[Can't Remove Trojans[INACTIVE]]

Sorry for the delay in reply... we were out of town and I didn't get to check this thread very quickly.

OtMoveIt Results:

File/Folder O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explore.exe not found.

File/Folder O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe not found.

Created on 12/28/2007 14:43:13

I also got a message that it could not create a log.

[Can't Remove Trojans[INACTIVE]]

AVG is scanning clean and it appears to be working well.

Thank you for your time and assistance!

[Can't Remove Trojans[INACTIVE]]

Both times I ran combofix, I waited until the log came up--which my understanding of the directions was that when the log came up, then combofix was finished. It was only after I had saved the log as a notepad file and copied it to paste that I attempted to run firefox. Should combofix be finished running when the log appears or is there something else I should wait for?

AVG anti-spyware log:

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 19:49 12/19/2007

+ Scan result:

Nothing found.

::Report end

Panda's ActiveScan:

Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix(3).exe[nircmd.exe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix(3).exe[nircmd.cfexe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix.exe[nircmd.exe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix.exe[nircmd.cfexe]

Virus:Trj/Alphabet.gen Disinfected C:\qoobox\Quarantine\C\WINDOWS\avp.exe.vir

[Can't Remove Trojans[INACTIVE]]

In case it's important... Both times that I ran combofix, it did not appear to reboot but firefox wouldn't open. When I try restarting the computer it gives me a program not responding for "SysFader" and then goes through a continuous loop of shutting down SysFader. Both times I have had to restart the computer by holding down the power button. Firefox works fine when the computer reboots.

Combofix log:

ComboFix 07-12-18.1 - Owner 2007-12-18 22:50:12.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.68 [GMT -8:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix(3).exe

Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt

* Created a new restore point

FILE

C:\WINDOWS\system\bedtsc32.dll

C:\WINDOWS\system\whcstd32.dll

.

((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))

.

2007-12-18 06:51 . 2007-12-18 06:51 <DIR> d-------- C:\WINDOWS\LastGood

2007-12-12 21:40 . 2004-11-02 08:58 163,840 --a------ C:\WINDOWS\system32\igfxres.dll

2007-12-12 21:39 . 2007-12-12 21:39 2,422 --a------ C:\WINDOWS\system32\wpa.bak

2007-12-12 21:15 . 2006-02-28 04:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls

2007-12-12 21:13 . 2006-02-28 04:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2007-12-12 21:12 . 2006-02-28 04:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2007-12-12 21:10 . 2007-12-12 21:10 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2007-12-12 21:04 . 2006-02-28 04:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

2007-12-12 21:04 . 2006-02-28 04:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll

2007-12-12 21:04 . 2006-02-28 04:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll

2007-12-12 21:04 . 2006-02-28 04:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll

2007-12-01 14:38 . 2007-12-01 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-18 16:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7

2007-12-18 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7

2007-11-29 15:03 291,328 ----a-w C:\WINDOWS\system32\libcurl.dll

2007-11-15 15:26 --------- d-----w C:\Program Files\Common Files\xing shared

2007-11-15 15:25 --------- d-----w C:\Program Files\Real

2007-11-15 15:24 --------- d-----w C:\Program Files\Common Files\Real

2007-11-15 07:27 --------- d-----w C:\Program Files\Google

2007-11-15 05:16 --------- d-----w C:\Program Files\Microsoft Works

2007-11-15 05:16 --------- d-----w C:\Program Files\Microsoft ActiveSync

2007-11-15 05:16 --------- d-----w C:\Program Files\Common Files\L&H

2007-11-15 04:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2007-11-15 04:49 9,216 ----a-w C:\WINDOWS\system32\avgwlntf.dll

2007-11-15 04:49 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2007-11-15 04:49 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2007-11-15 04:49 110,592 ----a-w C:\WINDOWS\system32\avgfwafu.dll

2007-11-15 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2007-11-15 03:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-15 03:24 --------- d-----w C:\Program Files\Analog Devices

2007-11-15 03:03 --------- d-----w C:\Program Files\Common Files\Adobe

2007-11-15 03:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM

2007-11-13 01:13 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2007-11-13 01:13 --------- d-----w C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor

2007-11-13 01:12 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-11-13 01:05 --------- d-----w C:\Program Files\microsoft frontpage

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-14 20:49]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-15 07:22]

"Windows Explorer"="C:\WINDOWS\explore.exe" []

"dumprep"="C:\WINDOWS\system32\spoolw.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-14 20:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2007-11-14 20:49 9216 C:\WINDOWS\system32\avgwlntf.dll

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-18 22:52:20

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-18 22:53:16

C:\ComboFix2.txt ... 2007-12-18 06:57

C:\ComboFix3.txt ... 2007-11-29 22:37

.

2007-12-18 14:42:23 --- E O F ---

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:07:35 PM, on 12/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Documents and Settings\Owner\My Documents\Hijack This\HJTInstall(2).exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explore.exe

O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--

End of file - 4569 bytes

[Can't Remove Trojans[INACTIVE]]

Thanks!

Combofix log:

ComboFix 07-12-18.1 - Owner 2007-12-18 6:53:42.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.55 [GMT -8:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix(3).exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))

.

2007-12-18 06:51 . 2007-12-18 06:51 <DIR> d-------- C:\WINDOWS\LastGood

2007-12-12 21:40 . 2004-11-02 08:58 163,840 --a------ C:\WINDOWS\system32\igfxres.dll

2007-12-12 21:39 . 2007-12-12 21:39 2,422 --a------ C:\WINDOWS\system32\wpa.bak

2007-12-12 21:15 . 2006-02-28 04:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls

2007-12-12 21:13 . 2006-02-28 04:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2007-12-12 21:12 . 2006-02-28 04:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2007-12-12 21:10 . 2007-12-12 21:10 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2007-12-12 21:04 . 2006-02-28 04:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

2007-12-12 21:04 . 2006-02-28 04:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll

2007-12-12 21:04 . 2006-02-28 04:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll

2007-12-12 21:04 . 2006-02-28 04:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll

2007-12-01 14:38 . 2007-12-01 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-18 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7

2007-12-17 16:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7

2007-11-29 15:03 291,328 ----a-w C:\WINDOWS\system32\libcurl.dll

2007-11-15 15:26 --------- d-----w C:\Program Files\Common Files\xing shared

2007-11-15 15:25 --------- d-----w C:\Program Files\Real

2007-11-15 15:24 --------- d-----w C:\Program Files\Common Files\Real

2007-11-15 07:27 --------- d-----w C:\Program Files\Google

2007-11-15 05:16 --------- d-----w C:\Program Files\Microsoft Works

2007-11-15 05:16 --------- d-----w C:\Program Files\Microsoft ActiveSync

2007-11-15 05:16 --------- d-----w C:\Program Files\Common Files\L&H

2007-11-15 04:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2007-11-15 04:49 9,216 ----a-w C:\WINDOWS\system32\avgwlntf.dll

2007-11-15 04:49 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2007-11-15 04:49 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2007-11-15 04:49 110,592 ----a-w C:\WINDOWS\system32\avgfwafu.dll

2007-11-15 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2007-11-15 03:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-15 03:24 --------- d-----w C:\Program Files\Analog Devices

2007-11-15 03:03 --------- d-----w C:\Program Files\Common Files\Adobe

2007-11-15 03:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM

2007-11-13 01:13 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2007-11-13 01:13 --------- d-----w C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor

2007-11-13 01:12 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-11-13 01:05 --------- d-----w C:\Program Files\microsoft frontpage

.

((((((((((((((((((((((((((((( snapshot@2007-11-29_22.36.51.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-11-17 17:31:32 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll

+ 2004-10-14 18:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll

+ 2004-10-14 18:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe

+ 2004-10-14 18:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll

+ 2004-10-14 18:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe

+ 2004-10-28 01:28:18 721,920 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll

+ 2004-10-28 01:15:16 448,128 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys

+ 2004-10-28 01:14:56 174,592 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys

+ 2004-10-14 19:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB885835\spmsg.dll

+ 2004-10-14 19:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe

+ 2004-10-14 19:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\spcustom.dll

+ 2004-10-14 19:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe

+ 2004-10-14 19:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB885836\spmsg.dll

+ 2004-10-14 19:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe

+ 2004-10-14 19:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\spcustom.dll

+ 2004-10-14 19:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe

+ 2004-10-13 16:21:24 1,694,208 ----a-w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe

+ 2004-10-14 19:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll

+ 2004-10-14 19:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe

+ 2004-10-14 19:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll

+ 2004-10-14 19:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe

+ 2004-12-07 19:29:19 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll

+ 2004-11-30 22:46:38 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spmsg.dll

+ 2004-12-01 04:22:42 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe

+ 2004-12-01 04:22:40 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\spcustom.dll

+ 2004-11-30 22:46:40 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe

+ 2005-04-22 05:18:52 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\agentdpv.dll

+ 2005-05-17 00:26:30 17,920 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\xpsp3res.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll

+ 2005-03-02 18:19:56 62,464 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll

+ 2005-03-02 01:02:13 2,135,552 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe

+ 2005-03-02 00:36:40 2,056,832 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

+ 2005-03-02 00:36:41 2,015,232 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe

+ 2005-03-02 01:04:22 2,179,456 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

+ 2005-03-02 18:19:56 577,024 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

+ 2005-03-02 01:11:25 1,836,160 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys

+ 2005-03-02 18:19:56 291,328 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll

+ 2005-02-25 03:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll

+ 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe

+ 2005-02-25 03:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll

+ 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe

+ 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll

+ 2004-11-30 22:46:38 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spmsg.dll

+ 2004-12-01 04:22:42 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe

+ 2004-12-01 04:22:40 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\spcustom.dll

+ 2004-11-30 22:46:40 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe

+ 2005-07-08 16:28:58 249,344 ----a-w C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe

+ 2005-07-08 03:27:08 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll

+ 2005-04-28 19:35:02 1,286,144 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll

+ 2005-04-28 19:35:01 74,752 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecli32.dll

+ 2005-04-28 19:35:01 37,376 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecnv32.dll

+ 2005-04-28 19:35:01 396,288 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll

+ 2005-05-26 23:26:50 10,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe

+ 2005-05-27 02:08:59 41,472 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll

+ 2005-05-27 02:08:59 155,136 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll

+ 2005-05-27 02:08:59 137,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll

+ 2005-06-11 00:17:13 57,856 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe

+ 2005-06-30 00:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll

+ 2005-05-10 23:51:10 75,776 ----a-w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll

+ 2005-06-15 17:42:35 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe

+ 2005-06-30 00:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll

+ 2005-06-10 04:06:01 139,528 ----a-w C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe

+ 2005-06-30 00:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll

+ 2006-02-15 00:30:07 142,464 ----a-w C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB900485\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll

+ 2005-09-01 01:44:04 19,968 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

+ 2005-09-23 03:18:20 8,452,608 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll

+ 2005-09-02 23:53:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll

+ 2005-09-01 01:44:05 291,840 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll

+ 2005-09-27 00:29:45 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\xpsp3res.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe

+ 2005-09-27 01:36:24 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll

+ 2005-09-10 01:48:47 2,068,480 ----a-w C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe

+ 2005-09-10 00:26:26 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll

+ 2005-06-29 01:49:55 254,976 ----a-w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\icm32.dll

+ 2005-06-29 01:49:55 73,728 ----a-w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\mscms.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll

+ 2005-07-26 04:20:23 225,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll

+ 2005-07-26 04:20:23 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll

+ 2005-07-26 04:20:23 110,080 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll

+ 2005-07-26 04:20:24 498,688 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll

+ 2005-07-26 04:20:24 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll

+ 2005-07-26 04:20:24 195,072 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll

+ 2005-07-26 04:20:25 97,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll

+ 2005-07-26 04:20:27 1,267,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll

+ 2005-07-26 04:20:28 540,160 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll

+ 2005-07-26 04:20:28 243,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll

+ 2005-07-25 23:42:35 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe

+ 2005-07-26 04:20:29 425,472 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll

+ 2005-07-26 04:20:31 945,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll

+ 2005-07-26 04:20:31 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll

+ 2005-07-26 04:20:39 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll

+ 2005-07-26 04:20:40 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll

+ 2005-07-26 04:20:40 1,285,632 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll

+ 2005-07-26 04:20:40 74,752 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll

+ 2005-07-26 04:20:40 37,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll

+ 2005-07-26 04:20:40 398,336 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll

+ 2005-07-26 04:20:40 101,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll

+ 2005-07-26 04:20:40 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe

+ 2005-07-26 03:21:18 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll

+ 2005-08-30 04:13:42 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB904706\SP2QFE\quartz.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB904706\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB904706\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\updspapi.dll

+ 2005-08-22 18:24:55 197,632 ----a-w C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll

+ 2005-02-25 03:35:05 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB905414\spmsg.dll

+ 2005-02-25 03:35:05 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe

+ 2005-08-19 23:50:31 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe

+ 2005-02-25 03:35:05 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\spcustom.dll

+ 2005-02-25 03:35:05 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe

+ 2005-02-25 03:35:06 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\updspapi.dll

+ 2005-08-23 03:39:54 123,392 ----a-w C:\WINDOWS\$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe

+ 2005-08-23 02:01:30 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll

+ 2005-10-17 21:21:19 80,896 ----a-w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\fontsub.dll

+ 2005-10-17 21:21:19 117,760 ----a-w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\t2embed.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB908519\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\updspapi.dll

+ 2006-03-17 04:46:31 8,454,656 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll

+ 2006-03-17 01:05:35 28,672 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe

+ 2006-03-22 01:29:43 23,040 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\xpsp3res.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll

+ 2006-06-22 10:36:52 180,736 ----a-w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll

+ 2006-03-23 05:53:08 143,360 ----a-w C:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911562\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll

+ 2006-01-04 04:18:34 68,096 ----a-w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll

+ 2006-03-01 19:34:20 426,496 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll

+ 2006-03-01 19:34:20 956,416 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll

+ 2006-03-01 19:34:20 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll

+ 2006-03-01 19:34:20 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll

+ 2006-03-01 19:34:20 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll

+ 2006-03-01 19:34:20 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\xolehlp.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB913580\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\updspapi.dll

+ 2006-05-19 13:46:40 112,128 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll

+ 2006-05-19 13:46:40 147,456 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dnsapi.dll

+ 2006-05-19 13:46:40 94,720 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\iphlpapi.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB914388\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\updspapi.dll

+ 2006-05-05 10:16:39 454,400 ----a-w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys

+ 2006-05-05 10:22:52 174,592 ----a-w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB914389\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\updspapi.dll

+ 2006-03-17 01:08:10 262,656 ----a-w C:\WINDOWS\$hf_mig$\KB916595\SP2QFE\http.sys

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB916595\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\updspapi.dll

+ 2006-05-18 05:37:43 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB917344\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\updspapi.dll

+ 2006-04-20 12:18:35 360,576 ----a-w C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB917953\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\updspapi.dll

+ 2006-11-27 15:17:10 539,136 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll

+ 2006-11-27 15:17:10 433,664 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll

+ 2006-06-01 19:39:42 163,840 ----a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgdw400.dll

+ 2006-06-01 19:39:42 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgpl400.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB918439\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\updspapi.dll

+ 2006-07-13 11:43:08 202,496 ----a-w C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB919007\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\updspapi.dll

+ 2006-10-12 13:54:18 42,496 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll

+ 2006-10-12 13:54:18 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll

+ 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe

+ 2006-10-16 10:29:15 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\xpsp3res.dll

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll

+ 2006-07-21 08:26:49 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll

+ 2006-06-26 17:45:19 147,456 ----a-w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\dnsapi.dll

+ 2006-06-26 17:45:19 7,680 ----a-w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920683\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\updspapi.dll

+ 2006-06-22 05:22:04 69,120 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll

+ 2006-06-22 05:22:05 1,435,648 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll

+ 2006-06-14 08:50:19 172,416 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\kmixer.sys

+ 2006-06-14 08:50:19 6,272 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys

+ 2006-06-14 09:17:04 82,944 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920872\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\updspapi.dll

+ 2007-05-17 11:25:21 549,888 ----a-w C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll

+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\6to4svc.dll

+ 2006-08-16 10:13:39 225,664 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\tcpip6.sys

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB922819\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\updspapi.dll

+ 2006-08-14 12:00:42 332,928 ----a-w C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\updspapi.dll

+ 2006-10-13 12:41:38 64,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll

+ 2006-10-13 12:41:38 142,336 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll

+ 2006-10-13 10:39:12 163,456 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys

+ 2006-10-13 12:41:38 65,536 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll

+ 2006-08-17 12:37:49 726,528 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll

+ 2006-08-17 12:37:49 337,408 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll

+ 2006-08-17 12:37:49 132,096 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\updspapi.dll

+ 2006-09-04 06:12:56 1,497,088 ----a-w C:\WINDOWS\$hf_mig$\KB924496\SP2QFE\shdocvw.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB924496\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB924496\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\updspapi.dll

+ 2007-03-08 15:48:36 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll

+ 2007-03-08 15:48:36 40,960 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll

+ 2007-03-08 15:48:36 578,048 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

+ 2007-03-08 13:49:49 1,843,968 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll

+ 2006-10-19 13:59:58 713,216 ----a-w C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB926255\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\updspapi.dll

+ 2006-10-16 17:14:17 122,880 ----a-w C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll

+ 2006-12-26 13:18:55 536,576 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll

+ 2006-12-26 13:18:55 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll

+ 2006-12-26 13:18:55 200,704 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll

+ 2006-12-26 13:18:55 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll

+ 2006-12-19 18:47:14 333,824 ----a-w C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB927802\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll

+ 2006-12-19 21:50:10 8,458,752 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll

+ 2006-12-19 21:50:10 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

+ 2006-12-19 16:10:56 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\xpsp3res.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB928843\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\updspapi.dll

+ 2007-05-16 15:32:55 86,528 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll

+ 2007-05-16 15:32:55 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll

+ 2007-05-16 15:32:56 1,314,816 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll

+ 2007-05-16 15:32:56 510,976 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll

+ 2007-05-16 15:32:56 85,504 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll

+ 2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll

+ 2007-02-09 11:23:36 574,976 ----a-w C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll

+ 2007-02-05 20:19:14 185,344 ----a-w C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll

+ 2007-02-28 09:53:04 2,137,600 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe

+ 2007-02-28 09:15:56 2,059,392 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

+ 2007-02-28 09:15:59 2,017,280 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe

+ 2007-02-28 09:55:14 2,182,144 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll

+ 2007-03-09 13:58:57 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\agentdpv.dll

+ 2007-03-09 11:28:00 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\xpsp3res.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\updspapi.dll

+ 2007-07-18 10:33:06 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll

+ 2007-04-16 16:07:27 986,112 ----a-w C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll

+ 2007-04-25 20:32:22 144,896 ----a-w C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll

+ 2007-06-26 06:06:12 1,104,896 ----a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll

+ 2007-04-23 10:14:23 364,160 ----a-w C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll

+ 2007-06-26 15:16:01 851,968 ----a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll

+ 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll

+ 2007-06-19 13:37:21 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938829\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938829\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\updspapi.dll

+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll

+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll

+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll

+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll

+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll

+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll

+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe

+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll

+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll

+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll

+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll

+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll

+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll

+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll

+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll

+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll

+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll

+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll

+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll

+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll

+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll

+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll

+ 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll

+ 2007-10-11 05:57:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll

+ 2007-10-11 05:57:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll

+ 2007-10-11 05:57:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll

+ 2007-10-11 05:57:30 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll

+ 2007-10-11 05:57:30 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll

+ 2007-10-10 10:48:23 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe

+ 2007-10-11 05:57:31 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll

+ 2007-10-11 05:57:31 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll

+ 2007-10-11 05:57:31 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll

+ 2007-10-30 09:55:21 3,065,856 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll

+ 2007-10-11 05:57:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll

+ 2007-10-11 05:57:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll

+ 2007-10-11 05:57:37 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll

+ 2007-10-11 05:57:37 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll

+ 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll

+ 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll

+ 2007-10-11 05:57:40 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll

+ 2007-10-11 05:57:41 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll

+ 2007-10-10 10:34:35 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\xpsp3res.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll

+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll

+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll

+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll

- 2007-11-13 01:05:20 225,280 ---ha-w C:\WINDOWS\repair\ntuser.dat

+ 2007-12-13 05:12:10 1,392,640 ---ha-w C:\WINDOWS\repair\ntuser.dat

+ 2007-12-13 05:16:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2007-12-13 05:16:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2007-12-13 05:16:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007121220071213\index.dat

+ 2007-12-13 05:16:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2004-08-04 06:39:38 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys

+ 2006-02-28 12:00:00 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys

+ 2006-02-28 12:00:00 42,368 ----a-w C:\WINDOWS\system32\drivers\agp440.sys

+ 2006-02-28 12:00:00 44,928 ----a-w C:\WINDOWS\system32\drivers\agpcpq.sys

+ 2006-02-28 12:00:00 42,752 ----a-w C:\WINDOWS\system32\drivers\alim1541.sys

+ 2006-02-28 12:00:00 43,008 ----a-w C:\WINDOWS\system32\drivers\amdagp.sys

- 2004-08-04 07:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys

+ 2006-02-28 12:00:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys

+ 2006-02-28 12:00:00 46,464 ----a-w C:\WINDOWS\system32\drivers\gagp30kx.sys

- 2004-08-03 22:59:42 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys

+ 2006-02-28 12:00:00 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys

- 2004-08-04 07:07:50 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys

+ 2006-02-28 12:00:00 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys

- 2004-08-04 07:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys

+ 2006-02-28 12:00:00 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys

- 2004-08-04 06:58:42 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys

+ 2006-02-28 12:00:00 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys

- 2004-08-04 06:58:40 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys

+ 2006-02-28 12:00:00 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys

- 2004-08-04 06:58:42 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys

+ 2006-02-28 12:00:00 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys

- 2004-08-04 07:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

+ 2006-02-28 12:00:00 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

+ 2006-02-28 12:00:00 41,088 ----a-w C:\WINDOWS\system32\drivers\sisagp.sys

- 2004-08-04 07:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys

+ 2006-02-28 12:00:00 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys

- 2001-08-17 22:00:52 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys

+ 2006-02-28 12:00:00 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys

- 2004-08-04 07:15:56 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

+ 2006-02-28 12:00:00 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

+ 2006-02-28 12:00:00 44,672 ----a-w C:\WINDOWS\system32\drivers\uagp35.sys

- 2004-08-04 07:08:48 26,496 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS

+ 2006-02-28 12:00:00 26,496 ----a-w C:\WINDOWS\system32\drivers\usbstor.sys

+ 2006-02-28 12:00:00 42,240 ----a-w C:\WINDOWS\system32\drivers\viaagp.sys

- 2004-08-04 07:15:06 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

+ 2006-02-28 12:00:00 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

+ 2006-02-28 12:00:00 514,587 ----a-w C:\WINDOWS\system32\edb500.dll

- 2007-11-13 01:02:17 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat

+ 2007-12-13 05:09:57 22,720 ----a-w C:\WINDOWS\system32\emptyregdb.dat

- 2007-11-17 15:32:05 113,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2007-12-13 05:16:08 113,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2007-11-21 00:04:14 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe

- 2007-11-25 21:16:59 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2007-12-15 08:17:37 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2006-02-28 12:00:00 40,960 ----a-w C:\WINDOWS\system32\msiregmv.exe

- 2007-11-13 01:11:10 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2007-12-13 05:19:22 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2007-11-13 01:11:10 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2007-12-13 05:19:22 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2005-02-25 03:35:05 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe

+ 2005-06-28 18:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe

- 2007-07-23 02:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe

+ 2007-12-14 05:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe

+ 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe

- 2004-08-04 00:56:48 74,240 ----a-w C:\WINDOWS\system32\usbui.dll

+ 2006-02-28 12:00:00 74,240 ----a-w C:\WINDOWS\system32\usbui.dll

+ 2006-03-17 00:38:01 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe

- 2006-02-01 00:28:24 16,384 ------w C:\WINDOWS\system32\xpsp3res.dll

+ 2007-10-29 10:26:53 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2006-02-28 12:00:00 921,088 ----a-w C:\WINDOWS\WinSxS\InstallTemp\48874\comctl32.dll

+ 2007-01-19 20:15:24 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll

+ 2007-01-19 20:15:24 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll

+ 2007-01-19 20:15:24 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll

+ 2007-01-19 20:15:24 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll

+ 2006-08-25 15:45:55 1,054,208 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5143353C-6C58-DABB-C7B9-A4EC8B74F05E}]

C:\WINDOWS\system\whcstd32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DEFBC2DC-A419-A88C-7866-35824BC53021}]

C:\WINDOWS\system\bedtsc32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-14 20:49]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-15 07:22]

"Windows Explorer"="C:\WINDOWS\explore.exe" []

"dumprep"="C:\WINDOWS\system32\spoolw.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-14 20:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2007-11-14 20:49 9216 C:\WINDOWS\system32\avgwlntf.dll

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-18 06:56:57

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-18 6:57:53

C:\ComboFix2.txt ... 2007-11-29 22:37

.

2007-12-18 14:42:23 --- E O F ---

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:02:22 AM, on 12/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\My Documents\Hijack This\HJTInstall(2).exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Macromedia Extension - {5143353C-6C58-DABB-C7B9-A4EC8B74F05E} - C:\WINDOWS\system\whcstd32.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Macromedia Movie - {DEFBC2DC-A419-A88C-7866-35824BC53021} - C:\WINDOWS\system\bedtsc32.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explore.exe

O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--

End of file - 4773 bytes

[Can't Remove Trojans[INACTIVE]]

Is there something else I should or could be doing?

[Can't Remove Trojans[INACTIVE]]

Hi Sarahw!

Thanks for being here to help!

I followed the directions to show hidden files and disable TeaTimer.

When I went to uploadmalware, I could not locate either of the files you requested. I tried browsing for them, typing the file names (got a message that said file not found) and doing a regular search for files and folders off the start menu.

Similarly named files existed: explorer.exe and spoolsv.exe

Is there some other way to look for them? Or should I be glad they appear to be gone?

A new log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:14, on 2007-12-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\My Documents\Hijack This\HJTInstall(2).exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Macromedia Extension - {5143353C-6C58-DABB-C7B9-A4EC8B74F05E} - C:\WINDOWS\system\whcstd32.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Macromedia Movie - {DEFBC2DC-A419-A88C-7866-35824BC53021} - C:\WINDOWS\system\bedtsc32.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explore.exe

O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--

End of file - 4800 bytes

[Can't Remove Trojans[INACTIVE]]

Hello Helpful People!

AVG found several files on my husband's computer it identified as trojans. AVG would delete the files but even 15minutes later a new scan would find the same or similar files. When the problem surfaced a few weeks ago he had downloaded some new games from some different game sites. I found a reference to combofix and tired downloading and running that. It seemed to work as AVG ran clean for a couple of weeks. Now it is doing the same thing. I'm hoping you can find something in a log that can help us get rid of whatever is re-inventing those files.

Thank you for your time!

Hijack this Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:59, on 2007-12-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Documents and Settings\Owner\My Documents\Hijack This\HJTInstall(2).exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Macromedia Extension - {5143353C-6C58-DABB-C7B9-A4EC8B74F05E} - C:\WINDOWS\system\whcstd32.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Macromedia Movie - {DEFBC2DC-A419-A88C-7866-35824BC53021} - C:\WINDOWS\system\bedtsc32.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explore.exe

O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--

End of file - 4901 bytes

[Constant Tracking Cookies]

Thank you so much for your help! Things seem to be running well!

I already have most of the programs you mentioned at this point, will work on downloading and running the rest.

[Constant Tracking Cookies]

Here's what I got from SuperAntiSpyware:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 09/03/2007 at 00:04 AM

Application Version : 3.9.1008

Core Rules Database Version : 3298

Trace Rules Database Version: 1306

Scan type : Complete Scan

Total Scan Time : 01:39:26

Memory items scanned : 524

Memory threats detected : 0

Registry items scanned : 5727

Registry threats detected : 1

File items scanned : 84565

File threats detected : 3

Unclassified.Unknown Origin

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{00DBDAC8-4691-4797-8E6A-7C6AB89BC441}

Adware.Tracking Cookie

C:\Documents and Settings\Karen\Cookies\karen@1067912086[1].txt

C:\Documents and Settings\Karen\Cookies\[email protected][2].txt

C:\Documents and Settings\Karen\Cookies\karen@1068527783[1].txt

[Constant Tracking Cookies]

Thanks for Helping. VundoFix said it found no infected files. I clicked Remove Vundo anyway and it said again that it found no infected files and would close (which it promptly did).

Vundo Log:

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3

Old versions of java are exploitable and should be removed.

Scan started at 10:14:39 AM 9/2/2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

Here is the DSS Log:

Deckard's System Scanner v20070826.66

Run by Karen on 2007-09-02 10:19:26

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --

93: 2007-09-02 17:19:41 UTC - RP412 - Deckard's System Scanner Restore Point

92: 2007-09-01 18:37:32 UTC - RP411 - System Checkpoint

91: 2007-08-31 10:00:54 UTC - RP410 - Software Distribution Service 3.0

90: 2007-08-30 10:19:51 UTC - RP409 - System Checkpoint

89: 2007-08-29 10:00:19 UTC - RP408 - Software Distribution Service 3.0

-- First Restore Point --

1: 2007-06-05 03:26:35 UTC - RP320 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Karen.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 10:21:52 AM, on 9/2/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Documents and Settings\Karen\Desktop\dss.exe

C:\DOCUME~1\Karen\MYDOCU~1\HIJACK~1\Karen.exe

C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {6f550791-000c-474d-a7ca-69ba91dd00d7} - C:\WINDOWS\system32\grpclt.dll (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O20 - Winlogon Notify: grpclt - grpclt.dll (file missing)

O20 - Winlogon Notify: mljji - mljji.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>

S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>

S3 NAL (Nal Service ) - c:\windows\system32\drivers\iqvw32.sys <Not Verified; Intel Corporation; Intel® iQVW32.SYS>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2005-12-01 18:39:09 342 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1125386913.job

-- Files created between 2007-08-02 and 2007-09-02 -----------------------------

2007-09-02 10:14:39 0 d-------- C:\VundoFix Backups

2007-09-01 16:53:20 0 d-------- C:\Documents and Settings\Karen\.housecall6.6

2007-09-01 11:17:46 0 d-------- C:\Program Files\a-squared Free

2007-09-01 10:59:57 0 d-------- C:\Program Files\SpywareBlaster

2007-08-29 18:39:40 0 d-------- C:\Temp

2007-08-13 22:36:44 0 d-------- C:\Documents and Settings\Karen\Application Data\InstallShield

-- Find3M Report ---------------------------------------------------------------

2007-09-01 09:24:29 0 d-------- C:\Documents and Settings\Karen\Application Data\AVG7

2007-08-29 18:39:53 0 d-------- C:\Program Files\Sony

2007-08-13 22:37:04 0 d--h----- C:\Program Files\InstallShield Installation Information

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6f550791-000c-474d-a7ca-69ba91dd00d7}]

C:\WINDOWS\system32\grpclt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [11/19/2003 03:48 PM]

"SigmatelSysTrayApp"="stsystra.exe" [03/22/2005 09:20 PM C:\WINDOWS\STSYSTRA.EXE]

"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 06:12 PM]

"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 02:19 PM]

"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/26/2005 11:02 PM]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [08/13/2007 08:23 AM]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [09/25/2006 10:12 AM]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [12/14/2006 05:48 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:00 AM]

"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]

"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [05/29/2007 06:34 PM]

"Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [4/6/2003 1:17:18 AM]

hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/6/2003 1:06:58 AM]

QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [11/11/2004 9:59:36 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 02/22/2007 09:20 AM 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\grpclt]

grpclt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljji]

mljji.dll

-- Hosts -----------------------------------------------------------------------

127.0.0.1 babe.the-killer.bz

127.0.0.1 www.babe.the-killer.bz

127.0.0.1 babe.k-lined.com

127.0.0.1 www.babe.k-lined.com

127.0.0.1 did.i-used.cc

127.0.0.1 www.did.i-used.cc

127.0.0.1 coolwwwsearch.com

127.0.0.1 www.coolwwwsearch.com

127.0.0.1 coolwebsearch.com

127.0.0.1 www.coolwebsearch.com

6503 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-09-02 10:23:35 ------------

Deckard's System Scanner v20070826.66

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0

Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz

CPU 1: Intel® Pentium® 4 CPU 2.80GHz

Percentage of Memory in Use: 40%

Physical Memory (total/avail): 1022.07 MiB / 607.36 MiB

Pagefile Memory (total/avail): 1785.48 MiB / 1327.59 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1969.88 MiB

C: is Fixed (NTFS) - 71.04 GiB total, 52.33 GiB free.

D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - SAMSUNG HD080HJ - 74.5 GiB - 3 partitions

\PARTITION0 - Unknown - 47.03 MiB

\PARTITION1 (bootable) - Installable File System - 71.04 GiB - C:

\PARTITION2 - Unknown - 3.41 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: AVG Firewall 7.5.475 v7.5.475 (GRISOFT)

AV: AVG 7.5.485 v7.5.485 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"

"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"

"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"

"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users

APPDATA=C:\Documents and Settings\Karen\Application Data

CLIENTNAME=Console

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=D51N8481

ComSpec=C:\WINDOWS\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Documents and Settings\Karen

LOGONSERVER=\\D51N8481

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0401

ProgramFiles=C:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=C:

SystemRoot=C:\WINDOWS

TEMP=C:\DOCUME~1\Karen\LOCALS~1\Temp

TMP=C:\DOCUME~1\Karen\LOCALS~1\Temp

USERDOMAIN=D51N8481

USERNAME=Karen

USERPROFILE=C:\Documents and Settings\Karen

windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Karen (admin)

Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

--> MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"

Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"

Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}

AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}

ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center --> MsiExec.exe /I{7B76034B-B3ED-46D5-8C66-DEB102CB830A}

ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL

Basic Facts Worksheet Factory --> MsiExec.exe /I{1E85CABF-0984-482A-BF5D-E9AC4BF33694}

Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033

Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}

Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}

Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}

Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}

Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}

Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}

Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}

Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}

Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}

Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}

Dell Picture Studio v3.0 --> MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}

DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}

EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}

EverQuest Titanium --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32714287-4234-412A-877B-D33AFABFDE2B}\setup.exe" -l0x9

EverQuest: The Anniversary Edition --> C:\Program Files\InstallShield Installation Information\{6BB7C3F8-40EC-4ACD-8F7C-78B769B34B08}\setup.exe -runfromtemp -l0x0009 -removeonly

Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}

Gradekeeper --> "C:\WINDOWS\Gradekeeper\uninstall.exe" "/U:C:\Program Files\Gradekeeper\irunin.xml"

High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe

HijackThis 1.99.1 --> C:\Documents and Settings\Karen\My Documents\Hijack This\HijackThis.exe /uninstall

Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}

HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}

HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}

HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot

hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}

Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"

Intel® PRO Network Connections Software v9.2.4.11 --> C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qr /le C:\DOCUME~1\Owner\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log

Intel® PROSafe for Wired Connections --> MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}

Intel® PROSafe for Wired Connections --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}

Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}

IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe

Jasc Paint Shop Photo Album 5 --> MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}

Jasc Paint Shop Pro Studio, Dell Editon --> MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}

Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}

Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe

LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}

Mathematics Worksheet Factory Deluxe 3.0 Trial --> MsiExec.exe /I{0508AAE1-3AB9-4DBF-918D-1862A050C215}

Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}

Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}

Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}

Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9

Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel

Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText

Move Networks Player for Firefox --> "C:\PROGRA~1\MOZILL~1\plugins\unins000.exe"

Mozilla Firefox (2.0.0.4) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe

Mozilla Firefox (2.0.0.6) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst

My Way Search Assistant --> rundll32 C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll,O

MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe

NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}

Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}

PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

QuickBooks Simple Start Special Edition --> msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1

QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

SCA1 Algebra 1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Prentice Hall\Resource Pro\Algebra 1\Uninst.isu"

Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"

Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"

Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}

TBS WMP Plug-in --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BFC7D0F-FA4A-4FDC-AA03-440655EA656A}\setup.exe" -l0x9 -removeonly

The Print Shop® 6.0 Deluxe --> C:\WINDOWS\UNINST.EXE -f"C:\THEPRI~1\THEPRI~1.0DE\DeIsL1.isu" -c"C:\THEPRI~1\THEPRI~1.0DE\psfinst.dll"

Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

VISTAS2e ICDROM (remove only) --> "C:\Program Files\VISTAS2e\ICDROM\uninstall.exe"

WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"

Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

Worldlabel.Com Label Designer 4 --> "C:\Program Files\WorldLabel.Com\Label Designer 4\Uninstall\unins000.exe"

-- Application Event Log -------------------------------------------------------

Event Record #/Type210711 / Error

Event Submitted/Written: 09/01/2007 04:33:47 PM

Event ID/Source: 1002 / Application Hang

Event Description:

Hanging application MySpaceIM.exe, version 1.0.697.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type210656 / Error

Event Submitted/Written: 09/01/2007 09:27:30 AM

Event ID/Source: 100 / AVG7

Event Description:

2007-09-01 16:27:30,734 D51N8481 [000592:000664] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2

Event Record #/Type210655 / Error

Event Submitted/Written: 09/01/2007 09:27:30 AM

Event ID/Source: 100 / AVG7

Event Description:

2007-09-01 16:27:30,234 D51N8481 [000592:000664] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2

Event Record #/Type210654 / Error

Event Submitted/Written: 09/01/2007 09:27:29 AM

Event ID/Source: 100 / AVG7

Event Description:

2007-09-01 16:27:29,734 D51N8481 [000592:000664] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2

Event Record #/Type210653 / Error

Event Submitted/Written: 09/01/2007 09:27:29 AM

Event ID/Source: 100 / AVG7

Event Description:

2007-09-01 16:27:29,234 D51N8481 [000592:000664] ERROR 000 AVG7.CORE DeviceIoControl failed, err=2

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type159959 / Warning

Event Submitted/Written: 09/02/2007 06:11:43 AM

Event ID/Source: 36 / W32Time

Event Description:

The time service has not been able to synchronize the system time

for 49152 seconds because none of the time providers has been able to

provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type159858 / Error

Event Submitted/Written: 09/01/2007 10:00:18 PM

Event ID/Source: 7011 / Service Control Manager

Event Description:

Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Event Record #/Type159697 / Error

Event Submitted/Written: 09/01/2007 09:29:20 AM

Event ID/Source: 1002 / Dhcp

Event Description:

The IP address lease 192.168.1.64 for the Network Card with network address 00123F9DB902 has been

denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type159693 / Error

Event Submitted/Written: 09/01/2007 09:27:27 AM

Event ID/Source: 10005 / DCOM

Event Description:

DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""

in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type159692 / Error

Event Submitted/Written: 09/01/2007 09:24:46 AM

Event ID/Source: 10005 / DCOM

Event Description:

DCOM got error "%%1084" attempting to start the service Avg7Alrt with arguments "-Service"

in order to run the server:

{3486DF65-1D90-406A-A072-30629910F113}

-- End of Deckard's System Scanner: finished at 2007-09-02 10:23:35 ------------

[Constant Tracking Cookies]

About a year ago, thanks to Norton (which randomly decided to stop running) I got some kind of downloader on my system. It took a few weeks and lots of help from my big brother--who also suggested I run AVG anti-virus instead--but the problem appeared to be cleared up. And after a few weeks I let AVG run a pre-scheduled daily check and stopped manually scanning or paying really close attention. So I just realized that for months AVG has been quietly removing the same tracking cookies from my computer every day. I don't know if this is related to the previous problem or something new. AVG has not found any viruses, just the spyware/adware. I've run Adware and Spybot and they both also find and remove tracking cookies, but they just return (for example Spybot has cleaned "Burst Media" off my computer 3 times today, it appears again everytime I scan). In trying to search to find what programs should or shouldn't be running, I found links to the forums with Hijack this logs, so I thought if I posted one, someone might be able to identify what is putting this stuff back on my system

Thank you for any help or suggestions you can give me!

Logfile of HijackThis v1.99.1

Scan saved at 5:09:31 PM, on 9/1/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DellSupport\DSAgnt.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Documents and Settings\Karen\My Documents\Hijack This\HijackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {6f550791-000c-474d-a7ca-69ba91dd00d7} - C:\WINDOWS\system32\grpclt.dll (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [intelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll

O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O20 - Winlogon Notify: grpclt - grpclt.dll (file missing)

O20 - Winlogon Notify: mljji - mljji.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe