11-13 06:02:15 36,352 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\tsgqec.dll
    + 2005-10-12 23:12:25 14,048 ----a-w c:\winnt\$hf_mig$\KB925876\spmsg.dll
    + 2005-10-12 23:12:26 213,216 ----a-w c:\winnt\$hf_mig$\KB925876\spuninst.exe
    + 2005-10-12 23:12:25 22,752 ----a-w c:\winnt\$hf_mig$\KB925876\update\spcustom.dll
    + 2006-11-13 06:02:58 38,400 ----a-w c:\winnt\$hf_mig$\KB925876\update\tscupdatecustom.dll
    + 2005-10-12 23:12:28 716,000 ----a-w c:\winnt\$hf_mig$\KB925876\update\update.exe
    + 2005-10-12 23:12:33 371,424 ----a-w c:\winnt\$hf_mig$\KB925876\update\updspapi.dll
    + 2008-02-26 11:48:44 297,984 ----a-w c:\winnt\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB932823-v3\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB932823-v3\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB932823-v3\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB932823-v3\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB932823-v3\update\updspapi.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB938464\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB938464\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB938464\update\spcustom.dll
    + 2007-11-30 11:20:44 755,576 ----a-w c:\winnt\$hf_mig$\KB938464\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB938464\update\updspapi.dll
    + 2007-10-29 22:35:13 1,287,680 ----a-w c:\winnt\$hf_mig$\KB941568\SP2QFE\quartz.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB941568\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB941568\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB941568\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB941568\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB941568\update\updspapi.dll
    + 2007-10-30 16:53:32 360,832 ----a-w c:\winnt\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB941644\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB941644\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB941644\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB941644\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB941644\update\updspapi.dll
    + 2008-03-19 09:40:27 1,845,888 ----a-w c:\winnt\$hf_mig$\KB941693\SP2QFE\win32k.sys
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB941693\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB941693\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB941693\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB941693\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB941693\update\updspapi.dll
    + 2007-10-10 23:47:27 124,928 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
    + 2007-10-10 23:47:27 214,528 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
    + 2007-10-10 23:47:27 132,608 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
    + 2007-10-10 23:47:27 63,488 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
    + 2007-10-10 08:16:47 70,656 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
    + 2007-10-10 23:47:27 153,088 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
    + 2007-10-10 23:47:27 230,400 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
    + 2007-10-10 05:47:20 161,792 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:28:12 2,455,488 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
    + 2007-10-10 23:47:27 383,488 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
    + 2007-10-10 23:47:27 388,096 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
    + 2007-10-10 23:47:27 6,067,200 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
    + 2007-10-10 23:47:27 44,544 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
    + 2007-10-10 23:47:27 267,776 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
    + 2007-10-10 08:16:47 13,824 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
    + 2007-10-10 08:16:56 625,664 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
    + 2007-10-10 23:47:28 27,648 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
    + 2007-10-10 23:47:28 459,264 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
    + 2007-10-10 23:47:28 52,224 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
    + 2007-10-30 23:48:49 3,593,216 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
    + 2007-10-10 23:47:28 478,208 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
    + 2007-10-10 23:47:28 193,024 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
    + 2007-10-10 23:47:28 671,232 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
    + 2007-10-10 23:47:28 102,912 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
    + 2007-10-10 23:47:28 105,984 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
    + 2007-10-10 23:47:29 1,162,240 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
    + 2007-10-10 23:47:29 233,472 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
    + 2007-10-10 23:47:29 825,344 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\update\updspapi.dll
    + 2007-11-13 11:02:46 60,416 ----a-w c:\winnt\$hf_mig$\KB942763\SP2QFE\tzchange.exe
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB942763\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB942763\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB942763\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB942763\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB942763\update\updspapi.dll
    + 2007-12-04 18:29:10 551,936 ----a-w c:\winnt\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB943055\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB943055\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB943055\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB943055\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB943055\update\updspapi.dll
    + 2007-11-07 09:50:47 727,040 ----a-w c:\winnt\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB943485\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB943485\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB943485\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB943485\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB943485\update\updspapi.dll
    + 2007-12-07 02:01:07 124,928 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\advpack.dll
    + 2007-12-19 22:57:52 347,136 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\dxtmsft.dll
    + 2007-12-07 02:01:07 214,528 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\dxtrans.dll
    + 2007-12-07 02:01:07 133,120 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\extmgr.dll
    + 2007-12-07 02:01:07 63,488 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\icardie.dll
    + 2007-12-06 08:34:28 70,656 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
    + 2007-12-07 02:01:08 153,088 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieakeng.dll
    + 2007-12-07 02:01:08 230,400 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieaksie.dll
    + 2007-12-06 05:00:02 161,792 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:28:12 2,455,488 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dat
    + 2007-12-07 02:01:08 383,488 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dll
    + 2007-12-07 02:01:08 388,096 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iedkcs32.dll
    + 2007-12-07 02:01:10 6,067,200 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieframe.dll
    + 2007-12-07 02:01:10 44,544 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iernonce.dll
    + 2007-12-07 02:01:11 267,776 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iertutil.dll
    + 2007-12-06 08:34:29 13,824 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
    + 2007-12-06 08:34:45 625,664 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
    + 2007-12-07 02:01:11 27,648 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\jsproxy.dll
    + 2007-12-07 02:01:11 459,264 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\msfeeds.dll
    + 2007-12-07 02:01:11 52,224 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\msfeedsbs.dll
    + 2007-12-07 02:01:12 3,593,216 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
    + 2007-12-07 02:01:12 478,208 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\mshtmled.dll
    + 2007-12-07 02:01:13 193,024 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\msrating.dll
    + 2007-12-07 02:01:13 671,232 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\mstime.dll
    + 2007-12-07 02:01:13 102,912 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\occache.dll
    + 2008-01-11 05:57:26 44,544 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll
    + 2007-12-07 02:01:13 105,984 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\url.dll
    + 2007-12-07 02:01:13 1,162,752 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll
    + 2007-12-07 02:01:13 233,472 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\webcheck.dll
    + 2007-12-07 02:01:13 825,344 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\update\updspapi.dll
    + 2007-11-13 08:47:45 20,480 ----a-w c:\winnt\$hf_mig$\KB944653\SP2QFE\secdrv.sys
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB944653\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB944653\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB944653\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB944653\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB944653\update\updspapi.dll
    + 2008-02-20 05:19:35 147,968 ----a-w c:\winnt\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
    + 2008-02-20 18:49:36 45,568 ----a-w c:\winnt\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB945553\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB945553\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB945553\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB945553\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB945553\update\updspapi.dll
    + 2007-12-18 09:38:59 179,712 ----a-w c:\winnt\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB946026\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB946026\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB946026\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB946026\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB946026\update\updspapi.dll
    + 2008-05-02 13:30:08 83,968 ----a-w c:\winnt\$hf_mig$\KB946648\SP2QFE\msgsc.dll
    + 2008-05-02 14:01:49 83,968 ----a-w c:\winnt\$hf_mig$\KB946648\SP3GDR\msgsc.dll
    + 2008-05-02 13:42:10 83,968 ----a-w c:\winnt\$hf_mig$\KB946648\SP3QFE\msgsc.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB946648\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB946648\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB946648\update\spcustom.dll
    + 2007-11-30 11:20:44 755,576 ----a-w c:\winnt\$hf_mig$\KB946648\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB946648\update\updspapi.dll
    + 2008-03-01 13:03:00 124,928 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
    + 2008-03-01 13:03:00 347,136 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
    + 2008-03-01 13:03:00 214,528 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
    + 2008-03-01 13:03:00 132,608 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
    + 2008-03-01 13:03:00 63,488 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
    + 2008-02-22 09:39:56 70,656 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
    + 2008-03-01 13:03:00 153,088 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
    + 2008-03-01 13:03:00 230,400 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
    + 2008-02-15 05:44:25 161,792 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
    + 2008-03-01 13:03:00 383,488 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
    + 2008-03-01 13:03:00 388,608 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
    + 2008-03-01 13:03:01 6,067,712 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
    + 2008-03-01 13:03:01 44,544 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
    + 2008-03-01 13:03:01 267,776 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
    + 2008-02-22 09:39:56 13,824 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
    + 2008-02-22 09:40:22 625,664 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
    + 2008-03-01 13:03:01 27,648 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
    + 2008-03-01 13:03:01 459,264 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
    + 2008-03-01 13:03:01 52,224 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
    + 2008-03-01 13:03:01 3,593,216 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
    + 2008-03-01 13:03:01 478,208 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
    + 2008-03-01 13:03:01 193,024 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
    + 2008-03-01 13:03:01 671,232 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
    + 2008-03-01 13:03:01 102,912 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
    + 2008-03-01 13:03:01 44,544 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
    + 2008-03-01 13:03:02 105,984 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
    + 2008-03-01 13:03:02 1,162,752 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
    + 2008-03-01 13:03:02 233,472 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
    + 2008-03-01 13:03:02 827,392 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\update\updspapi.dll
    + 2008-02-20 06:52:43 282,624 ----a-w c:\winnt\$hf_mig$\KB948590\SP2QFE\gdi32.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB948590\spmsg.dll

  6. #6
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default A question?

    Actually, are there particular segments of the log that you want for Combofix? It's quite large and I'm having trouble trying to piece it together on the forum posts. And also I'm limited by the size of each post. Please advise.

    I'll follow this post with the HJT scan log. Thanks again Ken545.

  7. #7
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default HJT Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:19:53 PM, on 3/22/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\LEXBCES.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINNT\runservice.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\System32\WLTRYSVC.EXE
    C:\WINNT\System32\bcmwltry.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\GetRight\getright.exe
    C:\WINNT\FSScrCtl.exe
    C:\WINNT\system32\wscntfy.exe
    C:\WINNT\explorer.exe
    C:\WINNT\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://images.google.com/imghp?ie=UTF-8&tab=wi
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: Dictionary.com - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\CONFLICT.2\lexbar.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINNT\Downloaded Program Files\CONFLICT.2\lexbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn12\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
    O4 - S-1-5-18 Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
    O4 - .DEFAULT Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Startup: Screen Saver Control.lnk = C:\WINNT\FSScrCtl.exe
    O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\BP Go!Zilla v4.1\download-with-gozilla.html
    O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
    O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
    O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} - http://zone.msn.com/bingame/pacz/def...andaonline.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.co...s/MsnPUpld.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124777306750
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
    O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} (Sandlot Loader Control) - http://www.shockwave.com/content/bar...webinstall.cab
    O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/gho...sis/axhost.cab
    O16 - DPF: {90918C20-FB99-495A-BD79-CB91ACF44887} - http://www.typingmaster.com/contents...ck/TMSetup.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/tech...a/SymAData.cab
    O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.shockwave.com/content/fee...utLauncher.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://www.smgradio.com/core/player/abasetup144.cab
    O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tool...bar/lexico.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINNT\
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
    O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE
    O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINNT\

    --
    End of file - 11949 bytes

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    I would like to see all after this entry, take as many replies as you need to post it.


    ((((((((((((((((((((((((((((( snapshot@2007-12-01_ 3.48.07.20 )))))))))))))))))))))))))))))))))))))))))
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Combofix.txt

    I will repost and finish everything, starting with ((((((((((((((((((((((((((((( snapshot@2007-12-01_ 3.48.07.20 )))))))))))))))))))))))))))))))))))))))))
    .




    ((((((((((((((((((((((((((((( snapshot@2007-12-01_ 3.48.07.20 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-10-11 16:35:59 153,088 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2p.dll
    + 2006-10-11 16:35:59 104,960 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2pgasvc.dll
    + 2006-10-11 16:35:59 313,344 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2pgraph.dll
    + 2006-10-11 16:35:59 115,712 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2pnetsh.dll
    + 2006-10-11 16:35:59 553,984 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\p2psvc.dll
    + 2006-10-11 16:35:59 58,880 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\pnrpnsp.dll
    + 2006-09-26 08:51:38 212,480 ----a-w c:\winnt\$hf_mig$\KB920342\SP2QFE\xpsp3res.dll
    + 2005-10-12 23:12:25 14,048 ----a-w c:\winnt\$hf_mig$\KB920342\spmsg.dll
    + 2005-10-12 23:12:26 213,216 ----a-w c:\winnt\$hf_mig$\KB920342\spuninst.exe
    + 2005-10-12 23:12:25 22,752 ----a-w c:\winnt\$hf_mig$\KB920342\update\spcustom.dll
    + 2005-10-12 23:12:29 716,000 ----a-w c:\winnt\$hf_mig$\KB920342\update\update.exe
    + 2005-10-12 23:12:34 371,424 ----a-w c:\winnt\$hf_mig$\KB920342\update\updspapi.dll
    + 2006-10-04 10:40:05 72,704 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\magnify.exe
    + 2006-10-04 10:40:06 53,760 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\narrator.exe
    + 2006-10-04 10:40:06 215,552 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\osk.exe
    + 2006-10-04 14:05:57 35,840 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\umandlg.dll
    + 2006-10-04 10:40:06 50,176 ----a-w c:\winnt\$hf_mig$\KB925720\SP2QFE\utilman.exe
    + 2005-10-12 23:16:49 14,048 ----a-w c:\winnt\$hf_mig$\KB925720\spmsg.dll
    + 2005-10-12 23:16:49 213,216 ----a-w c:\winnt\$hf_mig$\KB925720\spuninst.exe
    + 2005-10-12 23:16:49 22,752 ----a-w c:\winnt\$hf_mig$\KB925720\update\spcustom.dll
    + 2005-10-12 23:16:51 716,000 ----a-w c:\winnt\$hf_mig$\KB925720\update\update.exe
    + 2005-10-12 23:16:56 371,424 ----a-w c:\winnt\$hf_mig$\KB925720\update\updspapi.dll
    + 2006-11-13 06:02:15 116,736 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\aaclient.dll
    + 2006-11-07 08:06:47 600,576 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\lhmstsc.exe
    + 2006-11-13 06:02:15 1,866,240 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\lhmstscx.dll
    + 2006-11-13 06:02:15 288,768 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\rhttpaa.dll
    + 2006-11-07 08:06:47 16,832 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\tscinst.vbs
    + 2006-11-07 08:06:47 12,451 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\tscuinst.vbs
    + 2006-11-13 06:02:15 36,352 ----a-w c:\winnt\$hf_mig$\KB925876\SP2QFE\tsgqec.dll
    + 2005-10-12 23:12:25 14,048 ----a-w c:\winnt\$hf_mig$\KB925876\spmsg.dll
    + 2005-10-12 23:12:26 213,216 ----a-w c:\winnt\$hf_mig$\KB925876\spuninst.exe
    + 2005-10-12 23:12:25 22,752 ----a-w c:\winnt\$hf_mig$\KB925876\update\spcustom.dll
    + 2006-11-13 06:02:58 38,400 ----a-w c:\winnt\$hf_mig$\KB925876\update\tscupdatecustom.dll
    + 2005-10-12 23:12:28 716,000 ----a-w c:\winnt\$hf_mig$\KB925876\update\update.exe
    + 2005-10-12 23:12:33 371,424 ----a-w c:\winnt\$hf_mig$\KB925876\update\updspapi.dll
    + 2008-02-26 11:48:44 297,984 ----a-w c:\winnt\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB932823-v3\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB932823-v3\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB932823-v3\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB932823-v3\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB932823-v3\update\updspapi.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB938464\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB938464\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB938464\update\spcustom.dll
    + 2007-11-30 11:20:44 755,576 ----a-w c:\winnt\$hf_mig$\KB938464\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB938464\update\updspapi.dll
    + 2007-10-29 22:35:13 1,287,680 ----a-w c:\winnt\$hf_mig$\KB941568\SP2QFE\quartz.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB941568\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB941568\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB941568\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB941568\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB941568\update\updspapi.dll
    + 2007-10-30 16:53:32 360,832 ----a-w c:\winnt\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB941644\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB941644\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB941644\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB941644\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB941644\update\updspapi.dll
    + 2008-03-19 09:40:27 1,845,888 ----a-w c:\winnt\$hf_mig$\KB941693\SP2QFE\win32k.sys
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB941693\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB941693\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB941693\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB941693\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB941693\update\updspapi.dll
    + 2007-10-10 23:47:27 124,928 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
    + 2007-10-10 23:47:27 214,528 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
    + 2007-10-10 23:47:27 132,608 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
    + 2007-10-10 23:47:27 63,488 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
    + 2007-10-10 08:16:47 70,656 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
    + 2007-10-10 23:47:27 153,088 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
    + 2007-10-10 23:47:27 230,400 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
    + 2007-10-10 05:47:20 161,792 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:28:12 2,455,488 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
    + 2007-10-10 23:47:27 383,488 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
    + 2007-10-10 23:47:27 388,096 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
    + 2007-10-10 23:47:27 6,067,200 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
    + 2007-10-10 23:47:27 44,544 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
    + 2007-10-10 23:47:27 267,776 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
    + 2007-10-10 08:16:47 13,824 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
    + 2007-10-10 08:16:56 625,664 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
    + 2007-10-10 23:47:28 27,648 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
    + 2007-10-10 23:47:28 459,264 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
    + 2007-10-10 23:47:28 52,224 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
    + 2007-10-30 23:48:49 3,593,216 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
    + 2007-10-10 23:47:28 478,208 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
    + 2007-10-10 23:47:28 193,024 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
    + 2007-10-10 23:47:28 671,232 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
    + 2007-10-10 23:47:28 102,912 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
    + 2007-10-10 23:47:28 105,984 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
    + 2007-10-10 23:47:29 1,162,240 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
    + 2007-10-10 23:47:29 233,472 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
    + 2007-10-10 23:47:29 825,344 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB942615-IE7\update\updspapi.dll
    + 2007-11-13 11:02:46 60,416 ----a-w c:\winnt\$hf_mig$\KB942763\SP2QFE\tzchange.exe
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB942763\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB942763\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB942763\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB942763\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB942763\update\updspapi.dll
    + 2007-12-04 18:29:10 551,936 ----a-w c:\winnt\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB943055\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB943055\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB943055\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB943055\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB943055\update\updspapi.dll
    + 2007-11-07 09:50:47 727,040 ----a-w c:\winnt\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB943485\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB943485\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB943485\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB943485\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB943485\update\updspapi.dll
    + 2007-12-07 02:01:07 124,928 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\advpack.dll
    + 2007-12-19 22:57:52 347,136 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\dxtmsft.dll
    + 2007-12-07 02:01:07 214,528 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\dxtrans.dll
    + 2007-12-07 02:01:07 133,120 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\extmgr.dll
    + 2007-12-07 02:01:07 63,488 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\icardie.dll
    + 2007-12-06 08:34:28 70,656 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
    + 2007-12-07 02:01:08 153,088 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieakeng.dll
    + 2007-12-07 02:01:08 230,400 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieaksie.dll
    + 2007-12-06 05:00:02 161,792 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:28:12 2,455,488 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dat
    + 2007-12-07 02:01:08 383,488 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dll
    + 2007-12-07 02:01:08 388,096 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iedkcs32.dll
    + 2007-12-07 02:01:10 6,067,200 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieframe.dll
    + 2007-12-07 02:01:10 44,544 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iernonce.dll
    + 2007-12-07 02:01:11 267,776 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iertutil.dll
    + 2007-12-06 08:34:29 13,824 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
    + 2007-12-06 08:34:45 625,664 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
    + 2007-12-07 02:01:11 27,648 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\jsproxy.dll
    + 2007-12-07 02:01:11 459,264 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\msfeeds.dll
    + 2007-12-07 02:01:11 52,224 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\msfeedsbs.dll
    + 2007-12-07 02:01:12 3,593,216 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
    + 2007-12-07 02:01:12 478,208 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\mshtmled.dll
    + 2007-12-07 02:01:13 193,024 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\msrating.dll
    + 2007-12-07 02:01:13 671,232 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\mstime.dll
    + 2007-12-07 02:01:13 102,912 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\occache.dll
    + 2008-01-11 05:57:26 44,544 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll
    + 2007-12-07 02:01:13 105,984 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\url.dll
    + 2007-12-07 02:01:13 1,162,752 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll
    + 2007-12-07 02:01:13 233,472 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\webcheck.dll
    + 2007-12-07 02:01:13 825,344 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB944533-IE7\update\updspapi.dll
    + 2007-11-13 08:47:45 20,480 ----a-w c:\winnt\$hf_mig$\KB944653\SP2QFE\secdrv.sys
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB944653\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB944653\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB944653\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB944653\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB944653\update\updspapi.dll
    + 2008-02-20 05:19:35 147,968 ----a-w c:\winnt\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
    + 2008-02-20 18:49:36 45,568 ----a-w c:\winnt\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB945553\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB945553\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB945553\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB945553\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB945553\update\updspapi.dll
    + 2007-12-18 09:38:59 179,712 ----a-w c:\winnt\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB946026\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB946026\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB946026\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB946026\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB946026\update\updspapi.dll
    + 2008-05-02 13:30:08 83,968 ----a-w c:\winnt\$hf_mig$\KB946648\SP2QFE\msgsc.dll
    + 2008-05-02 14:01:49 83,968 ----a-w c:\winnt\$hf_mig$\KB946648\SP3GDR\msgsc.dll
    + 2008-05-02 13:42:10 83,968 ----a-w c:\winnt\$hf_mig$\KB946648\SP3QFE\msgsc.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB946648\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB946648\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB946648\update\spcustom.dll
    + 2007-11-30 11:20:44 755,576 ----a-w c:\winnt\$hf_mig$\KB946648\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB946648\update\updspapi.dll
    + 2008-03-01 13:03:00 124,928 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
    + 2008-03-01 13:03:00 347,136 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
    + 2008-03-01 13:03:00 214,528 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
    + 2008-03-01 13:03:00 132,608 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
    + 2008-03-01 13:03:00 63,488 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
    + 2008-02-22 09:39:56 70,656 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
    + 2008-03-01 13:03:00 153,088 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
    + 2008-03-01 13:03:00 230,400 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
    + 2008-02-15 05:44:25 161,792 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
    + 2008-03-01 13:03:00 383,488 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
    + 2008-03-01 13:03:00 388,608 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
    + 2008-03-01 13:03:01 6,067,712 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
    + 2008-03-01 13:03:01 44,544 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
    + 2008-03-01 13:03:01 267,776 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
    + 2008-02-22 09:39:56 13,824 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
    + 2008-02-22 09:40:22 625,664 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
    + 2008-03-01 13:03:01 27,648 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
    + 2008-03-01 13:03:01 459,264 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
    + 2008-03-01 13:03:01 52,224 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
    + 2008-03-01 13:03:01 3,593,216 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
    + 2008-03-01 13:03:01 478,208 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
    + 2008-03-01 13:03:01 193,024 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
    + 2008-03-01 13:03:01 671,232 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
    + 2008-03-01 13:03:01 102,912 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
    + 2008-03-01 13:03:01 44,544 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
    + 2008-03-01 13:03:02 105,984 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
    + 2008-03-01 13:03:02 1,162,752 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
    + 2008-03-01 13:03:02 233,472 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
    + 2008-03-01 13:03:02 827,392 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB947864-IE7\update\updspapi.dll
    + 2008-02-20 06:52:43 282,624 ----a-w c:\winnt\$hf_mig$\KB948590\SP2QFE\gdi32.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB948590\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB948590\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB948590\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB948590\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB948590\update\updspapi.dll
    + 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB948881\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB948881\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB948881\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB948881\update\update.exe
    + 2007-03-06 01:23:47 371,424 ----a-w c:\winnt\$hf_mig$\KB948881\update\updspapi.dll
    + 2008-01-23 04:56:21 554,008 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\dao360.dll
    + 2007-12-10 12:41:11 518,944 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msexch40.dll
    + 2007-12-10 12:41:11 326,432 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
    + 2007-12-10 12:41:11 1,516,568 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msjet40.dll
    + 2007-12-10 12:41:11 355,112 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
    + 2008-03-27 07:39:13 151,583 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msjint40.dll
    + 2007-12-10 12:41:12 60,192 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msjter40.dll
    + 2007-12-10 12:41:12 248,608 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
    + 2007-12-10 12:41:12 219,936 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msltus40.dll
    + 2007-12-10 12:41:12 355,104 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
    + 2007-12-10 12:41:13 432,928 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
    + 2007-12-10 12:41:13 322,336 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
    + 2007-12-10 12:41:13 559,904 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
    + 2007-12-10 12:41:13 264,992 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\mstext40.dll
    + 2007-12-10 12:41:13 838,432 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
    + 2007-12-10 12:41:14 621,344 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
    + 2007-12-10 12:41:14 355,104 ----a-w c:\winnt\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB950749\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB950749\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB950749\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB950749\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB950749\update\updspapi.dll
    + 2008-04-23 03:35:35 124,928 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll
    + 2008-04-23 03:35:35 347,136 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll
    + 2008-04-23 03:35:35 214,528 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll
    + 2008-04-23 03:35:35 132,608 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll
    + 2008-04-23 03:35:35 63,488 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll
    + 2008-04-22 08:02:19 70,656 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe
    + 2008-04-23 03:35:35 153,088 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll
    + 2008-04-23 03:35:35 230,400 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll
    + 2008-04-20 05:07:38 161,792 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat
    + 2008-04-23 03:35:35 383,488 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll
    + 2008-04-23 03:35:35 388,608 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll
    + 2008-04-23 03:35:36 6,068,224 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll
    + 2008-04-23 03:35:36 44,544 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll
    + 2008-04-23 03:35:36 267,776 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll
    + 2008-04-22 08:02:19 13,824 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe
    + 2008-04-22 08:02:46 625,664 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
    + 2008-04-23 03:35:36 27,648 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll
    + 2008-04-23 03:35:36 459,264 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll
    + 2008-04-23 03:35:36 52,224 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll
    + 2008-04-23 03:35:36 3,593,728 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
    + 2008-04-23 03:35:36 478,208 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll
    + 2008-04-23 03:35:36 193,024 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll
    + 2008-04-23 03:35:36 671,232 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll
    + 2008-04-23 03:35:36 102,912 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll
    + 2008-04-23 03:35:36 44,544 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll
    + 2008-04-23 03:35:36 105,984 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\url.dll
    + 2008-04-23 03:35:36 1,162,752 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll
    + 2008-04-23 03:35:36 233,472 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll
    + 2008-04-23 03:35:36 827,392 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB950759-IE7\update\updspapi.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB950760\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB950760\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB950760\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB950760\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB950760\update\updspapi.dll
    + 2008-05-08 12:14:51 203,008 ----a-w c:\winnt\$hf_mig$\KB950762\SP2QFE\rmcast.sys
    + 2008-05-08 14:02:52 203,136 ----a-w c:\winnt\$hf_mig$\KB950762\SP3GDR\rmcast.sys
    + 2008-05-08 13:58:17 203,136 ----a-w c:\winnt\$hf_mig$\KB950762\SP3QFE\rmcast.sys
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB950762\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB950762\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB950762\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB950762\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB950762\update\updspapi.dll
    + 2008-07-07 20:06:43 253,952 ----a-w c:\winnt\$hf_mig$\KB950974\SP2QFE\es.dll
    + 2008-07-07 20:26:58 253,952 ----a-w c:\winnt\$hf_mig$\KB950974\SP3GDR\es.dll
    + 2008-07-07 20:23:18 253,952 ----a-w c:\winnt\$hf_mig$\KB950974\SP3QFE\es.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB950974\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB950974\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB950974\update\spcustom.dll
    + 2007-11-30 12:39:18 755,576 ----a-w c:\winnt\$hf_mig$\KB950974\update\update.exe
    + 2007-11-30 12:39:19 382,840 ----a-w c:\winnt\$hf_mig$\KB950974\update\updspapi.dll
    + 2008-04-11 18:39:39 683,520 ----a-w c:\winnt\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
    + 2008-04-11 19:04:26 691,712 ----a-w c:\winnt\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
    + 2008-04-12 07:22:26 691,712 ----a-w c:\winnt\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB951066\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB951066\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB951066\update\spcustom.dll
    + 2007-12-03 15:25:31 755,576 ----a-w c:\winnt\$hf_mig$\KB951066\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB951066\update\updspapi.dll
    + 2008-07-14 11:03:00 62,976 ----a-w c:\winnt\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
    + 2008-07-11 12:42:28 62,976 ----a-w c:\winnt\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
    + 2008-07-11 12:51:51 62,976 ----a-w c:\winnt\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
    + 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB951072-v2\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB951072-v2\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB951072-v2\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB951072-v2\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB951072-v2\update\updspapi.dll
    + 2008-06-13 09:52:16 272,128 ----a-w c:\winnt\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
    + 2008-06-13 11:05:51 272,128 ----a-w c:\winnt\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
    + 2008-06-13 11:27:43 272,128 ----a-w c:\winnt\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
    + 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB951376-v2\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB951376-v2\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB951376-v2\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB951376-v2\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB951376-v2\update\updspapi.dll
    + 2008-04-14 11:00:16 272,128 ----a-w c:\winnt\$hf_mig$\KB951376\SP2QFE\bthport.sys
    + 2008-04-14 12:30:49 272,128 ----a-w c:\winnt\$hf_mig$\KB951376\SP3GDR\bthport.sys
    + 2008-04-14 12:36:35 272,128 ----a-w c:\winnt\$hf_mig$\KB951376\SP3QFE\bthport.sys
    + 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB951376\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB951376\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB951376\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB951376\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB951376\update\updspapi.dll
    + 2008-05-07 04:55:40 1,288,192 ----a-w c:\winnt\$hf_mig$\KB951698\SP2QFE\quartz.dll
    + 2008-05-07 05:12:40 1,288,192 ----a-w c:\winnt\$hf_mig$\KB951698\SP3GDR\quartz.dll
    + 2008-05-07 05:04:15 1,288,192 ----a-w c:\winnt\$hf_mig$\KB951698\SP3QFE\quartz.dll

  10. #10
    Member
    Join Date
    Nov 2007
    Posts
    58

    Default Combofix Cont.

    + 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB951698\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB951698\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB951698\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB951698\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB951698\update\updspapi.dll
    + 2006-08-16 12:08:32 100,352 ----a-w c:\winnt\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
    + 2008-06-20 10:44:08 138,368 ----a-w c:\winnt\$hf_mig$\KB951748\SP2QFE\afd.sys
    + 2008-06-20 17:36:11 147,968 ----a-w c:\winnt\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
    + 2008-06-20 17:36:11 245,248 ----a-w c:\winnt\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    + 2008-06-20 10:44:42 360,960 ----a-w c:\winnt\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    + 2008-06-20 09:32:39 225,920 ----a-w c:\winnt\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
    + 2008-06-20 11:40:08 138,496 ----a-w c:\winnt\$hf_mig$\KB951748\SP3GDR\afd.sys
    + 2008-06-20 17:46:57 147,968 ----a-w c:\winnt\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
    + 2008-06-20 17:46:57 245,248 ----a-w c:\winnt\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    + 2008-06-20 11:51:12 361,600 ----a-w c:\winnt\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    + 2008-06-20 11:08:27 225,856 ----a-w c:\winnt\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
    + 2008-06-20 11:48:03 138,496 ----a-w c:\winnt\$hf_mig$\KB951748\SP3QFE\afd.sys
    + 2008-06-20 17:43:05 147,968 ----a-w c:\winnt\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
    + 2008-06-20 17:43:05 245,248 ----a-w c:\winnt\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    + 2008-06-20 11:59:02 361,600 ----a-w c:\winnt\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    + 2008-06-20 11:16:44 225,856 ----a-w c:\winnt\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB951748\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB951748\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB951748\update\spcustom.dll
    + 2007-11-30 12:39:18 755,576 ----a-w c:\winnt\$hf_mig$\KB951748\update\update.exe
    + 2007-11-30 12:39:19 382,840 ----a-w c:\winnt\$hf_mig$\KB951748\update\updspapi.dll
    + 2008-05-07 09:07:23 135,168 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\cscript.exe
    + 2008-05-09 10:45:15 512,000 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\jscript.dll
    + 2008-05-09 10:45:16 180,224 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\scrobj.dll
    + 2008-05-09 10:45:16 172,032 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\scrrun.dll
    + 2008-05-09 10:45:16 430,080 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\vbscript.dll
    + 2008-05-08 11:24:44 155,648 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\wscript.exe
    + 2008-05-09 10:45:17 90,112 ----a-w c:\winnt\$hf_mig$\KB951978\SP3QFE\wshext.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB951978\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB951978\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB951978\update\spcustom.dll
    + 2007-11-30 12:39:18 755,576 ----a-w c:\winnt\$hf_mig$\KB951978\update\update.exe
    + 2007-11-30 12:39:19 382,840 ----a-w c:\winnt\$hf_mig$\KB951978\update\updspapi.dll
    + 2008-05-01 15:04:00 331,776 ----a-w c:\winnt\$hf_mig$\KB952287\SP2QFE\msadce.dll
    + 2008-05-01 14:33:02 331,776 ----a-w c:\winnt\$hf_mig$\KB952287\SP3GDR\msadce.dll
    + 2008-05-01 14:38:05 331,776 ----a-w c:\winnt\$hf_mig$\KB952287\SP3QFE\msadce.dll
    + 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB952287\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB952287\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB952287\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB952287\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB952287\update\updspapi.dll
    + 2008-06-24 16:28:00 74,240 ----a-w c:\winnt\$hf_mig$\KB952954\SP2QFE\mscms.dll
    + 2008-06-24 16:43:16 74,240 ----a-w c:\winnt\$hf_mig$\KB952954\SP3GDR\mscms.dll
    + 2008-06-24 16:53:10 74,240 ----a-w c:\winnt\$hf_mig$\KB952954\SP3QFE\mscms.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB952954\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB952954\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB952954\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB952954\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB952954\update\updspapi.dll
    + 2008-06-23 16:01:38 124,928 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll
    + 2008-06-23 16:01:38 347,136 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll
    + 2008-06-23 16:01:39 214,528 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll
    + 2008-06-23 16:01:39 132,608 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll
    + 2008-06-23 16:01:39 63,488 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll
    + 2008-06-23 08:23:18 70,656 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
    + 2008-06-23 16:01:39 153,088 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll
    + 2008-06-23 16:01:39 230,400 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll
    + 2008-06-21 05:23:53 161,792 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat
    + 2008-06-23 16:01:40 383,488 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll
    + 2008-06-23 16:01:40 388,608 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll
    + 2008-06-23 16:01:43 6,068,736 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll
    + 2008-06-23 16:01:43 44,544 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll
    + 2008-06-23 16:01:44 267,776 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll
    + 2008-06-23 08:23:18 13,824 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
    + 2008-06-23 08:23:52 625,664 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
    + 2008-06-23 16:01:46 27,648 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll
    + 2008-06-23 16:01:46 459,264 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll
    + 2008-06-23 16:01:46 52,224 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll
    + 2008-06-23 16:01:49 3,594,240 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
    + 2008-06-23 16:01:49 477,696 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll
    + 2008-06-23 16:01:49 193,024 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll
    + 2008-06-23 16:01:50 671,232 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll
    + 2008-06-23 16:01:50 102,912 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll
    + 2008-06-23 16:01:50 44,544 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll
    + 2008-06-23 16:01:50 105,984 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\url.dll
    + 2008-06-23 16:01:51 1,162,752 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll
    + 2008-06-23 16:01:51 233,472 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll
    + 2008-06-23 16:01:51 827,904 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB953838-IE7\update\updspapi.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB953839\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB953839\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB953839\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB953839\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB953839\update\updspapi.dll
    + 2008-09-15 12:25:27 1,846,912 ----a-w c:\winnt\$hf_mig$\KB954211\SP3QFE\win32k.sys
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB954211\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB954211\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB954211\update\spcustom.dll
    + 2008-07-09 07:38:29 755,576 ----a-w c:\winnt\$hf_mig$\KB954211\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB954211\update\updspapi.dll
    + 2008-09-10 01:10:56 1,379,840 ----a-w c:\winnt\$hf_mig$\KB954459\SP3QFE\msxml6.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB954459\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB954459\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB954459\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB954459\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB954459\update\updspapi.dll
    + 2008-10-03 09:49:31 247,326 ----a-w c:\winnt\$hf_mig$\KB954600\SP3QFE\strmdll.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB954600\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB954600\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB954600\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB954600\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB954600\update\updspapi.dll
    + 2008-09-04 17:12:27 1,106,944 ----a-w c:\winnt\$hf_mig$\KB955069\SP3QFE\msxml3.dll
    + 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB955069\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB955069\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB955069\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB955069\update\update.exe
    + 2008-07-09 21:08:38 382,840 ----a-w c:\winnt\$hf_mig$\KB955069\update\updspapi.dll
    + 2008-10-23 10:17:49 62,976 ----a-w c:\winnt\$hf_mig$\KB955839\SP3QFE\tzchange.exe
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB955839\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB955839\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB955839\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB955839\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB955839\update\updspapi.dll
    + 2008-08-26 09:08:35 124,928 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
    + 2008-08-26 09:08:36 347,136 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
    + 2008-08-26 09:08:36 214,528 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
    + 2008-08-26 09:08:36 132,608 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
    + 2008-08-26 09:08:36 63,488 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
    + 2008-08-25 08:43:21 70,656 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
    + 2008-08-26 09:08:36 153,088 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
    + 2008-08-26 09:08:36 230,400 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
    + 2008-08-23 05:54:50 161,792 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:28:12 2,455,488 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
    + 2008-08-26 09:08:36 380,928 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
    + 2008-08-26 09:08:37 388,608 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
    + 2008-10-03 17:26:50 6,068,224 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
    + 2008-08-26 09:08:39 44,544 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
    + 2008-08-26 09:08:39 267,776 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
    + 2008-08-25 08:43:21 13,824 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
    + 2008-08-23 05:56:16 635,848 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
    + 2008-08-26 09:08:40 27,648 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
    + 2008-08-26 09:08:40 459,264 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
    + 2008-08-26 09:08:40 52,224 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
    + 2008-08-26 09:08:43 3,594,752 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
    + 2008-08-26 09:08:43 477,696 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
    + 2008-08-26 09:08:44 193,024 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
    + 2008-08-26 09:08:44 671,232 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
    + 2008-08-26 09:08:44 102,912 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
    + 2008-08-26 09:08:44 44,544 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
    + 2008-08-26 09:08:44 105,984 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
    + 2008-08-26 09:08:45 1,162,752 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
    + 2008-08-26 09:08:45 233,472 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
    + 2008-08-26 09:08:45 827,904 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB956390-IE7\update\updspapi.dll
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB956391\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB956391\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB956391\update\spcustom.dll
    + 2007-11-30 12:39:22 755,576 ----a-w c:\winnt\$hf_mig$\KB956391\update\update.exe
    + 2007-11-30 12:39:22 382,840 ----a-w c:\winnt\$hf_mig$\KB956391\update\updspapi.dll
    + 2008-10-23 12:43:42 286,720 ----a-w c:\winnt\$hf_mig$\KB956802\SP3QFE\gdi32.dll
    + 2008-07-08 13:02:01 17,272 ----a-w c:\winnt\$hf_mig$\KB956802\spmsg.dll
    + 2008-07-08 13:02:02 231,288 ----a-w c:\winnt\$hf_mig$\KB956802\spuninst.exe
    + 2008-07-08 13:02:01 26,488 ----a-w c:\winnt\$hf_mig$\KB956802\update\spcustom.dll
    + 2008-07-09 07:38:29 755,576 ----a-w c:\winnt\$hf_mig$\KB956802\update\update.exe
    + 2008-07-09 07:38:37 382,840 ----a-w c:\winnt\$hf_mig$\KB956802\update\updspapi.dll
    + 2008-08-14 10:34:26 138,496 ----a-w c:\winnt\$hf_mig$\KB956803\SP3QFE\afd.sys
    + 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB956803\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB956803\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB956803\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB956803\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB956803\update\updspapi.dll
    + 2008-08-14 10:39:28 2,145,280 ----a-w c:\winnt\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
    + 2008-08-14 22:39:46 2,066,048 ----a-w c:\winnt\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
    + 2008-08-14 10:09:44 2,023,936 ----a-w c:\winnt\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
    + 2008-08-14 23:11:10 2,189,184 ----a-w c:\winnt\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
    + 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB956841\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB956841\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB956841\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB956841\update\update.exe
    + 2008-07-09 07:38:37 382,840 ----a-w c:\winnt\$hf_mig$\KB956841\update\updspapi.dll
    + 2008-09-08 11:37:19 333,824 ----a-w c:\winnt\$hf_mig$\KB957095\SP3QFE\srv.sys
    + 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB957095\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB957095\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB957095\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB957095\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB957095\update\updspapi.dll
    + 2008-10-24 11:41:11 455,936 ----a-w c:\winnt\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
    + 2008-07-08 13:02:01 17,272 ----a-w c:\winnt\$hf_mig$\KB957097\spmsg.dll
    + 2008-07-08 13:02:02 231,288 ----a-w c:\winnt\$hf_mig$\KB957097\spuninst.exe
    + 2008-07-08 13:02:01 26,488 ----a-w c:\winnt\$hf_mig$\KB957097\update\spcustom.dll
    + 2008-07-08 13:02:04 755,576 ----a-w c:\winnt\$hf_mig$\KB957097\update\update.exe
    + 2008-07-08 13:02:12 382,840 ----a-w c:\winnt\$hf_mig$\KB957097\update\updspapi.dll
    + 2008-10-16 20:24:09 124,928 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\advpack.dll
    + 2008-10-16 20:24:09 347,136 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\dxtmsft.dll
    + 2008-10-16 20:24:09 214,528 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\dxtrans.dll
    + 2008-10-16 20:24:09 132,608 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\extmgr.dll
    + 2008-10-16 20:24:09 63,488 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\icardie.dll
    + 2008-10-16 12:46:08 70,656 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ie4uinit.exe
    + 2008-10-16 20:24:09 153,088 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieakeng.dll
    + 2008-10-16 20:24:09 230,400 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieaksie.dll
    + 2008-10-15 06:33:26 161,792 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dat
    + 2008-10-16 20:24:09 380,928 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieapfltr.dll
    + 2008-10-16 20:24:09 388,608 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\iedkcs32.dll
    + 2008-10-16 20:24:09 6,068,224 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieframe.dll
    + 2008-10-16 20:24:09 44,544 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\iernonce.dll
    + 2008-10-16 20:24:09 267,776 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\iertutil.dll
    + 2008-10-16 12:46:08 13,824 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\ieudinit.exe
    + 2008-10-15 06:34:58 633,632 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
    + 2008-10-16 20:24:10 27,648 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\jsproxy.dll
    + 2008-10-16 20:24:10 459,264 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\msfeeds.dll
    + 2008-10-16 20:24:10 52,224 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\msfeedsbs.dll
    + 2008-10-16 20:24:10 3,595,264 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll
    + 2008-10-16 20:24:10 477,696 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\mshtmled.dll
    + 2008-10-16 20:24:10 193,024 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\msrating.dll
    + 2008-10-16 20:24:10 671,232 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\mstime.dll
    + 2008-10-16 20:24:10 102,912 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\occache.dll
    + 2008-10-16 20:24:10 44,544 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\pngfilt.dll
    + 2008-10-16 20:24:10 105,984 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\url.dll
    + 2008-10-16 20:24:11 1,163,264 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\urlmon.dll
    + 2008-10-16 20:24:11 233,472 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\webcheck.dll
    + 2008-10-16 20:24:11 827,904 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB958215-IE7\update\updspapi.dll
    + 2008-10-15 16:25:53 339,456 ----a-w c:\winnt\$hf_mig$\KB958644\SP3QFE\netapi32.dll
    + 2007-11-30 11:18:51 17,272 ----a-w c:\winnt\$hf_mig$\KB958644\spmsg.dll
    + 2007-11-30 11:18:51 231,288 ----a-w c:\winnt\$hf_mig$\KB958644\spuninst.exe
    + 2007-11-30 11:18:51 26,488 ----a-w c:\winnt\$hf_mig$\KB958644\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB958644\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB958644\update\updspapi.dll
    + 2008-12-11 12:33:59 333,952 ----a-w c:\winnt\$hf_mig$\KB958687\SP3QFE\srv.sys
    + 2007-11-30 12:39:22 17,272 ----a-w c:\winnt\$hf_mig$\KB958687\spmsg.dll
    + 2007-11-30 12:39:22 231,288 ----a-w c:\winnt\$hf_mig$\KB958687\spuninst.exe
    + 2007-11-30 12:39:22 26,488 ----a-w c:\winnt\$hf_mig$\KB958687\update\spcustom.dll
    + 2007-11-30 11:18:51 755,576 ----a-w c:\winnt\$hf_mig$\KB958687\update\update.exe
    + 2007-11-30 11:18:51 382,840 ----a-w c:\winnt\$hf_mig$\KB958687\update\updspapi.dll
    + 2008-12-13 06:26:56 3,594,752 ----a-w c:\winnt\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll
    + 2007-03-06 01:22:33 14,048 ----a-w c:\winnt\$hf_mig$\KB960714-IE7\spmsg.dll
    + 2007-03-06 01:22:39 213,216 ----a-w c:\winnt\$hf_mig$\KB960714-IE7\spuninst.exe
    + 2007-03-06 01:22:31 22,752 ----a-w c:\winnt\$hf_mig$\KB960714-IE7\update\spcustom.dll
    + 2007-03-06 01:22:56 716,000 ----a-w c:\winnt\$hf_mig$\KB960714-IE7\update\update.exe
    + 2007-03-06 01:23:47 371,424 ----a-w c:\winnt\$hf_mig$\KB960714-IE7\update\updspapi.dll
    + 2008-07-09 07:38:24 17,272 ----a-w c:\winnt\$hf_mig$\KB960715\spmsg.dll
    + 2008-07-09 07:38:25 231,288 ----a-w c:\winnt\$hf_mig$\KB960715\spuninst.exe
    + 2008-07-09 07:38:24 26,488 ----a-w c:\winnt\$hf_mig$\KB960715\update\spcustom.dll
    + 2008-11-15 17:18:04 755,576 ----a-w c:\winnt\$hf_mig$\KB960715\update\update.exe
    + 2008-07-09 07:38:37 382,840 ----a-w c:\winnt\$hf_mig$\KB960715\update\updspapi.dll
    + 2008-12-20 23:55:43 124,928 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\advpack.dll
    + 2008-12-20 23:55:44 347,136 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\dxtmsft.dll
    + 2008-12-20 23:55:44 214,528 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\dxtrans.dll
    + 2008-12-20 23:55:44 132,608 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\extmgr.dll
    + 2008-12-20 23:55:45 63,488 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\icardie.dll
    + 2008-12-19 09:41:51 70,656 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ie4uinit.exe
    + 2008-12-20 23:55:45 153,088 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieakeng.dll
    + 2008-12-20 23:55:45 230,400 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieaksie.dll
    + 2008-12-19 05:24:02 161,792 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieakui.dll
    + 2007-04-17 09:32:38 2,455,488 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dat
    + 2008-12-20 23:55:46 380,928 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieapfltr.dll
    + 2008-12-20 23:55:46 388,608 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\iedkcs32.dll
    + 2008-12-20 23:55:50 6,068,736 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieframe.dll
    + 2008-12-20 23:55:50 44,544 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\iernonce.dll
    + 2008-12-20 23:55:50 267,776 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\iertutil.dll
    + 2008-12-19 09:41:52 13,824 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\ieudinit.exe
    + 2008-12-19 05:25:30 634,024 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
    + 2008-12-20 23:55:51 27,648 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\jsproxy.dll
    + 2008-12-20 23:55:51 459,264 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\msfeeds.dll
    + 2008-12-20 23:55:51 52,224 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\msfeedsbs.dll
    + 2009-01-16 16:24:38 3,596,288 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll
    + 2008-12-20 23:55:56 477,696 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\mshtmled.dll
    + 2008-12-20 23:55:56 193,024 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\msrating.dll
    + 2008-12-20 23:55:57 671,232 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\mstime.dll
    + 2008-12-20 23:55:57 102,912 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\occache.dll
    + 2008-12-20 23:55:57 44,544 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\pngfilt.dll
    + 2008-12-20 23:55:57 105,984 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\url.dll
    + 2008-12-20 23:55:59 1,163,264 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\urlmon.dll
    + 2008-12-20 23:55:59 233,472 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\webcheck.dll
    + 2008-12-20 23:56:00 827,904 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
    + 2007-03-06 01:22:36 14,048 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\spmsg.dll
    + 2007-03-06 01:22:41 213,216 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\spuninst.exe
    + 2007-03-06 01:22:34 22,752 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\update\spcustom.dll
    + 2007-03-06 01:22:59 716,000 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\update\update.exe
    + 2007-03-06 01:23:51 371,424 ----a-w c:\winnt\$hf_mig$\KB961260-IE7\update\updspapi.dll
    - 2002-08-29 07:33:20 50,560 -c----w c:\winnt\$NtServicePackUninstall$\1394bus.sys
    + 2004-08-04 06:10:06 53,248 -c----w c:\winnt\$NtServicePackUninstall$\1394bus.sys
    + 2004-08-04 06:00:03 12,288 -c----w c:\winnt\$NtServicePackUninstall$\4mmdat.sys
    + 2004-08-04 06:10:10 48,128 -c----w c:\winnt\$NtServicePackUninstall$\61883.sys
    - 2003-03-31 12:00:00 59,392 -c----w c:\winnt\$NtServicePackUninstall$\6to4svc.dll
    + 2006-08-16 11:58:05 100,352 -c----w c:\winnt\$NtServicePackUninstall$\6to4svc.dll
    + 2006-11-13 06:02:58 116,736 -c----w c:\winnt\$NtServicePackUninstall$\aaclient.dll
    + 2006-10-04 14:05:26 39,424 -c----w c:\winnt\$NtServicePackUninstall$\acadproc.dll
    + 2006-10-04 14:05:26 39,424 -c----w c:\winnt\$NtServicePackUninstall$\acadproc.dll.000
    - 2002-11-20 17:50:50 179,200 -c----w c:\winnt\$NtServicePackUninstall$\accwiz.exe
    + 2004-08-04 07:56:47 183,808 -c----w c:\winnt\$NtServicePackUninstall$\accwiz.exe
    - 2003-02-19 20:15:36 1,821,696 -c----w c:\winnt\$NtServicePackUninstall$\acgenral.dll
    + 2004-08-04 07:56:41 1,852,416 -c----w c:\winnt\$NtServicePackUninstall$\acgenral.dll
    + 2004-08-04 07:56:41 1,852,416 -c----w c:\winnt\$NtServicePackUninstall$\acgenral.dll.000

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •