Author Topic: HJT Log - I Have an Infection That Reappears After I Delete It (Read 722 times)

beroho2 · « **on:** September 11, 2007, 11:20:36 PM »

Hello. This is my first time posting on this site. I realize my description is a bit longer than normal, but I didn't want to leave anything out. Earlier this week I noticed that when my computer starts up a window labeled "mIRC" briefly appears. I found this odd, since years ago I had had mIRC installed on my computer, but didn't have the time to learn it, and had removed it from my computer. So I went into my Add/Remove Programs List and clicked to remove mIRC, and all that popped up was a box with no text and the options "Retry" and "Cancel". Figuring it was something that should not be on my computer, I ran Norton, and saw that while it was scanning my files, a bunch of strangely named files were being scanned in the folder c:\documents and settings\owner\complete. I found a post on these forums detailing how to get rid of that problem, and followed all of the instructions. After completing that I was also able to finally delete mIRC from my Add/Remove Programs List and thought that everything was fixed. Then today I noticed that the mIRC window was back at Start Up, and that the program was back in my list. I did some research, and found these things were related to some files stored in c:\windows\system32\drivers\etc. I have repeatedly deleted these files both with Killbox and GiPo@MoveOnBoot, and both in and out of Safe Mode. When I restart my computer the \etc folder has 9 items in it, and then right before my eyes it jumps back up to 18 as the infections files are recreated. I was hoping someone here could help me to get rid of whatever is recreating this files.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:58 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\7cii9c02.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\SysMngrPro.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\ScrollWall\ScrollWall.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.Email Removed/_ads/adsPopup2.htm?0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {78C50B23-CFEB-933B-9693-C549676DC5EA} - C:\WINDOWS\system32\vsdp.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [7cii9c02] C:\WINDOWS\system32\7cii9c02.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sys Mangr Pro] SysMngrPro.exe
O4 - HKLM\..\Run: [WinReg] c:\windows\system32\drivers\etc\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Sys Mangr Pro] SysMngrPro.exe
O4 - Startup: ScrollWall.lnk = C:\Program Files\ScrollWall\ScrollWall.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9196 bytes

guestolo · « **Reply #1 on:** September 11, 2007, 11:49:24 PM »

Hi beroho2, let's do the following
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back the log from combofix please along with a fresh hijackthis log

beroho2 · « **Reply #2 on:** September 12, 2007, 02:20:59 PM »

ComboFix

ComboFix 07-09-13.1 - "Owner" 2007-09-12 13:52:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.435 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\Owner\APPLIC~1\macromedia\Flash Player\#SharedObjects\Y45L6LZF\www.broadcaster.com
C:\DOCUME~1\Owner\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\Owner\APPLIC~1\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\winupdates
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\wr.txt
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-08-13 to 2007-09-13 )))))))))))))))))))))))))))))))
.

2007-09-12 13:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 21:16 659,420 --a------ C:\WINDOWS\winfix32os.exe
2007-09-11 20:00 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-09-10 14:04 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-09-10 13:46 <DIR> d-------- C:\WINDOWS\pss
2007-09-09 12:21 <DIR> d-------- C:\!KillBox
2007-09-09 12:17 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-09 12:16 <DIR> d-------- C:\Program Files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-10 14:02 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-07 01:15 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\U3
2007-08-05 19:37 --------- d-------- C:\Program Files\Last.fm
2007-07-30 11:41 --------- d-------- C:\Program Files\BitComet
2007-07-26 12:53 --------- d-------- C:\Program Files\Picasa2
2005-04-04 05:00:44 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2004-08-04 19:00:00 1,441,887 --sh--r C:\WINDOWS\system32\idet.exe
2004-08-04 19:00:00 3,273,674 --sh--r C:\WINDOWS\system32\scrub.exe
2004-08-04 19:00:00 1,422,431 --sh--r C:\WINDOWS\system32\sylss.exe
2004-08-04 19:00:00 1,402,975 --sh--r C:\WINDOWS\system32\sys23.exe
2004-08-04 19:00:00 1,396,224 --sh--r C:\WINDOWS\system32\SysMngrPro.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78C50B23-CFEB-933B-9693-C549676DC5EA}]
C:\WINDOWS\system32\vsdp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sys Mangr Pro"="SysMngrPro.exe" [2004-08-04 14:00 C:\WINDOWS\system32\SysMngrPro.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-01-29 21:13]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-01-29 21:13]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 15:42]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-23 15:34]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-08-18 11:47]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 16:45]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 15:02]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-07 09:37]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52]
"7cii9c02"="C:\WINDOWS\system32\7cii9c02.exe" [2007-04-23 08:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]
"WinReg"="c:\windows\system32\drivers\etc\svchost.exe" [2007-01-25 16:39]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Sys Mangr Pro"=SysMngrPro.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9647068a-42e0-11db-b2b2-00038a000015}]
AutoRun\command- F:\PCConnect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C97751B1-BF63-4867-87FB-49B72502DBCD}]
C:\Program Files\Microsoft Office\Office10\OfficeXPFirstRun.vbs
.
Contents of the 'Scheduled Tasks' folder
"2007-09-01 14:42:33 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Owner.job"
"2007-09-13 18:56:02 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-13 13:58:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\wuapi.dll.mui
C:\WINDOWS\system32\wuauclt.exe.wusetup.257171.bak
C:\WINDOWS\system32\wuaucpl.cpl.mui
C:\WINDOWS\system32\wuaucpl.cpl.wusetup.258421.bak
C:\WINDOWS\system32\wuaueng.dll.mui
C:\WINDOWS\system32\wuaueng.dll.wusetup.259859.bak
C:\WINDOWS\system32\wucltui.dll.mui

scan completed successfully
hidden files: 7

**************************************************************************
.
Completion time: 2007-09-13 14:16:16 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-13 14:16
.
--- E O F ---

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:04 PM, on 9/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SysMngrPro.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\7cii9c02.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system32\drivers\etc\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\ScrollWall\ScrollWall.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.Email Removed/_ads/adsPopup2.htm?0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {78C50B23-CFEB-933B-9693-C549676DC5EA} - C:\WINDOWS\system32\vsdp.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Sys Mangr Pro] SysMngrPro.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [7cii9c02] C:\WINDOWS\system32\7cii9c02.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinReg] c:\windows\system32\drivers\etc\svchost.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Sys Mangr Pro] SysMngrPro.exe
O4 - Startup: ScrollWall.lnk = C:\Program Files\ScrollWall\ScrollWall.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 9334 bytes

guestolo · « **Reply #3 on:** September 13, 2007, 12:03:14 AM »

Can you do the following

Download [color=\"red\"]SDFix[/color] and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Don't do nothing with it yet,
We'll need this later

Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

Quote

File::
C:\WINDOWS\system32\idet.exe
C:\WINDOWS\system32\scrub.exe
C:\WINDOWS\system32\sylss.exe
C:\WINDOWS\system32\sys23.exe
C:\WINDOWS\system32\SysMngrPro.exe
c:\windows\system32\drivers\etc\svchost.exe
C:\WINDOWS\system32\7cii9c02.exe
C:\WINDOWS\winfix32os.exe
C:\WINDOWS\system32\vsdp.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78C50B23-CFEB-933B-9693-C549676DC5EA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sys Mangr Pro"=-
"7cii9c02"=-
"WinReg"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Sys Mangr Pro"=-

Save this as txtfile
CFScript

Take note the pic above
Drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt..
I will need to see this log again later

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Once in safe mode, do the following
SDFix

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

Post back all the following

1. Post the report from SDFix
2. Post the new log from Combofix>>C:\combofix.txt
3, Post a fresh hijackthis log

Let me know how things are running after

beroho2 · « **Reply #4 on:** September 13, 2007, 12:49:50 AM »

SDFix: Version 1.104

Run by Owner on Fri 09/14/2007 at 12:27 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\drivers\etc\id.exe - Deleted
C:\WINDOWS\system32\drivers\etc\mirc.ini - Deleted
C:\WINDOWS\system32\drivers\etc\remote.ini - Deleted
C:\WINDOWS\system32\drivers\etc\rundll.exe - Deleted
C:\WINDOWS\system32\drivers\etc\vir.exe - Deleted
C:\WINDOWS\system32\drivers\etc\win.com - Deleted
C:\WINDOWS\system32\drivers\etc\win.exe - Deleted
C:\WINDOWS\system32\drivers\etc\x.exe - Deleted

Folder C:\WINDOWS\system32\drivers\etc\download - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Program Files\ConsoleClassix.com\Thumbs.db
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\SMINST\HPCD.sys

Finished!

ComboFix 07-09-13.1 - "Owner" 2007-09-14 0:13:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.450 [GMT -5:00]
* Created a new restore point

FILE::
C:\WINDOWS\system32\idet.exe
C:\WINDOWS\system32\scrub.exe
C:\WINDOWS\system32\sylss.exe
C:\WINDOWS\system32\sys23.exe
C:\WINDOWS\system32\SysMngrPro.exe
c:\windows\system32\drivers\etc\svchost.exe
C:\WINDOWS\system32\7cii9c02.exe
C:\WINDOWS\winfix32os.exe
C:\WINDOWS\system32\vsdp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\7cii9c02.exe
c:\windows\system32\drivers\etc\svchost.exe
C:\WINDOWS\system32\idet.exe
C:\WINDOWS\system32\scrub.exe
C:\WINDOWS\system32\sylss.exe
C:\WINDOWS\system32\sys23.exe
C:\WINDOWS\winfix32os.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.

2007-09-13 15:08 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-12 13:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-11 20:00 63 --a------ C:\WINDOWS\system\SysSD.dll
2007-09-10 14:04 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-09-10 13:46 <DIR> d-------- C:\WINDOWS\pss
2007-09-09 12:21 <DIR> d-------- C:\!KillBox
2007-09-09 12:17 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-09 12:16 <DIR> d-------- C:\Program Files\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-10 14:02 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-07 01:15 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\U3
2007-08-05 19:37 --------- d-------- C:\Program Files\Last.fm
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 11:41 --------- d-------- C:\Program Files\BitComet
2007-07-26 12:53 --------- d-------- C:\Program Files\Picasa2
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2005-04-04 05:00:44 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot_2007-09-13_140103.53 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\explorer.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
----a-w 549,888 2007-05-17 11:25:21 C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe
----a-w 282,112 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll
----a-w 40,960 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll
----a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
----a-w 1,843,968 2007-03-08 13:49:49 C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\spuninst.exe
----a-w 2,854,400 2007-04-18 16:14:43 C:\WINDOWS\$hf_mig$\KB927891\SP2QFE\msi31.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB927891\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe
----a-w 86,528 2007-05-16 15:32:55 C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll
----a-w 683,520 2007-05-16 15:32:55 C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
----a-w 1,314,816 2007-05-16 15:32:56 C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll
----a-w 510,976 2007-05-16 15:32:56 C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll
----a-w 85,504 2007-05-16 15:32:56 C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
----a-w 292,864 2007-03-17 13:45:03 C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe
----a-w 574,976 2007-02-09 11:23:36 C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
----a-w 185,344 2007-02-05 20:19:14 C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe
----a-w 2,137,600 2007-02-28 09:53:04 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
----a-w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
----a-w 2,017,280 2007-02-28 09:15:59 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB932168\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe
----a-w 57,344 2007-03-09 13:58:57 C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\agentdpv.dll
----a-w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\xpsp3res.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB932168\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB932168\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe
----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
----a-w 986,112 2007-04-16 16:07:27 C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
----a-w 144,896 2007-04-25 20:32:22 C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
----a-w 1,104,896 2007-06-26 06:06:12 C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
----a-w 364,160 2007-04-23 10:14:23 C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB937143\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB937143\spuninst.exe
----a-w 1,022,976 2007-06-15 08:12:28 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\browseui.dll
----a-w 151,040 2007-06-15 08:12:28 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\cdfview.dll
----a-w 1,054,208 2007-06-15 08:12:28 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\danim.dll
----a-w 357,888 2007-06-15 08:12:28 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\dxtmsft.dll
----a-w 205,824 2007-06-15 08:12:28 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\dxtrans.dll
----a-w 55,808 2007-06-15 08:12:28 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\extmgr.dll
----a-w 18,432 2007-06-14 10:32:36 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\iedw.exe
----a-w 251,904 2007-06-15 08:12:28 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\iepeers.dll
----a-w 96,256 2007-06-15 08:12:28 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\inseng.dll
----a-w 16,384 2007-06-15 08:12:28 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\jsproxy.dll
----a-w 3,064,320 2007-06-15 08:12:29 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\mshtml.dll
----a-w 449,024 2007-06-15 08:12:29 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\mshtmled.dll
----a-w 146,432 2007-06-15 08:12:29 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\msrating.dll
----a-w 532,480 2007-06-15 08:12:29 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\mstime.dll
----a-w 39,424 2007-06-15 08:12:29 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\pngfilt.dll
----a-w 1,498,112 2007-06-15 08:12:30 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\shdocvw.dll
----a-w 474,112 2007-06-15 08:12:30 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\shlwapi.dll
----a-w 616,960 2007-06-15 08:12:30 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\urlmon.dll
----a-w 665,600 2007-06-26 14:35:54 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
----a-w 350,720 2007-06-14 10:08:46 C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\xpsp3res.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB937143\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB937143\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB937143\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
----a-w 851,968 2007-06-26 15:16:01 C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB938829\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB938829\spuninst.exe
----a-w 282,112 2007-06-19 13:37:21 C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB938829\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$hf_mig$\KB938829\update\updspapi.dll
-c----w 169,984 2004-09-19 20:21:24 C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
-c----w 553,472 2004-08-04 19:00:00 C:\WINDOWS\$NtUninstallKB921503$\oleaut32.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$NtUninstallKB921503$\spuninst\updspapi.dll
-c----w 280,064 2005-12-29 02:54:35 C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll
-c----w 39,936 2004-08-04 19:00:00 C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll
-c----w 577,024 2005-03-02 18:09:30 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
-c----w 1,839,488 2005-10-06 00:05:59 C:\WINDOWS\$NtUninstallKB925902$\win32k.sys
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB925902$\spuninst\updspapi.dll
-c----w 2,890,240 2005-05-04 19:45:32 C:\WINDOWS\$NtUninstallKB927891$\msi.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB927891$\spuninst\updspapi.dll
-c----w 86,528 2006-11-08 05:06:13 C:\WINDOWS\$NtUninstallKB929123$\directdb.dll
-c----w 679,424 2006-11-08 05:06:13 C:\WINDOWS\$NtUninstallKB929123$\inetcomm.dll
-c----w 1,314,816 2006-11-08 05:06:13 C:\WINDOWS\$NtUninstallKB929123$\msoe.dll
-c----w 510,976 2006-11-08 05:06:13 C:\WINDOWS\$NtUninstallKB929123$\wab32.dll
-c----w 85,504 2006-11-08 05:06:13 C:\WINDOWS\$NtUninstallKB929123$\wabimp.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB929123$\spuninst\updspapi.dll
-c----w 291,840 2005-09-01 01:41:54 C:\WINDOWS\$NtUninstallKB930178$\winsrv.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$NtUninstallKB930178$\spuninst\updspapi.dll
-c----w 574,592 2004-08-04 19:00:00 C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$NtUninstallKB930916$\spuninst\updspapi.dll
-c----w 185,344 2004-08-04 19:00:00 C:\WINDOWS\$NtUninstallKB931261$\upnphost.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB931261$\spuninst\updspapi.dll
-c----w 2,135,552 2005-03-02 00:57:44 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlmp.exe
-c----w 2,056,832 2005-03-02 00:34:40 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
-c----w 2,015,232 2005-03-02 00:34:42 C:\WINDOWS\$NtUninstallKB931784$\ntkrpamp.exe
-c----w 2,179,328 2005-03-02 00:59:53 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$NtUninstallKB931784$\spuninst\updspapi.dll
-c----w 57,344 2006-10-12 14:02:52 C:\WINDOWS\$NtUninstallKB932168$\agentdpv.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB932168$\spuninst\updspapi.dll
-c----w 60,416 2007-01-29 08:58:06 C:\WINDOWS\$NtUninstallKB933360$\tzchange.exe
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB933360$\spuninst\updspapi.dll
-c----w 984,064 2006-07-05 10:55:01 C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$NtUninstallKB935839$\spuninst\updspapi.dll
-c----w 144,896 2004-08-04 19:00:00 C:\WINDOWS\$NtUninstallKB935840$\schannel.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB935840$\spuninst\updspapi.dll
-c----w 1,084,416 2006-09-13 05:01:56 C:\WINDOWS\$NtUninstallKB936021$\msxml3.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$NtUninstallKB936021$\spuninst\updspapi.dll
-c----w 209,408 2004-08-04 19:00:00 C:\WINDOWS\$NtUninstallKB936357$\update.sys
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB936357$\spuninst\updspapi.dll
-c----w 5,533,696 2006-04-29 11:07:48 C:\WINDOWS\$NtUninstallKB936782_WMP10$\wmp.dll
-c----w 213,216 2005-06-28 15:23:26 C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe
-c----w 371,424 2005-06-28 15:23:54 C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\updspapi.dll
-c----w 1,023,488 2007-01-04 13:36:29 C:\WINDOWS\$NtUninstallKB937143$\browseui.dll
-c----w 151,040 2007-01-04 13:36:30 C:\WINDOWS\$NtUninstallKB937143$\cdfview.dll
-c----w 1,054,208 2007-01-04 13:36:34 C:\WINDOWS\$NtUninstallKB937143$\danim.dll
-c----w 357,888 2007-01-04 13:36:36 C:\WINDOWS\$NtUninstallKB937143$\dxtmsft.dll
-c----w 205,312 2007-01-04 13:36:36 C:\WINDOWS\$NtUninstallKB937143$\dxtrans.dll
-c----w 55,808 2007-01-04 13:36:37 C:\WINDOWS\$NtUninstallKB937143$\extmgr.dll
-c----w 18,432 2007-01-04 10:36:30 C:\WINDOWS\$NtUninstallKB937143$\iedw.exe
-c----w 251,392 2007-01-04 13:36:37 C:\WINDOWS\$NtUninstallKB937143$\iepeers.dll
-c----w 96,256 2007-01-04 13:36:38 C:\WINDOWS\$NtUninstallKB937143$\inseng.dll
-c----w 16,384 2007-01-04 13:36:38 C:\WINDOWS\$NtUninstallKB937143$\jsproxy.dll
-c----w 3,056,640 2007-01-04 13:36:48 C:\WINDOWS\$NtUninstallKB937143$\mshtml.dll
-c----w 448,512 2007-01-04 13:36:51 C:\WINDOWS\$NtUninstallKB937143$\mshtmled.dll
-c----w 146,432 2007-01-04 13:36:52 C:\WINDOWS\$NtUninstallKB937143$\msrating.dll
-c----w 532,480 2007-01-04 13:36:54 C:\WINDOWS\$NtUninstallKB937143$\mstime.dll
-c----w 39,424 2007-01-04 13:36:54 C:\WINDOWS\$NtUninstallKB937143$\pngfilt.dll
-c----w 1,494,528 2007-01-04 13:37:03 C:\WINDOWS\$NtUninstallKB937143$\shdocvw.dll
-c----w 474,112 2007-01-04 13:37:03 C:\WINDOWS\$NtUninstallKB937143$\shlwapi.dll
-c----w 615,424 2007-01-25 12:48:49 C:\WINDOWS\$NtUninstallKB937143$\urlmon.dll
-c----w 658,944 2007-01-04 13:37:08 C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
-c----w 115,200 2007-01-04 10:25:01 C:\WINDOWS\$NtUninstallKB937143$\xpsp3res.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB937143$\spuninst\updspapi.dll
-c----w 852,480 2006-12-19 18:08:07 C:\WINDOWS\$NtUninstallKB938127$\vgx.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$NtUninstallKB938127$\spuninst\updspapi.dll
-c----w 1,032,192 2004-08-04 19:00:00 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:34 C:\WINDOWS\$NtUninstallKB938828$\spuninst\updspapi.dll
-c----w 281,600 2007-03-08 15:36:28 C:\WINDOWS\$NtUninstallKB938829$\gdi32.dll
-c----w 213,216 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe
-c----w 371,424 2006-01-19 19:29:19 C:\WINDOWS\$NtUninstallKB938829$\spuninst\updspapi.dll
------w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
------w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
------w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
------w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
----a-r 32,768 2007-09-13 20:08:27 C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
----a-w 57,344 2007-03-09 13:46:24 C:\WINDOWS\msagent\agentdpv.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\spuninst.exe
----a-w 1,023,488 2007-06-14 18:09:18 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\browseui.dll
----a-w 151,040 2007-06-14 18:09:18 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\cdfview.dll
----a-w 1,054,208 2007-06-14 18:09:18 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\danim.dll
----a-w 357,888 2007-06-14 18:09:18 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\dxtmsft.dll
----a-w 205,312 2007-06-14 18:09:19 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\dxtrans.dll
----a-w 55,808 2007-06-14 18:09:19 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\extmgr.dll
----a-w 18,432 2007-06-14 14:07:24 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\iedw.exe
----a-w 251,392 2007-06-14 18:09:19 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\iepeers.dll
----a-w 96,256 2007-06-14 18:09:19 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\inseng.dll
----a-w 16,384 2007-06-14 18:09:19 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\jsproxy.dll
----a-w 3,058,688 2007-06-14 18:09:20 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\mshtml.dll
----a-w 449,024 2007-06-14 18:09:19 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\mshtmled.dll
----a-w 146,432 2007-06-14 18:09:19 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\msrating.dll
----a-w 532,480 2007-06-14 18:09:20 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\mstime.dll
----a-w 39,424 2007-06-14 18:09:20 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\pngfilt.dll
----a-w 1,494,528 2007-06-14 18:09:20 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\shdocvw.dll
----a-w 474,112 2007-06-14 18:09:20 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\shlwapi.dll
----a-w 615,424 2007-06-14 18:09:20 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\urlmon.dll
----a-w 658,944 2007-06-26 14:09:10 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\wininet.dll
----a-w 115,712 2007-06-14 13:39:54 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2gdr\xpsp3res.dll
----a-w 1,022,976 2007-06-15 08:12:28 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\browseui.dll
----a-w 151,040 2007-06-15 08:12:28 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\cdfview.dll
----a-w 1,054,208 2007-06-15 08:12:28 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\danim.dll
----a-w 357,888 2007-06-15 08:12:28 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\dxtmsft.dll
----a-w 205,824 2007-06-15 08:12:28 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\dxtrans.dll
----a-w 55,808 2007-06-15 08:12:28 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\extmgr.dll
----a-w 18,432 2007-06-14 10:32:36 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\iedw.exe
----a-w 251,904 2007-06-15 08:12:28 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\iepeers.dll
----a-w 96,256 2007-06-15 08:12:28 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\inseng.dll
----a-w 16,384 2007-06-15 08:12:28 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\jsproxy.dll
----a-w 3,064,320 2007-06-15 08:12:29 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\mshtml.dll
----a-w 449,024 2007-06-15 08:12:29 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\mshtmled.dll
----a-w 146,432 2007-06-15 08:12:29 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\msrating.dll
----a-w 532,480 2007-06-15 08:12:29 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\mstime.dll
----a-w 39,424 2007-06-15 08:12:29 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\pngfilt.dll
----a-w 1,498,112 2007-06-15 08:12:30 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\shdocvw.dll
----a-w 474,112 2007-06-15 08:12:30 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\shlwapi.dll
----a-w 616,960 2007-06-15 08:12:30 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\urlmon.dll
----a-w 665,600 2007-06-26 14:35:54 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\wininet.dll
----a-w 350,720 2007-06-14 10:08:46 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\sp2qfe\xpsp3res.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download0f4dcdbcc87699e75212b885cb6bebf\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\spuninst.exe
----a-w 2,136,064 2007-02-28 09:08:48 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlmp.exe
----a-w 2,057,600 2007-02-28 08:38:55 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe
----a-w 2,015,744 2007-02-28 08:38:57 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrpamp.exe
----a-w 2,180,352 2007-02-28 09:10:57 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
----a-w 2,137,600 2007-02-28 09:53:04 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlmp.exe
----a-w 2,059,392 2007-02-28 09:15:56 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrnlpa.exe
----a-w 2,017,280 2007-02-28 09:15:59 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntkrpamp.exe
----a-w 2,182,144 2007-02-28 09:55:14 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\spuninst.exe
----a-w 1,104,896 2007-06-26 06:08:16 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\sp2gdr\msxml3.dll
----a-w 1,104,896 2007-06-26 06:06:12 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\sp2qfe\msxml3.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\10e5243f370a1f28a3045f4c40870f19\update\updspapi.dll
----a-w 13,536 2005-06-28 15:20:24 C:\WINDOWS\SoftwareDistribution\Download\1e354442629d28d789283ed99200860a\spmsg.dll
----a-w 213,216 2005-06-28 15:23:26 C:\WINDOWS\SoftwareDistribution\Download\1e354442629d28d789283ed99200860a\spuninst.exe
----a-w 22,752 2005-06-28 15:21:34 C:\WINDOWS\SoftwareDistribution\Download\1e354442629d28d789283ed99200860a\spupdsvc.exe
----a-w 5,537,792 2007-04-30 13:20:24 C:\WINDOWS\SoftwareDistribution\Download\1e354442629d28d789283ed99200860a\wmp.dll
----a-w 716,000 2005-06-28 15:24:52 C:\WINDOWS\SoftwareDistribution\Download\1e354442629d28d789283ed99200860a\update\update.exe
----a-w 371,424 2005-06-28 15:23:54 C:\WINDOWS\SoftwareDistribution\Download\1e354442629d28d789283ed99200860a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\spuninst.exe
----a-w 60,416 2007-07-18 12:42:22 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\sp2gdr\tzchange.exe
----a-w 60,416 2007-07-18 10:33:06 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\sp2qfe\tzchange.exe
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\2d96d8aba9a2dff89a10de77705d6434\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\spuninst.exe
----a-w 282,112 2007-06-19 13:31:19 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\sp2gdr\gdi32.dll
----a-w 282,112 2007-06-19 13:37:21 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\sp2qfe\gdi32.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\39a67eb647584bf044c95c49b4bf8722\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\spuninst.exe
----a-w 1,033,216 2007-06-13 10:23:07 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
----a-w 1,033,216 2007-06-13 11:26:03 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\spuninst.exe
----a-w 281,600 2007-03-08 15:36:28 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\gdi32.dll
----a-w 40,960 2007-03-08 15:36:28 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\mf3216.dll
----a-w 577,536 2007-03-08 15:36:28 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
----a-w 1,843,584 2007-03-08 13:47:48 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\win32k.sys
----a-w 282,112 2007-03-08 15:48:36 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\gdi32.dll
----a-w 40,960 2007-03-08 15:48:36 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\mf3216.dll
----a-w 578,048 2007-03-08 15:48:36 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
----a-w 1,843,968 2007-03-08 13:49:49 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\win32k.sys
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\spuninst.exe
----a-w 292,864 2007-03-17 13:43:01 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\sp2gdr\winsrv.dll
----a-w 292,864 2007-03-17 13:45:03 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\sp2qfe\winsrv.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\5e51b5a4cef8a3ba9cc95980fae1c142\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\spuninst.exe
----a-w 2,854,400 2007-04-18 16:12:23 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\SP2GDR\msi31.dll
----a-w 2,854,400 2007-04-18 16:14:43 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\SP2QFE\msi31.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\spuninst.exe
----a-w 364,160 2007-04-23 10:32:54 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\sp2gdr\update.sys
----a-w 364,160 2007-04-23 10:14:23 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\sp2qfe\update.sys
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\7810d543bbed927828d73027279e4109\update\updspapi.dll
----a-w 14,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\80046d42bf5044b609b7f7326dd9674d\spmsg.dll
----a-w 209,632 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\80046d42bf5044b609b7f7326dd9674d\spuninst.exe
----a-w 22,240 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\80046d42bf5044b609b7f7326dd9674d\update\spcustom.dll
----a-w 718,048 2005-02-25 01:35:06 C:\WINDOWS\SoftwareDistribution\Download\80046d42bf5044b609b7f7326dd9674d\update\update.exe
----a-w 371,936 2005-02-25 01:35:08 C:\WINDOWS\SoftwareDistribution\Download\80046d42bf5044b609b7f7326dd9674d\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\spuninst.exe
----a-w 549,376 2007-05-17 11:28:05 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\sp2gdr\oleaut32.dll
----a-w 549,888 2007-05-17 11:25:21 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\sp2qfe\oleaut32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\a37be17708731e77e17b179ea94c45de\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\spuninst.exe
----a-w 86,528 2007-05-16 15:12:00 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2gdr\directdb.dll
----a-w 683,520 2007-05-16 15:12:02 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2gdr\inetcomm.dll
----a-w 1,314,816 2007-05-16 15:12:08 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2gdr\msoe.dll
----a-w 510,976 2007-05-16 15:12:12 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2gdr\wab32.dll
----a-w 85,504 2007-05-16 15:12:15 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2gdr\wabimp.dll
----a-w 86,528 2007-05-16 15:32:55 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2qfe\directdb.dll
----a-w 683,520 2007-05-16 15:32:55 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2qfe\inetcomm.dll
----a-w 1,314,816 2007-05-16 15:32:56 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2qfe\msoe.dll
----a-w 510,976 2007-05-16 15:32:56 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2qfe\wab32.dll
----a-w 85,504 2007-05-16 15:32:56 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\sp2qfe\wabimp.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\aa23f1c18895fd721870de4beeed4ad5\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\spuninst.exe
----a-w 185,344 2007-02-05 20:17:02 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\sp2gdr\upnphost.dll
----a-w 185,344 2007-02-05 20:19:14 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\sp2qfe\upnphost.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\b3183a1e00bc9d14758dc26c2b339e76\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\spuninst.exe
----a-w 984,576 2007-04-16 15:52:53 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\sp2gdr\kernel32.dll
----a-w 986,112 2007-04-16 16:07:27 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\sp2qfe\kernel32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\c1835c8cb0bb13f938a8a983ca5edea4\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\d201072cb58fab95908d9431c4a9ed6f\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\d201072cb58fab95908d9431c4a9ed6f\spuninst.exe
----a-w 851,968 2007-06-26 15:13:22 C:\WINDOWS\SoftwareDistribution\Download\d201072cb58fab95908d9431c4a9ed6f\sp2gdr\vgx.dll
----a-w 851,968 2007-06-26 15:16:01 C:\WINDOWS\SoftwareDistribution\Download\d201072cb58fab95908d9431c4a9ed6f\sp2qfe\vgx.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\d201072cb58fab95908d9431c4a9ed6f\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\d201072cb58fab95908d9431c4a9ed6f\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\d201072cb58fab95908d9431c4a9ed6f\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\spuninst.exe
----a-w 144,896 2007-04-25 14:21:15 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\sp2gdr\schannel.dll
----a-w 144,896 2007-04-25 20:32:22 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\sp2qfe\schannel.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\e50981864c541bdea07741b88d379a52\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\spuninst.exe
----a-w 574,464 2007-02-09 11:10:35 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2gdr\ntfs.sys
----a-w 574,976 2007-02-09 11:23:36 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\sp2qfe\ntfs.sys
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\f7c10c2b68f88196f082e36f7313e169\update\update.exe
----a-w 371,42

guestolo · « **Reply #5 on:** September 18, 2007, 10:54:46 PM »

Very sorry for the delay, could you please post a fresh hijackthis log and let's ensure nothing else has changed
Let me know how things are still running and we'll do some final cleaning procedures

beroho2 · « **Reply #6 on:** September 20, 2007, 01:15:40 AM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:35 AM, on 9/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\ScrollWall\ScrollWall.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\My Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://aimtoday.Email Removed/_ads/adsPopup2.htm?0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: ScrollWall.lnk = C:\Program Files\ScrollWall\ScrollWall.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...up1.0.0.8-2.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 8562 bytes

guestolo · « **Reply #7 on:** September 20, 2007, 10:57:36 PM »

Quote

Let me know how things are still running and we'll do some final cleaning procedures

I'll assume things are running ok since you didn't let me know

Can you still do the following
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name and click Create
Windows will prompt when it was created successfully
When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

I would add a bit more protection to this computer
Install
SpywareBlaster 3.5.1 by JavaCool

After installation, Check for updates
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

If there are other user profiles on the computer, have them login and
click the "enable all protections" with Spywareblaster under the Protection tab

Let's remove some files/folders that we used/produced
Download this tool:
[color=\"blue\"]OTMoveIt[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Select Yes to reboot Now

After reboot you can empty your recycle bin

I hope that helps

beroho2 · « **Reply #8 on:** September 23, 2007, 01:57:03 PM »

Well, I followed all of you instructions (sorry it took me so long, I've had a busy week). Everything is working fine as far as I can see. Thank you.

guestolo · « **Reply #9 on:** September 25, 2007, 08:15:39 AM »

I'll lock this topic as your problems are resolved
Take care

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

TheTechGuide Forum

News:

Author Topic: HJT Log - I Have an Infection That Reappears After I Delete It (Read 722 times)

beroho2

HJT Log - I Have an Infection That Reappears After I Delete It

guestolo

HJT Log - I Have an Infection That Reappears After I Delete It

beroho2

HJT Log - I Have an Infection That Reappears After I Delete It

guestolo

HJT Log - I Have an Infection That Reappears After I Delete It

beroho2

HJT Log - I Have an Infection That Reappears After I Delete It

guestolo

HJT Log - I Have an Infection That Reappears After I Delete It

beroho2

HJT Log - I Have an Infection That Reappears After I Delete It

guestolo

HJT Log - I Have an Infection That Reappears After I Delete It

beroho2

HJT Log - I Have an Infection That Reappears After I Delete It

guestolo

HJT Log - I Have an Infection That Reappears After I Delete It