TheTechGuide Forum
General Category => Tech Clinic => Topic started by: Mr K on December 01, 2008, 11:07:29 PM
-
There's nothing especially wrong with my computer, but I'd like to clean it up, and make sure there's no problems with it.
Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:28 PM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iWin Games\iWinGamesInstaller.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\mljge.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {3732CD94-2F21-2CDA-5310-5900B9C18ACA} - C:\WINDOWS\system32\nmcfq.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: (no name) - {C4270604-D018-4808-9098-68BAFB507049} - C:\WINDOWS\system32\mljge.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (http://\"http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab (http://\"http://download.movienetworks.com/install/US/altpmtscab.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader.cab\")
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab (http://\"http://www.acclaim.com/cabs/acclaim_v4.cab\")
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab (http://\"http://www.linksysfix.com/netcheck/53/install/gtdownls.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematyc...inematycoon.cab (http://\"http://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...100/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5100/mcfscan.cab\")
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c954f5304c0e42) (gupdate1c954f5304c0e42) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
--
End of file - 9665 bytes
Malwares' Anti-Malware scan log:
Malwarebytes' Anti-Malware 1.30
Database version: 1443
Windows 5.1.2600 Service Pack 3
12/2/2008 11:01:04 PM
mbam-log-2008-12-02 (23-01-04).txt
Scan type: Quick Scan
Objects scanned: 63878
Time elapsed: 15 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 51
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 9
Files Infected: 46
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Program Files\iWin Games\iWinGamesHookIE.dll (Adware.BHO) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20e31a0e-2214-41e3-9c67-865165832fb8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20e31a0e-2214-41e3-9c67-865165832fb8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca4f0d8d-5f2b-4f16-838a-8d52249eab21} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifefda (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca4f0d8d-5f2b-4f16-838a-8d52249eab21} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.band (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.band.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.bho (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock4.bho.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{495874fe-4a82-4ad1-9476-0b957e0b95eb} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e3ed53c5-7ad5-4df5-9734-afb6e7e5d9db} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07851c6a-1c43-41d9-8319-bc89154a8c00} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1fe2ebe5-42ff-4586-a144-ca420c84ff6a} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f9e2be3-766d-4831-bb0e-766d5b819995} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d4a714f6-af40-4425-b708-ff03cbbc0a84} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8f9e2be3-766d-4831-bb0e-766d5b819995} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca4f0d8d-5f2b-4f16-838a-8d52249eab21} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{849b9523-785f-4014-9caf-079fb4a74c61} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7672baf-e9a3-49b6-86b2-c81719a18a4c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-100005000004} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8f9e2be3-766d-4831-bb0e-766d5b819995} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{1fe2ebe5-42ff-4586-a144-ca420c84ff6a} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BndBlock4.DLL (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{ca4f0d8d-5f2b-4f16-838a-8d52249eab21} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\76733dc0 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\vdsxckrw.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iifefda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\iWin Games\iWinGamesHookIE.dll (Adware.BHO) -> Delete on reboot.
C:\WINDOWS\system32\000050.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP1E7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP24.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP25.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP27.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP2A.tmp (Adware.ISMonitor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP2B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP31.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP32.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP34.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\DNR46.tmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP36.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP38.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP3C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP3F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP6E.tmp (Trojan.Insider) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP70.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP7B.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP88.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP8B.tmp (Adware.SearchAid) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP97.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMPAA.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP12E.tmp (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\rcv3F.tmp (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\TMP35.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temporary Internet Files\Content.IE5\5EF51Y7I\!update-4495[1].0000 (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\report.csv (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup\3_13_2007.reg (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore\UnInstall.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS\UnInstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM75400e5c.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM75400e5c.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephen Kelly\Local Settings\Temp\opr38.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.
-
There still some leftovers
Can you do the following please
Download ComboFix from one of these locations:
[color=\"#0000FF\"]Link 1[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 2[/color] (http://\"http://subs.geekstogo.com/ComboFix.exe\")
[color=\"#FF0000\"]* IMPORTANT !!! Save ComboFix.exe to your Desktop
[/color]- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
[color=\"#2E8B57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with a fresh HijackThis
-
Ok, I did what you said. Here's the ComboFix log:
ComboFix 08-12-01.03 - Stephen Kelly 2008-12-03 15:42:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.468 [GMT -5:00]
Running from: c:\documents and settings\Stephen Kelly\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Stephen Kelly\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\program files\RcvSystem
c:\program files\stem32~1
c:\windows\jestertb.dll
c:\windows\mrofinu72.exe.tmp
c:\windows\system32\axycimaa.ini
c:\windows\system32\bgfmagyw.ini
c:\windows\system32\egjlm.ini
c:\windows\system32\egjlm.ini2
c:\windows\system32\erwqmbel.ini
c:\windows\system32\gxdjksun.ini
c:\windows\system32\lkpeurou.ini
c:\windows\system32\lmllm.ini
c:\windows\system32\mlreknqr.ini
c:\windows\system32\nwkvgwdk.ini
c:\windows\system32\omhfknbc.ini
c:\windows\system32\qiuuevla.ini
c:\windows\system32\qjkewljk.ini
c:\windows\system32\qtjetpma.ini
c:\windows\system32\RCX27.tmp
c:\windows\system32\RCX28.tmp
c:\windows\system32\RCX2E.tmp
c:\windows\system32\RCX34.tmp
c:\windows\system32\RCX35.tmp
c:\windows\system32\RCX36.tmp
c:\windows\system32\RCX39.tmp
c:\windows\system32\RCX3A.tmp
c:\windows\system32\RCX3B.tmp
c:\windows\system32\RCX3F.tmp
c:\windows\system32\RCX40.tmp
c:\windows\system32\rrpnxftt.ini
c:\windows\system32\twiaqebd.ini
c:\windows\system32\vprtmqyd.ini
c:\windows\system32\wapisvit.exe
c:\windows\system32\wudbpbwy.ini
c:\windows\system32\xwvhthcn.ini
c:\windows\system32\yltmreiu.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IWINGAMESINSTALLER
-------\Service_iWinGamesInstaller
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-03 01:12 . 2008-12-03 01:12 <DIR> d-------- c:\documents and settings\Stephen Kelly\.thumbnails
2008-12-03 00:55 . 2008-12-03 01:12 <DIR> d-------- c:\documents and settings\Stephen Kelly\Application Data\gtk-2.0
2008-12-03 00:37 . 2008-12-03 12:10 <DIR> d-------- c:\documents and settings\Stephen Kelly\.gimp-2.6
2008-12-03 00:37 . 2008-12-03 00:37 <DIR> d-------- c:\documents and settings\Stephen Kelly\.gegl-0.0
2008-12-03 00:36 . 2008-12-03 00:36 <DIR> d-------- c:\program files\GIMP-2.0
2008-12-02 22:44 . 2008-12-02 22:44 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-02 22:44 . 2008-12-02 22:44 <DIR> d-------- c:\documents and settings\Stephen Kelly\Application Data\Malwarebytes
2008-12-02 22:44 . 2008-12-02 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-02 22:44 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-02 22:44 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-02 19:21 . 2008-12-02 19:21 <DIR> d-------- C:\Nexon
2008-12-02 15:34 . 2008-12-02 15:34 <DIR> d-------- c:\documents and settings\Stephen Kelly\Application Data\InstallShield
2008-11-24 00:38 . 2008-12-02 22:32 <DIR> d-------- c:\program files\Google
2008-11-24 00:38 . 2008-11-30 18:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-11-12 14:53 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 14:51 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 23:22 . 2008-11-11 23:22 <DIR> d-------- c:\program files\MMOInterface
2008-11-05 16:47 . 2008-11-05 16:47 268 --ah----- C:\sqmdata09.sqm
2008-11-05 16:47 . 2008-11-05 16:47 244 --ah----- C:\sqmnoopt09.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 20:41 31 ----a-w c:\documents and settings\Stephen Kelly\jagex_runescape_preferences.dat
2008-12-03 05:26 --------- d-----w c:\program files\iWin Games
2008-12-03 03:34 --------- d-----w c:\program files\iWin.com
2008-12-03 03:33 --------- d-----w c:\documents and settings\Stephen Kelly\Application Data\SiteAdvisor
2008-12-03 03:30 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 22:12 --------- d-----w c:\documents and settings\Stephen Kelly\Application Data\AVGTOOLBAR
2008-11-30 23:13 --------- d-----w c:\program files\Warcraft III
2008-11-23 05:45 --------- d-----w c:\documents and settings\Stephen Kelly\Application Data\GetRightToGo
2008-11-18 05:15 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-17 08:17 --------- d-----w c:\documents and settings\Stephen Kelly\Application Data\AdobeUM
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 18:43 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-10-20 22:26 --------- d-----w c:\documents and settings\Guest\Application Data\SiteAdvisor
2008-10-20 18:55 --------- d-----w c:\documents and settings\Guest\Application Data\iWinArcade
2008-10-14 18:06 --------- d-----w c:\documents and settings\Stephen Kelly\Application Data\Ventrilo
2008-10-05 06:25 --------- d-----w c:\program files\WinPcap
2008-10-05 06:24 --------- d-----w c:\program files\WC3Banlist
2008-10-03 16:38 --------- d-----w c:\program files\Ventrilo
2008-10-03 16:37 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-17 23:31 0 ----a-w c:\documents and settings\Guest\jagex_runescape_preferences.dat
2008-09-07 03:13 63,793 ----a-w c:\windows\BricoPackUninst.cmd
2008-09-07 03:13 6,120 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2008-08-24 17:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082420080825\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-01-02_14.40.37.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 10:40:05 72,704 -c--a-w c:\windows\$hf_mig$\KB925720\SP2QFE\magnify.exe
+ 2006-10-04 10:40:06 53,760 -c--a-w c:\windows\$hf_mig$\KB925720\SP2QFE\narrator.exe
+ 2006-10-04 10:40:06 215,552 -c--a-w c:\windows\$hf_mig$\KB925720\SP2QFE\osk.exe
+ 2006-10-04 14:05:57 35,840 -c--a-w c:\windows\$hf_mig$\KB925720\SP2QFE\umandlg.dll
+ 2006-10-04 10:40:06 50,176 -c--a-w c:\windows\$hf_mig$\KB925720\SP2QFE\utilman.exe
+ 2005-10-12 23:16:49 14,048 -c--a-w c:\windows\$hf_mig$\KB925720\spmsg.dll
+ 2005-10-12 23:16:49 213,216 -c--a-w c:\windows\$hf_mig$\KB925720\spuninst.exe
+ 2005-10-12 23:16:49 22,752 -c--a-w c:\windows\$hf_mig$\KB925720\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 -c--a-w c:\windows\$hf_mig$\KB925720\update\update.exe
+ 2005-10-12 23:16:56 371,424 -c--a-w c:\windows\$hf_mig$\KB925720\update\updspapi.dll
+ 2008-02-26 11:48:44 297,984 -c--a-w c:\windows\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w c:\windows\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w c:\windows\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w c:\windows\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 -c--a-w c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 -c--a-w c:\windows\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w c:\windows\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w c:\windows\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 -c--a-w c:\windows\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 -c--a-w c:\windows\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w c:\windows\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w c:\windows\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 -c--a-w c:\windows\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w c:\windows\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w c:\windows\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w c:\windows\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 -c--a-w c:\windows\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w c:\windows\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w c:\windows\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w c:\windows\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-18 14:32:13 450,560 ----a-w c:\windows\$hf_mig$\KB944338-v2\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w c:\windows\$hf_mig$\KB944338-v2\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB944338-v2\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB944338-v2\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB944338-v2\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 -c--a-w c:\windows\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 -c--a-w c:\windows\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w c:\windows\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w c:\windows\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w c:\windows\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 -c--a-w c:\windows\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 -c--a-w c:\windows\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w c:\windows\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w c:\windows\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-05-02 13:30:08 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:49 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3GDR\msgsc.dll
+ 2008-05-02 13:42:10 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 -c--a-w c:\windows\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w c:\windows\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w c:\windows\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w c:\windows\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 -c--a-w c:\windows\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c--a-w c:\windows\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:31 22,752 -c--a-w c:\windows\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 -c--a-w c:\windows\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:47 371,424 -c--a-w c:\windows\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w c:\windows\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w c:\windows\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w c:\windows\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB950749\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 -c--a-w c:\windows\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22 231,288 -c--a-w c:\windows\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22 26,488 -c--a-w c:\windows\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 -c--a-w c:\windows\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 -c--a-w c:\windows\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22 17,272 -c--a-w c:\windows\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22 231,288 -c--a-w c:\windows\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22 26,488 -c--a-w c:\windows\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 18:39:39 683,520 ----a-w c:\windows\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-12 04:22:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:31 755,576 ----a-w c:\windows\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-13 09:52:16 272,128 -c--a-w c:\windows\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-13 11:05:51 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-13 11:27:43 272,128 -c--a-w c:\windows\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 -c--a-w c:\windows\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 -c--a-w c:\windows\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 -c--a-w c:\windows\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-04-14 11:00:16 272,128 -c--a-w c:\windows\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 12:30:49 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 12:36:35 272,128 -c--a-w c:\windows\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 -c--a-w c:\windows\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:18:51 231,288 -c--a-w c:\windows\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:18:51 26,488 -c--a-w c:\windows\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 -c--a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 -c--a-w c:\windows\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 -c--a-w c:\windows\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 -c--a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 -c--a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 -c--a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 -c--a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 -c--a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 -c--a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 -c--a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 -c--a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 -c--a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 -c--a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 -c--a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 -c--a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 -c--a-w c:\windows\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 -c--a-w c:\windows\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 -c--a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:15 512,000 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16 180,224 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16 172,032 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16 430,080 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:17 90,112 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-05-01 15:04:00 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:33:02 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:38:05 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-25 04:24:48 3,067,904 ----a-w c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll
+ 2008-06-26 08:00:52 1,499,136 ----a-w c:\windows\$hf_mig$\KB953838\SP3QFE\shdocvw.dll
+ 2008-06-26 08:00:52 619,520 ----a-w c:\windows\$hf_mig$\KB953838\SP3QFE\urlmon.dll
+ 2008-06-23 14:54:47 666,624 ----a-w c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB953838\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB953838\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB953838\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB953838\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB953838\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB953839\update\updspapi.dll
+ 2008-09-15 12:25:27 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-08-20 04:58:54 3,067,904 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
+ 2008-08-20 04:58:47 1,499,136 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\shdocvw.dll
+ 2008-08-20 04:58:50 620,032 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\urlmon.dll
+ 2008-08-20 04:58:48 666,624 ----a-w c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956390\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956390\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956390\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956390\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956390\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 10:39:28 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 19:39:46 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 10:09:44 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 20:11:10 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-15 16:25:53 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2004-08-04 06:10:08 53,248 -c----w c:\windows\$NtServicePackUninstall$\1394bus.sys
+ 2006-08-16 11:58:05 100,352 -c----w c:\windows\$NtServicePackUninstall$\6to4svc.dll
+ 2006-10-04 14:05:26 39,424 -c----w c:\windows\$NtServicePackUninstall$\acadproc.dll
+ 2006-10-04 14:05:26 39,424 -c----w c:\windows\$NtServicePackUninstall$\acadproc.dll.000
+ 2004-08-10 15:00:00 183,808 -c----w c:\windows\$NtServicePackUninstall$\accwiz.exe
+ 2004-08-10 15:00:00 1,852,416 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll
+ 2004-08-10 15:00:00 1,852,416 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll.000
+ 2004-08-10 15:00:00 450,048 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll
+ 2004-08-10 15:00:00 450,048 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll.000
+ 2004-08-10 15:00:00 137,728 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll
+ 2004-08-10 15:00:00 137,728 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll.000
+ 2004-08-10 15:00:00 114,688 -c----w c:\windows\$NtServicePackUninstall$\aclui.dll
+ 2004-08-10 15:00:00 187,776 -c----w c:\windows\$NtServicePackUninstall$\acpi.sys
+ 2004-08-10 15:00:00 244,736 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll
+ 2004-08-10 15:00:00 244,736 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll.000
+ 2004-08-10 15:00:00 194,048 -c----w c:\windows\$NtServicePackUninstall$\activeds.dll
+ 2004-08-10 15:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\actmovie.exe
+ 2004-08-10 15:00:00 101,888 -c----w c:\windows\$NtServicePackUninstall$\actxprxy.dll
+ 2004-08-10 15:00:00 116,224 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll
+ 2004-08-10 15:00:00 116,224 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll.000
+ 2004-08-10 15:00:00 175,616 -c----w c:\windows\$NtServicePackUninstall$\adsldp.dll
+ 2004-08-10 15:00:00 143,360 -c----w c:\windows\$NtServicePackUninstall$\adsldpc.dll
+ 2004-08-10 15:00:00 68,096 -c----w c:\windows\$NtServicePackUninstall$\adsmsext.dll
+ 2004-08-10 15:00:00 263,680 -c----w c:\windows\$NtServicePackUninstall$\adsnt.dll
+ 2004-08-10 15:00:00 109,568 -c----w c:\windows\$NtServicePackUninstall$\adsnw.dll
+ 2004-08-10 15:00:00 616,960 -c----w c:\windows\$NtServicePackUninstall$\advapi32.dll
+ 2006-02-15 00:22:26 142,464 -c----w c:\windows\$NtServicePackUninstall$\aec.sys
+ 2006-02-15 00:22:26 142,464 -c----w c:\windows\$NtServicePackUninstall$\aec.sys.000
+ 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtServicePackUninstall$\afd.sys
+ 2004-08-10 15:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\agentanm.dll
+ 2004-08-10 15:00:00 214,016 -c----w c:\windows\$NtServicePackUninstall$\agentctl.dll
+ 2006-10-12 13:54:18 42,496 -c----w c:\windows\$NtServicePackUninstall$\agentdp2.dll
+ 2007-03-09 13:58:57 57,344 -c----w c:\windows\$NtServicePackUninstall$\agentdpv.dll
+ 2004-08-10 15:00:00 49,152 -c----w c:\windows\$NtServicePackUninstall$\agentmpx.dll
+ 2004-08-10 15:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\agentpsh.dll
+ 2004-08-10 15:00:00 44,032 -c----w c:\windows\$NtServicePackUninstall$\agentsr.dll
+ 2006-10-12 11:54:07 256,512 -c----w c:\windows\$NtServicePackUninstall$\agentsvr.exe
+ 2004-08-10 07:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0401.dll
+ 2004-08-10 15:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0405.dll
+ 2004-08-10 15:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0406.dll
+ 2004-08-10 15:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt0407.dll
+ 2004-08-10 15:00:00 22,016 -c----w c:\windows\$NtServicePackUninstall$\agt0408.dll
+ 2004-08-10 15:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0409.dll
+ 2004-08-10 15:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt040b.dll
+ 2004-08-10 15:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt040c.dll
+ 2004-08-10 07:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt040d.dll
+ 2004-08-10 15:00:00 19,968 -c----w c:\windows\$NtServicePackUninstall$\agt040e.dll
+ 2004-08-10 15:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0410.dll
+ 2004-08-10 15:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0413.dll
+ 2004-08-10 15:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0414.dll
+ 2004-08-10 15:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0415.dll
+ 2004-08-10 15:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0416.dll
+ 2004-08-10 15:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0419.dll
+ 2004-08-10 15:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041d.dll
+ 2004-08-10 15:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041f.dll
+ 2004-08-10 15:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0816.dll
+ 2004-08-10 15:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0c0a.dll
+ 2004-08-10 15:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\agtintl.dll
+ 2004-08-10 15:00:00 98,304 -c----w c:\windows\$NtServicePackUninstall$\ahui.exe
+ 2004-08-10 15:00:00 44,544 -c----w c:\windows\$NtServicePackUninstall$\alg.exe
+ 2004-08-10 15:00:00 17,408 -c----w c:\windows\$NtServicePackUninstall$\alrsvc.dll
+ 2004-08-10 15:00:00 36,992 -c----w c:\windows\$NtServicePackUninstall$\amdk6.sys
+ 2004-08-10 15:00:00 37,376 -c----w c:\windows\$NtServicePackUninstall$\amdk7.sys
+ 2004-08-10 15:00:00 70,656 -c----w c:\windows\$NtServicePackUninstall$\amstream.dll
+ 2004-08-10 15:00:00 126,976 -c----w c:\windows\$NtServicePackUninstall$\apphelp.dll
+ 2004-08-10 15:00:00 167,936 -c----w c:\windows\$NtServicePackUninstall$\appmgmts.dll
+ 2004-08-10 15:00:00 295,936 -c----w c:\windows\$NtServicePackUninstall$\appmgr.dll
+ 2004-08-10 15:00:00 60,800 -c----w c:\windows\$NtServicePackUninstall$\arp1394.sys
+ 2002-06-22 08:31:20 20,480 -c----w c:\windows\$NtServicePackUninstall$\aspnet_filter.dll
+ 2007-01-02 20:34:04 200,704 -c----w c:\windows\$NtServicePackUninstall$\aspnet_isapi.dll
+ 2004-08-04 13:11:06 24,576 -c----w c:\windows\$NtServicePackUninstall$\aspnet_regiis.exe
+ 2002-06-22 08:31:22 32,768 -c----w c:\windows\$NtServicePackUninstall$\aspnet_state.exe
+ 2007-01-02 20:34:04 32,768 -c----w c:\windows\$NtServicePackUninstall$\aspnet_wp.exe
+ 2004-08-10 15:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\asr_fmt.exe
+ 2004-08-10 15:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\asr_pfu.exe
+ 2004-08-10 15:00:00 65,024 -c----w c:\windows\$NtServicePackUninstall$\asycfilt.dll
+ 2004-08-10 15:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\asyncmac.sys
+ 2004-08-10 15:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\at.exe
+ 2004-08-04 13:59:44 95,360 -c----w c:\windows\$NtServicePackUninstall$\atapi.sys
+ 2004-08-10 15:00:00 58,880 -c----w c:\windows\$NtServicePackUninstall$\atl.dll
+ 2004-08-10 15:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\atmadm.exe
+ 2004-08-10 15:00:00 59,904 -c----w c:\windows\$NtServicePackUninstall$\atmarpc.sys
+ 2004-08-10 15:00:00 285,696 -c----w c:\windows\$NtServicePackUninstall$\atmfd.dll
+ 2004-08-10 15:00:00 55,936 -c----w c:\windows\$NtServicePackUninstall$\atmlane.sys
+ 2004-08-10 15:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\atmlib.dll
+ 2004-08-10 15:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\attrib.exe
+ 2004-08-10 15:00:00 42,496 -c----w c:\windows\$NtServicePackUninstall$\audiosrv.dll
+ 2004-08-10 15:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\auditusr.exe
+ 2005-03-02 18:09:29 56,832 -c----w c:\windows\$NtServicePackUninstall$\authz.dll
+ 2004-08-10 15:00:00 588,800 -c----w c:\windows\$NtServicePackUninstall$\autochk.exe
+ 2004-08-10 15:00:00 602,624 -c----w c:\windows\$NtServicePackUninstall$\autoconv.exe
+ 2004-08-10 15:00:00 580,608 -c----w c:\windows\$NtServicePackUninstall$\autofmt.exe
+ 2004-08-10 15:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\autolfn.exe
+ 2004-08-10 15:00:00 84,992 -c----w c:\windows\$NtServicePackUninstall$\avifil32.dll
+ 2004-08-10 15:00:00 52,736 -c----w c:\windows\$NtServicePackUninstall$\basesrv.dll
+ 2004-08-10 15:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\batmeter.dll
+ 2004-08-10 15:00:00 8,704 -c----w c:\windows\$NtServicePackUninstall$\batt.dll
+ 2001-08-17 21:57:54 14,080 -c----w c:\windows\$NtServicePackUninstall$\battc.sys
+ 2004-08-10 15:00:00 17,408 -c----w c:\windows\$NtServicePackUninstall$\bidispl.dll
+ 2004-08-10 15:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\bitsprx2.dll
+ 2004-08-10 15:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\bitsprx3.dll
+ 2004-08-10 15:00:00 71,680 -c----w c:\windows\$NtServicePackUninstall$\blastcln.exe
+ 2004-08-10 15:00:00 136,704 -c----w c:\windows\$NtServicePackUninstall$\bootcfg.exe
+ 2004-08-10 15:00:00 71,552 -c----w c:\windows\$NtServicePackUninstall$\bridge.sys
+ 2004-08-10 15:00:00 63,488 -c----w c:\windows\$NtServicePackUninstall$\browselc.dll
+ 2004-08-10 15:00:00 77,312 -c----w c:\windows\$NtServicePackUninstall$\browser.dll
+ 2006-06-19 19:18:28 1,022,976 -c----w c:\windows\$NtServicePackUninstall$\browseui.dll
+ 2004-08-10 15:00:00 78,336 -c----w c:\windows\$NtServicePackUninstall$\browsewm.dll
+ 2004-08-10 15:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\bthci.dll
+ 2008-06-13 13:10:50 272,128 -c----w c:\windows\$NtServicePackUninstall$\bthport.sys
+ 2008-06-13 13:10:50 272,128 -c----w c:\windows\$NtServicePackUninstall$\bthport.sys.000
+ 2004-08-10 15:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\bthserv.dll
+ 2004-08-10 15:00:00 50,688 -c----w c:\windows\$NtServicePackUninstall$\btpanui.dll
+ 2004-08-10 15:00:00 59,904 -c----w c:\windows\$NtServicePackUninstall$\cabinet.dll
+ 2004-08-10 15:00:00 84,480 -c----w c:\windows\$NtServicePackUninstall$\cabview.dll
+ 2004-08-10 15:00:00 18,432 -c----w c:\windows\$NtServicePackUninstall$\cacls.exe
+ 2004-08-10 15:00:00 385,024 -c----w c:\windows\$NtServicePackUninstall$\callcont.dll
+ 2004-08-10 15:00:00 50,688 -c----w c:\windows\$NtServicePackUninstall$\camocx.dll
+ 2004-08-10 15:00:00 142,848 -c----w c:\windows\$NtServicePackUninstall$\capesnpn.dll
+ 2005-07-26 04:39:42 225,792 -c----w c:\windows\$NtServicePackUninstall$\catsrv.dll
+ 2004-08-10 15:00:00 85,504 -c----w c:\windows\$NtServicePackUninstall$\catsrvps.dll
+ 2005-07-26 04:39:43 625,152 -c----w c:\windows\$NtServicePackUninstall$\catsrvut.dll
+ 2004-08-10 15:00:00 63,744 -c----w c:\windows\$NtServicePackUninstall$\cdfs.sys
+ 2006-01-09 18:01:58 151,040 -c----w c:\windows\$NtServicePackUninstall$\cdfview.dll
+ 2005-09-10 01:53:41 2,067,968 -c----w c:\windows\$NtServicePackUninstall$\cdosys.dll
+ 2004-08-10 15:00:00 49,536 -c----w c:\windows\$NtServicePackUninstall$\cdrom.sys
+ 2004-08-10 15:00:00 194,560 -c----w c:\windows\$NtServicePackUninstall$\certcli.dll
+ 2004-08-10 15:00:00 457,728 -c----w c:\windows\$NtServicePackUninstall$\certmgr.dll
+ 2004-08-10 15:00:00 38,912 -c----w c:\windows\$NtServicePackUninstall$\cfgbkend.dll
+ 2004-08-10 15:00:00 16,896 -c----w c:\windows\$NtServicePackUninstall$\cfgmgr32.dll
+ 2004-08-10 15:00:00 109,568 -c----w c:\windows\$NtServicePackUninstall$\cic.dll
+ 2004-08-10 15:00:00 1,352,192 -c----w c:\windows\$NtServicePackUninstall$\cimwin32.dll
+ 2006-06-22 05:06:29 69,120 -c----w c:\windows\$NtServicePackUninstall$\ciodm.dll
+ 2004-08-10 15:00:00 56,320 -c----w c:\windows\$NtServicePackUninstall$\cipher.exe
+ 2004-08-10 15:00:00 5,632 -c----w c:\windows\$NtServicePackUninstall$\cisvc.exe
+ 2004-08-10 15:00:00 49,664 -c----w c:\windows\$NtServicePackUninstall$\classpnp.sys
+ 2005-07-26 04:39:43 110,080 -c----w c:\windows\$NtServicePackUninstall$\clbcatex.dll
+ 2005-07-26 04:39:43 498,688 -c----w c:\windows\$NtServicePackUninstall$\clbcatq.dll
+ 2004-08-10 15:00:00 64,000 -c----w c:\windows\$NtServicePackUninstall$\cleanmgr.exe
+ 2004-08-10 15:00:00 77,824 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.dll
+ 2004-08-10 15:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.exe
+ 2004-08-10 15:00:00 102,912 -c----w c:\windows\$NtServicePackUninstall$\clipbrd.exe
+ 2004-08-10 15:00:00 33,280 -c----w c:\windows\$NtServicePackUninstall$\clipsrv.exe
+ 2004-08-10 15:00:00 57,856 -c----w c:\windows\$NtServicePackUninstall$\clusapi.dll
+ 2004-08-04 07:07:40 14,080 -c----w c:\windows\$NtServicePackUninstall$\cmbatt.sys
+ 2004-08-10 15:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\cmcfg32.dll
+ 2004-08-10 15:00:00 388,608 -c----w c:\windows\$NtServicePackUninstall$\cmd.exe
+ 2004-08-10 15:00:00 45,568 -c----w c:\windows\$NtServicePackUninstall$\cmdevtgprov.dll
+ 2004-08-10 15:00:00 343,040 -c----w c:\windows\$NtServicePackUninstall$\cmdial32.dll
+ 2004-08-10 15:00:00 47,104 -c----w c:\windows\$NtServicePackUninstall$\cmdl32.exe
+ 2004-08-10 15:00:00 39,936 -c----w c:\windows\$NtServicePackUninstall$\cmmon32.exe
+ 2004-08-10 15:00:00 185,344 -c----w c:\windows\$NtServicePackUninstall$\cmprops.dll
+ 2004-08-10 15:00:00 13,824 -c----w c:\windows\$NtServicePackUninstall$\cmsetacl.dll
+ 2004-08-10 15:00:00 63,488 -c----w c:\windows\$NtServicePackUninstall$\cmstp.exe
+ 2004-08-10 15:00:00 39,936 -c----w c:\windows\$NtServicePackUninstall$\cmutil.dll
+ 2004-08-10 15:00:00 47,104 -c----w c:\windows\$NtServicePackUninstall$\cnbjmon.dll
+ 2005-07-26 04:39:43 60,416 -c----w c:\windows\$NtServicePackUninstall$\colbact.dll
+ 2004-08-10 15:00:00 25,600 -c----w c:\windows\$NtServicePackUninstall$\comaddin.dll
+ 2005-07-26 04:39:44 195,072 -c----w c:\windows\$NtServicePackUninstall$\comadmin.dll
+ 2006-08-25 15:45:58 617,472 -c----w c:\windows\$NtServicePackUninstall$\comctl32.dll
+ 2004-08-10 15:00:00 276,992 -c----w c:\windows\$NtServicePackUninstall$\comdlg32.dll
+ 2004-08-10 15:00:00 252,928 -c----w c:\windows\$NtServicePackUninstall$\compatui.dll
+ 2001-08-17 21:58:00 9,344 -c----w c:\windows\$NtServicePackUninstall$\compbatt.sys
+ 2004-08-10 15:00:00 229,376 -c----w c:\windows\$NtServicePackUninstall$\compstui.dll
+ 2005-07-26 04:39:44 97,792 -c----w c:\windows\$NtServicePackUninstall$\comrepl.dll
+ 2004-08-10 15:00:00 9,728 -c----w c:\windows\$NtServicePackUninstall$\comrepl.exe
+ 2004-08-10 15:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\comrereg.exe
+ 2004-08-10 15:00:00 792,064 -c----w c:\windows\$NtServicePackUninstall$\comres.dll
+ 2004-08-10 15:00:00 259,584 -c----w c:\windows\$NtServicePackUninstall$\comsetup.dll
+ 2004-08-10 15:00:00 147,456 -c----w c:\windows\$NtServicePackUninstall$\comsnap.dll
+ 2005-07-26 04:39:44 1,267,200 -c----w c:\windows\$NtServicePackUninstall$\comsvcs.dll
+ 2005-07-26 04:39:45 540,160 -c----w c:\windows\$NtServicePackUninstall$\comuid.dll
+ 2004-08-10 15:00:00 1,032,192 -c----w c:\windows\$NtServicePackUninstall$\conf.exe
+ 2004-08-10 15:00:00 45,056 -c----w c:\windows\$NtServicePackUninstall$\confmrsl.dll
+ 2004-08-10 15:00:00 345,600 -c----w c:\windows\$NtServicePackUninstall$\confmsp.dll
+ 2004-08-10 15:00:00 27,648 -c----w c:\windows\$NtServicePackUninstall$\conime.exe
+ 2004-08-10 15:00:00 35,328 -c----w c:\windows\$NtServicePackUninstall$\corpol.dll
+ 2004-08-10 15:00:00 163,840 -c----w c:\windows\$NtServicePackUninstall$\credui.dll
+ 2004-08-10 15:00:00 36,480 -c----w c:\windows\$NtServicePackUninstall$\crusoe.sys
+ 2004-08-10 15:00:00 597,504 -c----w c:\windows\$NtServicePackUninstall$\crypt32.dll
+ 2004-08-10 15:00:00 74,752 -c----w c:\windows\$NtServicePackUninstall$\cryptdlg.dll
+ 2004-08-10 15:00:00 33,280 -c----w c:\windows\$NtServicePackUninstall$\cryptdll.dll
+ 2004-08-10 15:00:00 53,760 -c----w c:\windows\$NtServicePackUninstall$\cryptext.dll
+ 2004-08-10 15:00:00 63,488 -c----w c:\windows\$NtServicePackUninstall$\cryptnet.dll
+ 2004-08-10 15:00:00 60,416 -c----w c:\windows\$NtServicePackUninstall$\cryptsvc.dll
+ 2004-08-10 15:00:00 512,512 -c----w c:\windows\$NtServicePackUninstall$\cryptui.dll
+ 2004-08-10 15:00:00 101,888 -c----w c:\windows\$NtServicePackUninstall$\cscdll.dll
+ 2004-08-10 15:00:00 98,304 -c----w c:\windows\$NtServicePackUninstall$\cscript.exe
+ 2004-08-10 15:00:00 326,656 -c----w c:\windows\$NtServicePackUninstall$\cscui.dll
+ 2004-08-10 15:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\csrsrv.dll
+ 2004-08-10 15:00:00 6,144 -c----w c:\windows\$NtServicePackUninstall$\csrss.exe
+ 2006-06-03 11:40:49 33,792 -c----w c:\windows\$NtServicePackUninstall$\custsat.dll
+ 2004-08-10 15:00:00 1,179,648 -c----w c:\windows\$NtServicePackUninstall$\d3d8.dll
+ 2004-08-10 15:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\d3d8thk.dll
+ 2004-08-10 15:00:00 1,689,088 -c----w c:\windows\$NtServicePackUninstall$\d3d9.dll
+ 2004-08-10 15:00:00 825,344 -c----w c:\windows\$NtServicePackUninstall$\d3dim700.dll
+ 2006-01-09 18:01:58 1,054,208 -c----w c:\windows\$NtServicePackUninstall$\danim.dll
+ 2004-08-10 15:00:00 54,272 -c----w c:\windows\$NtServicePackUninstall$\dataclen.dll
+ 2004-08-10 15:00:00 152,064 -c----w c:\windows\$NtServicePackUninstall$\datime.dll
+ 2004-08-10 15:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\davclnt.dll
+ 2004-08-10 15:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\dbmsrpcn.dll
+ 2004-08-10 15:00:00 110,592 -c----w c:\windows\$NtServicePackUninstall$\dbnetlib.dll
+ 2004-08-10 15:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\dbnmpntw.dll
+ 2004-08-10 15:00:00 1,788 -c----w c:\windows\$NtServicePackUninstall$\dcache.bin
+ 2004-08-10 15:00:00 40,960 -c----w c:\windows\$NtServicePackUninstall$\dcap32.dll
+ 2004-08-10 15:00:00 8,704 -c----w c:\windows\$NtServicePackUninstall$\dciman32.dll
+ 2004-08-10 15:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\dcomcnfg.exe
+ 2004-08-10 15:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\ddeshare.exe
+ 2004-08-10 15:00:00 266,240 -c----w c:\windows\$NtServicePackUninstall$\ddraw.dll
+ 2004-08-10 15:00:00 27,136 -c----w c:\windows\$NtServicePackUninstall$\ddrawex.dll
+ 2004-08-10 15:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\defrag.exe
+ 2004-08-10 15:00:00 59,904 -c----w c:\windows\$NtServicePackUninstall$\devenum.dll
+ 2004-08-10 15:00:00 282,624 -c----w c:\windows\$NtServicePackUninstall$\devmgr.dll
+ 2004-08-10 15:00:00 82,432 -c----w c:\windows\$NtServicePackUninstall$\dfrgfat.exe
+ 2004-08-10 15:00:00 104,960 -c----w c:\windows\$NtServicePackUninstall$\dfrgntfs.exe
+ 2004-08-10 15:00:00 38,912 -c----w c:\windows\$NtServicePackUninstall$\dfrgsnap.dll
+ 2004-08-10 15:00:00 123,904 -c----w c:\windows\$NtServicePackUninstall$\dfrgui.dll
+ 2004-08-10 15:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\dfsshlex.dll
+ 2004-08-10 15:00:00 111,104 -c----w c:\windows\$NtServicePackUninstall$\dgnet.dll
+ 2006-05-19 12:59:41 111,616 -c----w c:\windows\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2004-08-10 15:00:00 370,176 -c----w c:\windows\$NtServicePackUninstall$\dhcpmon.dll
+ 2004-08-10 15:00:00 539,136 -c----w c:\windows\$NtServicePackUninstall$\dialer.exe
+ 2004-08-10 15:00:00 85,504 -c----w c:\windows\$NtServicePackUninstall$\diantz.exe
+ 2004-08-10 15:00:00 68,608 -c----w c:\windows\$NtServicePackUninstall$\digest.dll
+ 2004-08-10 15:00:00 159,232 -c----w c:\windows\$NtServicePackUninstall$\dinput.dll
+ 2004-08-10 15:00:00 181,760 -c----w c:\windows\$NtServicePackUninstall$\dinput8.dll
+ 2007-05-16 15:12:00 86,528 -c----w c:\windows\$NtServicePackUninstall$\directdb.dll
+ 2004-08-10 15:00:00 36,352 -c----w c:\windows\$NtServicePackUninstall$\disk.sys
+ 2004-08-10 15:00:00 1,501,696 -c----w c:\windows\$NtServicePackUninstall$\diskcopy.dll
+ 2004-08-10 15:00:00 14,208 -c----w c:\windows\$NtServicePackUninstall$\diskdump.sys
+ 2004-08-10 15:00:00 163,840 -c----w c:\windows\$NtServicePackUninstall$\diskpart.exe
+ 2004-08-10 15:00:00 45,083 -c----w c:\windows\$NtServicePackUninstall$\dispex.dll
+ 2004-08-10 15:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\dllhost.exe
+ 2004-08-10 15:00:00 224,768 -c----w c:\windows\$NtServicePackUninstall$\dmadmin.exe
+ 2004-08-10 15:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\dmband.dll
+ 2004-08-10 15:00:00 799,744 -c----w c:\windows\$NtServicePackUninstall$\dmboot.sys
+ 2004-08-10 15:00:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\dmcompos.dll
+ 2004-08-10 15:00:00 273,920 -c----w c:\windows\$NtServicePackUninstall$\dmdlgs.dll
+ 2004-08-10 15:00:00 200,704 -c----w c:&
-
Bump.
Ahh, guestolo, did you forget about me? =(
-
No, I didn't forget about you
I'll check your log over as soon as I can
I'm outta town right now on a family emergency
I'll be back at home by Friday, it may take me till then to look it over, is that okay with you?
How is everything running, we only have some minor cleanup to do
-
Yes, it's fine. My Firefox keeps occasionally crashing. I don't know the exact error message but I believe it said something about 'C:/ Runtime Error' or something like that. Next time it happens, I'll copy down the message.
Everything is running great other than that. Thanks for your help so far!
And yes, of course that's fine.
-
Sorry for the delay
Can you do the following
Go to START>>RUN>>copy and paste the following then click OK
ComboFix /u
This will uninstall ComboFix and it's components
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
Double click on fix.reg and allow to add/merge to the registry at the prompt
You can delete fix.reg afterwards
Do a "System scan only" with Hijackthis and put a check next to these entries:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
[color=\"blue\"]Updating Java:[/color]- Download the latest version of Java Runtime Environment (JRE) 6 (http://\"http://java.sun.com/javase/downloads/index.jsp\").
- Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11".
- Click the "Download" button to the right.
- In the new Window that opens, in the dropdown box next to Platform: select Windows,>>Check the "agree" box and click Continue.
- Click on the link to download Windows Offline Installation and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Examples of older versions in Add or Remove Programs:- Java 2 Runtime Environment, SE v1.4.2
- J2SE Runtime Environment 5.0
- J2SE Runtime Environment 5.0 Update 2
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Post back a fresh hijackthis log afterwards
Keep me informed how things are running please
-
Everything seems to be running fine. Firefox as crashed several times since, and I keep forgetting to copy down the error message, or save a screenshot. Did it have something to do with the outdated JRE?
Here's the HJ log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:41 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop (http://\"http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB (http://\"http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB\")
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/install/US/altpmtscab.cab (http://\"http://download.movienetworks.com/install/US/altpmtscab.cab\")
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab (http://\"http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab\")
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab (http://\"http://upload.facebook.com/controls/FacebookPhotoUploader.cab\")
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab (http://\"http://www.acclaim.com/cabs/acclaim_v4.cab\")
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/53/install/gtdownls.cab (http://\"http://www.linksysfix.com/netcheck/53/install/gtdownls.cab\")
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab (http://\"http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab\")
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.shockwave.com/content/cinematyc...inematycoon.cab (http://\"http://www.shockwave.com/content/cinematycoon/sis/cinematycoon.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...100/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5100/mcfscan.cab\")
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c954f5304c0e42) (gupdate1c954f5304c0e42) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
--
End of file - 8647 bytes
-
and I keep forgetting to copy down the error message, or save a screenshot.
That may help alot
If you do get another error message, post it back, Exactly as you see it
In addition
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
-
(http://i37.tinypic.com/15ewas0.jpg) This is the error message I was getting. I haven't gotten one since you had me install the new version of Java.
here's the list:
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat and Reader 6.0.3 Update
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Fireworks CS3
Adobe Flash Player ActiveX
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Reader 6.0.1
Adobe Setup
Adobe Shockwave Player
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP Panels CS3
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Instant Messenger
ArtMoney SE v7.22
Athlon 64 Processor Driver
ATI Control Panel
ATI Display Driver
AVG Free 8.0
Before You Know It
Bots
Broadcom 802.11 Wireless LAN Adapter
Conexant AC-Link Audio
Customer Experience Enhancement
Direct Show Ogg Vorbis Filter (remove only)
Easy Internet Sign-up
GIMP 2.6.3
Google Toolbar for Internet Explorer
Google Update
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP BatteryCheck 1.00 A7
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP PSC & OfficeJet 5.3.A
HP QuickPlay 2.0
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HP User Guides 0025
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
HyperCam 2
IconArt
iWin Games (remove only)
Java(tm) 6 Update 11
KalOnlineEng
LimeWire 4.18.6
Lively by Google
Malwarebytes' Anti-Malware
Math Trek - Algebra 1
McAfee SiteAdvisor
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Middle School Vocabulary
Mozilla Firefox (3.0.4)
MPlugin
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
muvee autoProducer 4.5
Office 2003 Trial Assistant
Pack Vista Inspirat 2 1.0
Quick Launch Buttons 5.20 G1
Quicken 2006
QuickTime
RealPlayer Basic
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Stronghold 2
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TourSetup
Update for Windows Internet Explorer 7 Beta 3 (KB922880)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Ventrilo Client
Virtools 3D Life Player
VSToolbar for Internet Explorer
WC3Banlist
Windows Imaging Component
Windows Installer Clean Up
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinPcap 3.1
Wireless Home Network Setup
World of Warcraft
-
If it's only happening with Firefox
Try the following
Download the latest version from here
http://www.mozilla.com/en-US/firefox/ (http://\"http://www.mozilla.com/en-US/firefox/\")
Save to desktop
Close down all browser windows, especially any Firefox windows
Access your Add and Remove Programs and remove Firefox
Reboot the computer afterwards
Reinstall Firefox, do you still get the same problem?
EDIT:
I haven't gotten one since you had me install the new version of Java.
Sorry, I missed that part, no need to reinstall if the error message is gone
-
So am I clean, or is there more to do?
-
All clear it appears
I suggest that you add SpywareBlaster to your protection software
SpywareBlaster by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\") *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
Select Manual updating when installing
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection
Take a look at miekiemoes site with other ideas on How to prevent Malware: (http://\"http://users.telenet.be/bluepatchy/miekiemoes/prevention.html\")
-
Ok, thanks a lot.
-
I'll lock this topic as your problems are resolved
Take care Mr K