Can't Remove Trojans[INACTIVE]

[suzannebaer]

Hello Helpful People!

AVG found several files on my husband's computer it identified as trojans. AVG would delete the files but even 15minutes later a new scan would find the same or similar files. When the problem surfaced a few weeks ago he had downloaded some new games from some different game sites. I found a reference to combofix and tired downloading and running that. It seemed to work as AVG ran clean for a couple of weeks. Now it is doing the same thing. I'm hoping you can find something in a log that can help us get rid of whatever is re-inventing those files.

Thank you for your time!

Hijack this Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:59, on 2007-12-12

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Documents and Settings\Owner\My Documents\Hijack This\HJTInstall(2).exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Macromedia Extension - {5143353C-6C58-DABB-C7B9-A4EC8B74F05E} - C:\WINDOWS\system\whcstd32.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Macromedia Movie - {DEFBC2DC-A419-A88C-7866-35824BC53021} - C:\WINDOWS\system\bedtsc32.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explore.exe

O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--

End of file - 4901 bytes

[sarahw]

Hi,

Welcome to the site

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

I want you to show hidden files. There are instructions HERE to help you do this.

You should have Administrator rights to perform the fixes. Some of the instructions I give may need to be printed or saved for reference during the fix. Some of the fix will be done in Safe Mode so you will be unable to access this thread at that time.

Please dont use any of the tools without specific instructions. Some of them are dangerous (and could leave your computer in worse condition that it is when infected) if used incorrectly.

These instuctions should be read first, then followed. If you do not understand something, don't be afraid to ask, or see if I'm on chat.

[sarahw]

Hi,

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
  
• In the Mode menu click "Advanced mode" if not already selected.
  
• Choose "Yes" at the Warning prompt.
  
• Expand the "Tools" menu.
  
• Click "Resident".
  
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  
• In the File menu click "Exit" to exit Spybot Search & Destroy.
  

Please go to UploadMalware to upload a suspicious file for analysis.

• Enter your username from this forum: suzannebaer
  
• Copy and paste the link to this thread: http://www.besttechie.net/forums/Canand39t-Remove-Trojans-t13074.html
  
• Browse for these filenames:
  C:\WINDOWS\explore.exe
  C:\WINDOWS\system32\spoolw.exe
  
• In the comments, please mention that I asked you to upload this file: SarahW
  
• Click on Send File
  

Reply with a fresh Hijack This log.

[suzannebaer]

Hi Sarahw!

Thanks for being here to help!

I followed the directions to show hidden files and disable TeaTimer.

When I went to uploadmalware, I could not locate either of the files you requested. I tried browsing for them, typing the file names (got a message that said file not found) and doing a regular search for files and folders off the start menu.

Similarly named files existed: explorer.exe and spoolsv.exe

Is there some other way to look for them? Or should I be glad they appear to be gone?

A new log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:14, on 2007-12-15

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\My Documents\Hijack This\HJTInstall(2).exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Macromedia Extension - {5143353C-6C58-DABB-C7B9-A4EC8B74F05E} - C:\WINDOWS\system\whcstd32.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Macromedia Movie - {DEFBC2DC-A419-A88C-7866-35824BC53021} - C:\WINDOWS\system\bedtsc32.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explore.exe

O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--

End of file - 4800 bytes

[sarahw]

Edited December 16, 2007 by sarahw

[suzannebaer]

Is there something else I should or could be doing?

[sarahw]

Hi,

I'm sorry about that last post. I dont know what happened there.

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
  
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
  

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

[suzannebaer]

Thanks!

Combofix log:

ComboFix 07-12-18.1 - Owner 2007-12-18 6:53:42.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.55 [GMT -8:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix(3).exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2007-11-18 to 2007-12-18 )))))))))))))))))))))))))))))))

.

2007-12-18 06:51 . 2007-12-18 06:51 <DIR> d-------- C:\WINDOWS\LastGood

2007-12-12 21:40 . 2004-11-02 08:58 163,840 --a------ C:\WINDOWS\system32\igfxres.dll

2007-12-12 21:39 . 2007-12-12 21:39 2,422 --a------ C:\WINDOWS\system32\wpa.bak

2007-12-12 21:15 . 2006-02-28 04:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls

2007-12-12 21:13 . 2006-02-28 04:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2007-12-12 21:12 . 2006-02-28 04:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2007-12-12 21:10 . 2007-12-12 21:10 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2007-12-12 21:04 . 2006-02-28 04:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

2007-12-12 21:04 . 2006-02-28 04:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll

2007-12-12 21:04 . 2006-02-28 04:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll

2007-12-12 21:04 . 2006-02-28 04:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll

2007-12-01 14:38 . 2007-12-01 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-18 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7

2007-12-17 16:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7

2007-11-29 15:03 291,328 ----a-w C:\WINDOWS\system32\libcurl.dll

2007-11-15 15:26 --------- d-----w C:\Program Files\Common Files\xing shared

2007-11-15 15:25 --------- d-----w C:\Program Files\Real

2007-11-15 15:24 --------- d-----w C:\Program Files\Common Files\Real

2007-11-15 07:27 --------- d-----w C:\Program Files\Google

2007-11-15 05:16 --------- d-----w C:\Program Files\Microsoft Works

2007-11-15 05:16 --------- d-----w C:\Program Files\Microsoft ActiveSync

2007-11-15 05:16 --------- d-----w C:\Program Files\Common Files\L&H

2007-11-15 04:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2007-11-15 04:49 9,216 ----a-w C:\WINDOWS\system32\avgwlntf.dll

2007-11-15 04:49 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2007-11-15 04:49 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2007-11-15 04:49 110,592 ----a-w C:\WINDOWS\system32\avgfwafu.dll

2007-11-15 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2007-11-15 03:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-15 03:24 --------- d-----w C:\Program Files\Analog Devices

2007-11-15 03:03 --------- d-----w C:\Program Files\Common Files\Adobe

2007-11-15 03:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM

2007-11-13 01:13 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2007-11-13 01:13 --------- d-----w C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor

2007-11-13 01:12 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-11-13 01:05 --------- d-----w C:\Program Files\microsoft frontpage

.

((((((((((((((((((((((((((((( snapshot@2007-11-29_22.36.51.31 )))))))))))))))))))))))))))))))))))))))))

.

+ 2004-11-17 17:31:32 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll

+ 2004-10-14 18:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spmsg.dll

+ 2004-10-14 18:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe

+ 2004-10-14 18:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll

+ 2004-10-14 18:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe

+ 2004-10-28 01:28:18 721,920 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll

+ 2004-10-28 01:15:16 448,128 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys

+ 2004-10-28 01:14:56 174,592 ----a-w C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys

+ 2004-10-14 19:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB885835\spmsg.dll

+ 2004-10-14 19:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe

+ 2004-10-14 19:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\spcustom.dll

+ 2004-10-14 19:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe

+ 2004-10-14 19:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB885836\spmsg.dll

+ 2004-10-14 19:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe

+ 2004-10-14 19:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\spcustom.dll

+ 2004-10-14 19:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe

+ 2004-10-13 16:21:24 1,694,208 ----a-w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe

+ 2004-10-14 19:34:52 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll

+ 2004-10-14 19:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe

+ 2004-10-14 19:36:16 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll

+ 2004-10-14 19:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe

+ 2004-12-07 19:29:19 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB888302\SP2QFE\srvsvc.dll

+ 2004-11-30 22:46:38 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spmsg.dll

+ 2004-12-01 04:22:42 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe

+ 2004-12-01 04:22:40 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\spcustom.dll

+ 2004-11-30 22:46:40 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe

+ 2005-04-22 05:18:52 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\agentdpv.dll

+ 2005-05-17 00:26:30 17,920 ----a-w C:\WINDOWS\$hf_mig$\KB890046\SP2QFE\xpsp3res.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll

+ 2005-03-02 18:19:56 62,464 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\authz.dll

+ 2005-03-02 01:02:13 2,135,552 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe

+ 2005-03-02 00:36:40 2,056,832 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

+ 2005-03-02 00:36:41 2,015,232 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe

+ 2005-03-02 01:04:22 2,179,456 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

+ 2005-03-02 18:19:56 577,024 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

+ 2005-03-02 01:11:25 1,836,160 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys

+ 2005-03-02 18:19:56 291,328 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll

+ 2005-02-25 03:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll

+ 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe

+ 2005-02-25 03:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll

+ 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe

+ 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll

+ 2004-11-30 22:46:38 7,168 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spmsg.dll

+ 2004-12-01 04:22:42 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe

+ 2004-12-01 04:22:40 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\spcustom.dll

+ 2004-11-30 22:46:40 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe

+ 2005-07-08 16:28:58 249,344 ----a-w C:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe

+ 2005-07-08 03:27:08 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll

+ 2005-04-28 19:35:02 1,286,144 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll

+ 2005-04-28 19:35:01 74,752 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecli32.dll

+ 2005-04-28 19:35:01 37,376 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecnv32.dll

+ 2005-04-28 19:35:01 396,288 ----a-w C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll

+ 2005-05-26 23:26:50 10,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe

+ 2005-05-27 02:08:59 41,472 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hhsetup.dll

+ 2005-05-27 02:08:59 155,136 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itircl.dll

+ 2005-05-27 02:08:59 137,216 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\itss.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll

+ 2005-06-11 00:17:13 57,856 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe

+ 2005-06-30 00:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll

+ 2005-05-10 23:51:10 75,776 ----a-w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll

+ 2005-06-15 17:42:35 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe

+ 2005-06-30 00:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll

+ 2005-06-10 04:06:01 139,528 ----a-w C:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe

+ 2005-06-30 00:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll

+ 2006-02-15 00:30:07 142,464 ----a-w C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB900485\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll

+ 2005-09-01 01:44:04 19,968 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\linkinfo.dll

+ 2005-09-23 03:18:20 8,452,608 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shell32.dll

+ 2005-09-02 23:53:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\shlwapi.dll

+ 2005-09-01 01:44:05 291,840 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll

+ 2005-09-27 00:29:45 21,504 ----a-w C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\xpsp3res.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe

+ 2005-09-27 01:36:24 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll

+ 2005-09-10 01:48:47 2,068,480 ----a-w C:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe

+ 2005-09-10 00:26:26 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll

+ 2005-06-29 01:49:55 254,976 ----a-w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\icm32.dll

+ 2005-06-29 01:49:55 73,728 ----a-w C:\WINDOWS\$hf_mig$\KB901214\SP2QFE\mscms.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll

+ 2005-07-26 04:20:23 225,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll

+ 2005-07-26 04:20:23 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll

+ 2005-07-26 04:20:23 110,080 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll

+ 2005-07-26 04:20:24 498,688 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll

+ 2005-07-26 04:20:24 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll

+ 2005-07-26 04:20:24 195,072 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll

+ 2005-07-26 04:20:25 97,792 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll

+ 2005-07-26 04:20:27 1,267,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll

+ 2005-07-26 04:20:28 540,160 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll

+ 2005-07-26 04:20:28 243,200 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll

+ 2005-07-25 23:42:35 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe

+ 2005-07-26 04:20:29 425,472 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll

+ 2005-07-26 04:20:31 945,152 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll

+ 2005-07-26 04:20:31 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll

+ 2005-07-26 04:20:39 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll

+ 2005-07-26 04:20:40 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll

+ 2005-07-26 04:20:40 1,285,632 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll

+ 2005-07-26 04:20:40 74,752 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll

+ 2005-07-26 04:20:40 37,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll

+ 2005-07-26 04:20:40 398,336 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll

+ 2005-07-26 04:20:40 101,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll

+ 2005-07-26 04:20:40 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe

+ 2005-07-26 03:21:18 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll

+ 2005-08-30 04:13:42 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB904706\SP2QFE\quartz.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB904706\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB904706\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\updspapi.dll

+ 2005-08-22 18:24:55 197,632 ----a-w C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll

+ 2005-02-25 03:35:05 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB905414\spmsg.dll

+ 2005-02-25 03:35:05 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB905414\spuninst.exe

+ 2005-08-19 23:50:31 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe

+ 2005-02-25 03:35:05 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\spcustom.dll

+ 2005-02-25 03:35:05 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\update.exe

+ 2005-02-25 03:35:06 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\updspapi.dll

+ 2005-08-23 03:39:54 123,392 ----a-w C:\WINDOWS\$hf_mig$\KB905749\SP2QFE\umpnpmgr.dll

+ 2005-02-25 04:35:06 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll

+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe

+ 2005-08-23 02:01:30 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe

+ 2005-02-25 04:35:06 22,240 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll

+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe

+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll

+ 2005-10-17 21:21:19 80,896 ----a-w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\fontsub.dll

+ 2005-10-17 21:21:19 117,760 ----a-w C:\WINDOWS\$hf_mig$\KB908519\SP2QFE\t2embed.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB908519\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB908519\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB908519\update\updspapi.dll

+ 2006-03-17 04:46:31 8,454,656 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\shell32.dll

+ 2006-03-17 01:05:35 28,672 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe

+ 2006-03-22 01:29:43 23,040 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\xpsp3res.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB908531\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB908531\update\updspapi.dll

+ 2006-06-22 10:36:52 180,736 ----a-w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll

+ 2006-03-23 05:53:08 143,360 ----a-w C:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911562\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911562\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll

+ 2006-01-04 04:18:34 68,096 ----a-w C:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911927\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll

+ 2006-03-01 19:34:20 426,496 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcprx.dll

+ 2006-03-01 19:34:20 956,416 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtctm.dll

+ 2006-03-01 19:34:20 161,280 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\msdtcuiu.dll

+ 2006-03-01 19:34:20 66,560 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxclu.dll

+ 2006-03-01 19:34:20 91,136 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\mtxoci.dll

+ 2006-03-01 19:34:20 11,776 ----a-w C:\WINDOWS\$hf_mig$\KB913580\SP2QFE\xolehlp.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB913580\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB913580\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB913580\update\updspapi.dll

+ 2006-05-19 13:46:40 112,128 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dhcpcsvc.dll

+ 2006-05-19 13:46:40 147,456 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\dnsapi.dll

+ 2006-05-19 13:46:40 94,720 ----a-w C:\WINDOWS\$hf_mig$\KB914388\SP2QFE\iphlpapi.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB914388\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB914388\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB914388\update\updspapi.dll

+ 2006-05-05 10:16:39 454,400 ----a-w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys

+ 2006-05-05 10:22:52 174,592 ----a-w C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB914389\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB914389\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB914389\update\updspapi.dll

+ 2006-03-17 01:08:10 262,656 ----a-w C:\WINDOWS\$hf_mig$\KB916595\SP2QFE\http.sys

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB916595\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB916595\update\updspapi.dll

+ 2006-05-18 05:37:43 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB917344\SP2QFE\jscript.dll

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB917344\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB917344\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB917344\update\updspapi.dll

+ 2006-04-20 12:18:35 360,576 ----a-w C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB917953\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB917953\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB917953\update\updspapi.dll

+ 2006-11-27 15:17:10 539,136 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll

+ 2006-11-27 15:17:10 433,664 ----a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll

+ 2006-06-01 19:39:42 163,840 ----a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgdw400.dll

+ 2006-06-01 19:39:42 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB918439\SP2QFE\jgpl400.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB918439\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB918439\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB918439\update\updspapi.dll

+ 2006-07-13 11:43:08 202,496 ----a-w C:\WINDOWS\$hf_mig$\KB919007\SP2QFE\rmcast.sys

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB919007\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB919007\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB919007\update\updspapi.dll

+ 2006-10-12 13:54:18 42,496 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll

+ 2006-10-12 13:54:18 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll

+ 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe

+ 2006-10-16 10:29:15 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\xpsp3res.dll

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll

+ 2006-07-21 08:26:49 72,704 ----a-w C:\WINDOWS\$hf_mig$\KB920670\SP2QFE\hlink.dll

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920670\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920670\update\updspapi.dll

+ 2006-06-26 17:45:19 147,456 ----a-w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\dnsapi.dll

+ 2006-06-26 17:45:19 7,680 ----a-w C:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920683\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920683\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920683\update\updspapi.dll

+ 2006-06-22 05:22:04 69,120 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll

+ 2006-06-22 05:22:05 1,435,648 ----a-w C:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920685\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll

+ 2006-06-14 08:50:19 172,416 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\kmixer.sys

+ 2006-06-14 08:50:19 6,272 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys

+ 2006-06-14 09:17:04 82,944 ----a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB920872\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB920872\update\updspapi.dll

+ 2007-05-17 11:25:21 549,888 ----a-w C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll

+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\6to4svc.dll

+ 2006-08-16 10:13:39 225,664 ----a-w C:\WINDOWS\$hf_mig$\KB922819\SP2QFE\tcpip6.sys

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB922819\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB922819\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB922819\update\updspapi.dll

+ 2006-08-14 12:00:42 332,928 ----a-w C:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB923414\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB923414\update\updspapi.dll

+ 2006-10-13 12:41:38 64,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll

+ 2006-10-13 12:41:38 142,336 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll

+ 2006-10-13 10:39:12 163,456 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys

+ 2006-10-13 12:41:38 65,536 ----a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll

+ 2006-08-17 12:37:49 726,528 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll

+ 2006-08-17 12:37:49 337,408 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll

+ 2006-08-17 12:37:49 132,096 ----a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB924270\update\updspapi.dll

+ 2006-09-04 06:12:56 1,497,088 ----a-w C:\WINDOWS\$hf_mig$\KB924496\SP2QFE\shdocvw.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB924496\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB924496\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB924496\update\updspapi.dll

+ 2007-03-08 15:48:36 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll

+ 2007-03-08 15:48:36 40,960 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll

+ 2007-03-08 15:48:36 578,048 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

+ 2007-03-08 13:49:49 1,843,968 ----a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll

+ 2006-10-19 13:59:58 713,216 ----a-w C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB926255\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB926255\update\updspapi.dll

+ 2006-10-16 17:14:17 122,880 ----a-w C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll

+ 2005-10-12 23:16:49 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll

+ 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe

+ 2005-10-12 23:16:49 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll

+ 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe

+ 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll

+ 2006-12-26 13:18:55 536,576 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll

+ 2006-12-26 13:18:55 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll

+ 2006-12-26 13:18:55 200,704 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll

+ 2006-12-26 13:18:55 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll

+ 2006-12-19 18:47:14 333,824 ----a-w C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB927802\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll

+ 2006-12-19 21:50:10 8,458,752 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll

+ 2006-12-19 21:50:10 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll

+ 2006-12-19 16:10:56 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\xpsp3res.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB928843\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB928843\update\updspapi.dll

+ 2007-05-16 15:32:55 86,528 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll

+ 2007-05-16 15:32:55 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll

+ 2007-05-16 15:32:56 1,314,816 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll

+ 2007-05-16 15:32:56 510,976 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll

+ 2007-05-16 15:32:56 85,504 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll

+ 2007-03-17 13:45:03 292,864 ----a-w C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll

+ 2007-02-09 11:23:36 574,976 ----a-w C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll

+ 2007-02-05 20:19:14 185,344 ----a-w C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll

+ 2007-02-28 09:53:04 2,137,600 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe

+ 2007-02-28 09:15:56 2,059,392 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

+ 2007-02-28 09:15:59 2,017,280 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe

+ 2007-02-28 09:55:14 2,182,144 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll

+ 2007-03-09 13:58:57 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\agentdpv.dll

+ 2007-03-09 11:28:00 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\xpsp3res.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\updspapi.dll

+ 2007-07-18 10:33:06 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll

+ 2007-04-16 16:07:27 986,112 ----a-w C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll

+ 2007-04-25 20:32:22 144,896 ----a-w C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll

+ 2007-06-26 06:06:12 1,104,896 ----a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll

+ 2007-04-23 10:14:23 364,160 ----a-w C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll

+ 2007-06-26 15:16:01 851,968 ----a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll

+ 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll

+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe

+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll

+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe

+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll

+ 2007-06-19 13:37:21 282,112 ----a-w C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll

+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938829\spmsg.dll

+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938829\spuninst.exe

+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\spcustom.dll

+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe

+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938829\update\updspapi.dll

+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll

+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll

+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll

+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll

+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll

+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll

+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe

+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll

+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll

+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll

+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll

+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll

+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll

+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll

+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll

+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll

+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll

+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll

+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll

+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll

+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll

+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll

+ 2007-10-11 05:57:29 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll

+ 2007-10-11 05:57:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll

+ 2007-10-11 05:57:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll

+ 2007-10-11 05:57:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll

+ 2007-10-11 05:57:30 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll

+ 2007-10-11 05:57:30 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll

+ 2007-10-10 10:48:23 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe

+ 2007-10-11 05:57:31 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll

+ 2007-10-11 05:57:31 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll

+ 2007-10-11 05:57:31 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll

+ 2007-10-30 09:55:21 3,065,856 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll

+ 2007-10-11 05:57:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll

+ 2007-10-11 05:57:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll

+ 2007-10-11 05:57:37 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll

+ 2007-10-11 05:57:37 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll

+ 2007-10-11 05:57:39 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll

+ 2007-10-11 05:57:40 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll

+ 2007-10-11 05:57:40 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll

+ 2007-10-11 05:57:41 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll

+ 2007-10-10 10:34:35 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\xpsp3res.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll

+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll

+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll

+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys

+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll

+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe

+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll

+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe

+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll

- 2007-11-13 01:05:20 225,280 ---ha-w C:\WINDOWS\repair\ntuser.dat

+ 2007-12-13 05:12:10 1,392,640 ---ha-w C:\WINDOWS\repair\ntuser.dat

+ 2007-12-13 05:16:34 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat

+ 2007-12-13 05:16:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2007-12-13 05:16:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007121220071213\index.dat

+ 2007-12-13 05:16:34 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2004-08-04 06:39:38 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys

+ 2006-02-28 12:00:00 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys

+ 2006-02-28 12:00:00 42,368 ----a-w C:\WINDOWS\system32\drivers\agp440.sys

+ 2006-02-28 12:00:00 44,928 ----a-w C:\WINDOWS\system32\drivers\agpcpq.sys

+ 2006-02-28 12:00:00 42,752 ----a-w C:\WINDOWS\system32\drivers\alim1541.sys

+ 2006-02-28 12:00:00 43,008 ----a-w C:\WINDOWS\system32\drivers\amdagp.sys

- 2004-08-04 07:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys

+ 2006-02-28 12:00:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys

+ 2006-02-28 12:00:00 46,464 ----a-w C:\WINDOWS\system32\drivers\gagp30kx.sys

- 2004-08-03 22:59:42 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys

+ 2006-02-28 12:00:00 5,504 ----a-w C:\WINDOWS\system32\drivers\intelide.sys

- 2004-08-04 07:07:50 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys

+ 2006-02-28 12:00:00 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys

- 2004-08-04 07:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys

+ 2006-02-28 12:00:00 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys

- 2004-08-04 06:58:42 7,552 ----a-w C:\WINDOWS\system32\drivers\MSKSSRV.sys

+ 2006-02-28 12:00:00 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys

- 2004-08-04 06:58:40 5,376 ----a-w C:\WINDOWS\system32\drivers\MSPCLOCK.sys

+ 2006-02-28 12:00:00 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys

- 2004-08-04 06:58:42 4,992 ----a-w C:\WINDOWS\system32\drivers\MSPQM.sys

+ 2006-02-28 12:00:00 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys

- 2004-08-04 07:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

+ 2006-02-28 12:00:00 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

+ 2006-02-28 12:00:00 41,088 ----a-w C:\WINDOWS\system32\drivers\sisagp.sys

- 2004-08-04 07:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys

+ 2006-02-28 12:00:00 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys

- 2001-08-17 22:00:52 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys

+ 2006-02-28 12:00:00 54,272 ----a-w C:\WINDOWS\system32\drivers\swmidi.sys

- 2004-08-04 07:15:56 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

+ 2006-02-28 12:00:00 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

+ 2006-02-28 12:00:00 44,672 ----a-w C:\WINDOWS\system32\drivers\uagp35.sys

- 2004-08-04 07:08:48 26,496 ----a-w C:\WINDOWS\system32\drivers\USBSTOR.SYS

+ 2006-02-28 12:00:00 26,496 ----a-w C:\WINDOWS\system32\drivers\usbstor.sys

+ 2006-02-28 12:00:00 42,240 ----a-w C:\WINDOWS\system32\drivers\viaagp.sys

- 2004-08-04 07:15:06 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

+ 2006-02-28 12:00:00 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

+ 2006-02-28 12:00:00 514,587 ----a-w C:\WINDOWS\system32\edb500.dll

- 2007-11-13 01:02:17 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat

+ 2007-12-13 05:09:57 22,720 ----a-w C:\WINDOWS\system32\emptyregdb.dat

- 2007-11-17 15:32:05 113,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2007-12-13 05:16:08 113,376 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT

+ 2007-11-21 00:04:14 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe

- 2007-11-25 21:16:59 48,749 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2007-12-15 08:17:37 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

+ 2006-02-28 12:00:00 40,960 ----a-w C:\WINDOWS\system32\msiregmv.exe

- 2007-11-13 01:11:10 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2007-12-13 05:19:22 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2007-11-13 01:11:10 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2007-12-13 05:19:22 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2005-02-25 03:35:05 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe

+ 2005-06-28 18:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe

- 2007-07-23 02:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe

+ 2007-12-14 05:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe

+ 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe

- 2004-08-04 00:56:48 74,240 ----a-w C:\WINDOWS\system32\usbui.dll

+ 2006-02-28 12:00:00 74,240 ----a-w C:\WINDOWS\system32\usbui.dll

+ 2006-03-17 00:38:01 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe

- 2006-02-01 00:28:24 16,384 ------w C:\WINDOWS\system32\xpsp3res.dll

+ 2007-10-29 10:26:53 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll

+ 2006-02-28 12:00:00 921,088 ----a-w C:\WINDOWS\WinSxS\InstallTemp\48874\comctl32.dll

+ 2007-01-19 20:15:24 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll

+ 2007-01-19 20:15:24 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll

+ 2007-01-19 20:15:24 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll

+ 2007-01-19 20:15:24 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll

+ 2006-08-25 15:45:55 1,054,208 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5143353C-6C58-DABB-C7B9-A4EC8B74F05E}]

C:\WINDOWS\system\whcstd32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DEFBC2DC-A419-A88C-7866-35824BC53021}]

C:\WINDOWS\system\bedtsc32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-14 20:49]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-15 07:22]

"Windows Explorer"="C:\WINDOWS\explore.exe" []

"dumprep"="C:\WINDOWS\system32\spoolw.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-14 20:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2007-11-14 20:49 9216 C:\WINDOWS\system32\avgwlntf.dll

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-18 06:56:57

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-18 6:57:53

C:\ComboFix2.txt ... 2007-11-29 22:37

.

2007-12-18 14:42:23 --- E O F ---

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:02:22 AM, on 12/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Owner\My Documents\Hijack This\HJTInstall(2).exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Macromedia Extension - {5143353C-6C58-DABB-C7B9-A4EC8B74F05E} - C:\WINDOWS\system\whcstd32.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Macromedia Movie - {DEFBC2DC-A419-A88C-7866-35824BC53021} - C:\WINDOWS\system\bedtsc32.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explore.exe

O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--

End of file - 4773 bytes

[sarahw]

Hi,

1. Please open Notepad

• Click Start , then Run
  
• Type notepad .exe in the Run Box.
  

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

C:\WINDOWS\system\bedtsc32.dll

C:\WINDOWS\system\whcstd32.dll

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5143353C-6C58-DABB-C7B9-A4EC8B74F05E}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DEFBC2DC-A419-A88C-7866-35824BC53021}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
  
• A new HijackThis log.
  

[suzannebaer]

In case it's important... Both times that I ran combofix, it did not appear to reboot but firefox wouldn't open. When I try restarting the computer it gives me a program not responding for "SysFader" and then goes through a continuous loop of shutting down SysFader. Both times I have had to restart the computer by holding down the power button. Firefox works fine when the computer reboots.

Combofix log:

ComboFix 07-12-18.1 - Owner 2007-12-18 22:50:12.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.68 [GMT -8:00]

Running from: C:\Documents and Settings\Owner\Desktop\ComboFix(3).exe

Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt

* Created a new restore point

FILE

C:\WINDOWS\system\bedtsc32.dll

C:\WINDOWS\system\whcstd32.dll

.

((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))

.

2007-12-18 06:51 . 2007-12-18 06:51 <DIR> d-------- C:\WINDOWS\LastGood

2007-12-12 21:40 . 2004-11-02 08:58 163,840 --a------ C:\WINDOWS\system32\igfxres.dll

2007-12-12 21:39 . 2007-12-12 21:39 2,422 --a------ C:\WINDOWS\system32\wpa.bak

2007-12-12 21:15 . 2006-02-28 04:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls

2007-12-12 21:13 . 2006-02-28 04:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll

2007-12-12 21:12 . 2006-02-28 04:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\WindowsShell.Manifest

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest

2007-12-12 21:10 . 2007-12-12 21:10 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest

2007-12-12 21:10 . 2007-12-12 21:10 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest

2007-12-12 21:04 . 2006-02-28 04:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

2007-12-12 21:04 . 2006-02-28 04:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll

2007-12-12 21:04 . 2006-02-28 04:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll

2007-12-12 21:04 . 2006-02-28 04:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll

2007-12-01 14:38 . 2007-12-01 15:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-12-18 16:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7

2007-12-18 09:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7

2007-11-29 15:03 291,328 ----a-w C:\WINDOWS\system32\libcurl.dll

2007-11-15 15:26 --------- d-----w C:\Program Files\Common Files\xing shared

2007-11-15 15:25 --------- d-----w C:\Program Files\Real

2007-11-15 15:24 --------- d-----w C:\Program Files\Common Files\Real

2007-11-15 07:27 --------- d-----w C:\Program Files\Google

2007-11-15 05:16 --------- d-----w C:\Program Files\Microsoft Works

2007-11-15 05:16 --------- d-----w C:\Program Files\Microsoft ActiveSync

2007-11-15 05:16 --------- d-----w C:\Program Files\Common Files\L&H

2007-11-15 04:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2007-11-15 04:49 9,216 ----a-w C:\WINDOWS\system32\avgwlntf.dll

2007-11-15 04:49 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2007-11-15 04:49 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2007-11-15 04:49 110,592 ----a-w C:\WINDOWS\system32\avgfwafu.dll

2007-11-15 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2007-11-15 03:24 --------- d--h--w C:\Program Files\InstallShield Installation Information

2007-11-15 03:24 --------- d-----w C:\Program Files\Analog Devices

2007-11-15 03:03 --------- d-----w C:\Program Files\Common Files\Adobe

2007-11-15 03:03 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM

2007-11-13 01:13 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2007-11-13 01:13 --------- d-----w C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor

2007-11-13 01:12 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-11-13 01:05 --------- d-----w C:\Program Files\microsoft frontpage

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 04:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-02 09:03]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 08:59]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-14 20:49]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-15 07:22]

"Windows Explorer"="C:\WINDOWS\explore.exe" []

"dumprep"="C:\WINDOWS\system32\spoolw.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-14 20:49]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]

avgwlntf.dll 2007-11-14 20:49 9216 C:\WINDOWS\system32\avgwlntf.dll

.

**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-18 22:52:20

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-12-18 22:53:16

C:\ComboFix2.txt ... 2007-12-18 06:57

C:\ComboFix3.txt ... 2007-11-29 22:37

.

2007-12-18 14:42:23 --- E O F ---

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:07:35 PM, on 12/18/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Documents and Settings\Owner\My Documents\Hijack This\HJTInstall(2).exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explore.exe

O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe

O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--

End of file - 4569 bytes

[sarahw]

In case it's important... Both times that I ran combofix, it did not appear to reboot but firefox wouldn't open.

Did you wait for combofix to finnish before you opened Firefox? When running Firefox its best not to open or click anything.

When I try restarting the computer it gives me a program not responding for "SysFader" and then goes through a continuous loop of shutting down SysFader.

Sysfader is related to Nvidia software. I'm not sure what would cause this problem. Could you please tell me if it happens again.

Please run these two scans. The first one is AVG Anti-spyware, not AVG Anti-virus.

If it finds any files, could you please tell me if any where the files you were originally talking about being unable to remove.

1.

First download AVG Anti-Spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
   
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
   
3. On the main screen select the icon "Update" then select the "Update now" link.
   • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
     

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

• Select "Automatically generate report after every scan"
  
• Un-Select "Only if threats were found"
  

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

2.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

Do not Run it yet, we will use it later. Save it somewhere you will remember, like your desktop.

3.

Reboot into Safe Mode by continuously tapping the F8 key as soon as the computer begins to boot. A menu should come up where you will be given the option to enter Safe Mode.

4.

Please open ATF Cleaner by Atribune.

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

5.

1. 
   IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
   
2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
   
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
   
4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
   Once the scan is complete do the following:
   
5. If you have any infections you will prompted, then select "Apply all actions"
   
6. Next select the "Reports" icon at the top.
   
7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
   
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
   

6.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Click the big Scan Now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on My Computer to start the scan
  
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and post the results of the AVG Anti-Spyware report scan.
  

[suzannebaer]

Both times I ran combofix, I waited until the log came up--which my understanding of the directions was that when the log came up, then combofix was finished. It was only after I had saved the log as a notepad file and copied it to paste that I attempted to run firefox. Should combofix be finished running when the log appears or is there something else I should wait for?

AVG anti-spyware log:

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 19:49 12/19/2007

+ Scan result:

Nothing found.

::Report end

Panda's ActiveScan:

Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix(3).exe[nircmd.exe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix(3).exe[nircmd.cfexe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix.exe[nircmd.exe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Owner\Desktop\ComboFix.exe[nircmd.cfexe]

Virus:Trj/Alphabet.gen Disinfected C:\qoobox\Quarantine\C\WINDOWS\avp.exe.vir

[sarahw]

Hi,

Thats a strange issue regarding your browser. I will tell the author of the Combofix about it.

We'll remove Combofix now, as your logs look clean.

Time for some housekeeping

• Click START then RUN
  
• Now type Combofix /u in the runbox and click OK
  
  • 
    

  [*] When shown the disclaimer, Select "2"

The above procedure will:

• Delete the following:
  • ComboFix and its associated files and folders.
    
  • VundoFix backups, if present
    
  • The C:\Deckard folder, if present
    
  • The C:_OtMoveIt folder, if present
    

  [*] Reset the clock settings.

  [*] Hide file extensions, if required.

  [*] Hide System/Hidden files, if required.

  [*] Reset System Restore.

Are you having any other problems? Have those files returned?

[suzannebaer]

AVG is scanning clean and it appears to be working well.

Thank you for your time and assistance!

[sarahw]

Hi,

Just one more thing I would like you to remove.

Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explore.exe

O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe

Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTMoveIt.exe to run it.
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explore.exe
  O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  
• Close OTMoveIt
  

*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.

**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :

C:\_OTMoveIt\MovedFiles\********_******.log

(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

[suzannebaer]

Sorry for the delay in reply... we were out of town and I didn't get to check this thread very quickly.

OtMoveIt Results:

File/Folder O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\explore.exe not found.

File/Folder O4 - HKLM\..\Run: [dumprep] C:\WINDOWS\system32\spoolw.exe not found.

Created on 12/28/2007 14:43:13

I also got a message that it could not create a log.

[sarahw]

The files must already be gone.

Can you post a fresh Hijack this log so I can see if the registry entries are gone.