virus Hijack this report, help please, thank you

D

dodgygezza

New Member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:19 PM, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\DOCUME~1\Sam\LOCALS~1\Temp\xpre.tmp
C:\DOCUME~1\Sam\LOCALS~1\Temp\winvsnet.tmp
C:\DOCUME~1\Sam\LOCALS~1\Temp\stfCC.tmp
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S61.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Sam\Application Data\gadcom\gadcom.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: AVG Control Center.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Global Startup: AVG Test Center.lnk = C:\Program Files\Grisoft\AVG7\avgw.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?615048336236464293e8653f83f6db47
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?615048336236464293e8653f83f6db47
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18839494-1C69-4A13-A7FA-BE7A1C679C99}: NameServer = 212.139.132.8 212.139.132.9
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 10247 bytes
 
here we go

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/17/2008 9:04:43 PM
mbam-log-2008-12-17 (21-04-38).txt

Scan type: Quick Scan
Objects scanned: 66925
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 33
Registry Values Infected: 5
Registry Data Items Infected: 4
Folders Infected: 9
Files Infected: 51

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{cf9146db-16f1-4b79-8da1-ee14c55d5b06} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\performance optimizer (trial version) (Rogue.Performanceoptimizer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Performanceoptimizer (Rogue.Performanceoptimizer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Performanceoptimizer (Rogue.Performanceoptimizer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Sellmosoft (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Sellmosoft (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> No action taken.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\Performanceoptimizer (Free) (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\com_s (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\cur_s (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Restore (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks.Bak (Rogue.Performanceoptimizer) -> No action taken.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer (Rogue.Performanceoptimizer) -> No action taken.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Documentation (Rogue.Performanceoptimizer) -> No action taken.
C:\Documents and Settings\Sam\Application Data\gadcom (Trojan.Agent) -> No action taken.

Files Infected:
C:\WINDOWS\system32\TDSScfmm.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSShrxx.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSoiqt.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSvkql.dll (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSpqlt.sys (Trojan.TDSS) -> No action taken.
C:\WINDOWS\TEMP\TDSSefeb.tmp (Trojan.TDSS) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\creader.exe (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\inst.imd (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\PerfOpt.chm (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\PoChk.exe (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\ReadMe.doc (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\sload.sbd (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Restore\date.dat (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Restore\desc.dat (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Restore\file.dat (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Restore\ploc.dat (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg (Rogue.Performanceoptimizer) -> No action taken.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk (Rogue.Performanceoptimizer) -> No action taken.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk (Rogue.Performanceoptimizer) -> No action taken.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk (Rogue.Performanceoptimizer) -> No action taken.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Uninstall Performance Optimizer.lnk (Rogue.Performanceoptimizer) -> No action taken.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Documentation\Documentation.lnk (Rogue.Performanceoptimizer) -> No action taken.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Documentation\ReadMe.doc.lnk (Rogue.Performanceoptimizer) -> No action taken.
C:\Documents and Settings\Sam\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Sam\Application Data\gadcom\gadcom.exe4qq (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Sam\Local Settings\Temp\winloggn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Sam\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> No action taken.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> No action taken.
C:\WINDOWS\system32\TDSSkkai.log (Trojan.TDSS) -> No action taken.
C:\WINDOWS\system32\TDSSlxcp.dll (Rootkit.Agent) -> No action taken.
 
Please complete the scan again and once it's finished select everything it finds and select "Remove Selected".
 
new report

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/17/2008 9:16:43 PM
mbam-log-2008-12-17 (21-16-43).txt

Scan type: Quick Scan
Objects scanned: 67159
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 38
Registry Values Infected: 6
Registry Data Items Infected: 4
Folders Infected: 9
Files Infected: 52

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\tyshb36rfjdf.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\{5222008a-dd62-49c7-a735-7bd18ecc7350} (Rogue.VirusRemover) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{cf9146db-16f1-4b79-8da1-ee14c55d5b06} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\performance optimizer (trial version) (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\virusremover2008 (Rogue.VirusRemove) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Performanceoptimizer (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Performanceoptimizer (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sellmosoft (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d5bf49a2-94f1-42bd-f434-3604812c807d} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8j34rgfght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Performanceoptimizer (Free) (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\com_s (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\cur_s (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Restore (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks.Bak (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Documentation (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\gadcom (Trojan.Agent) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\tyshb36rfjdf.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\TDSScfmm.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSShrxx.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoiqt.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSvkql.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSpqlt.sys (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\TEMP\TDSSefeb.tmp (Trojan.TDSS) -> Delete on reboot.
C:\Program Files\Performanceoptimizer (Free)\creader.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\inst.imd (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\PerfOpt.chm (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\PerfOpt.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Performance Optimizer Home Page.url (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\PoChk.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\ReadMe.doc (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Sellmosoft Home Page.url (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\sload.sbd (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\uninstpo.exe (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Restore\date.dat (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Restore\desc.dat (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Restore\file.dat (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Restore\ploc.dat (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data001.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data003.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data006.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data007.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data009.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data011.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data013.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data016.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data017.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data020.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data023.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data027.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data030.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data031.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data033.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data040.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Program Files\Performanceoptimizer (Free)\Tweaks\data042.reg (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Uninstall Performance Optimizer.lnk (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Documentation\Documentation.lnk (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Start Menu\Programs\Performance Optimizer\Documentation\ReadMe.doc.lnk (Rogue.Performanceoptimizer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\gadcom\gadcom.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Sam\Application Data\gadcom\gadcom.exe4qq (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Sam\Local Settings\Temp\winloggn.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Sam\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Delete on reboot.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSkkai.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSlxcp.dll (Rootkit.Agent) -> Delete on reboot.
 
new reports

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:03 PM, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S61.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: AVG Control Center.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Global Startup: AVG Test Center.lnk = C:\Program Files\Grisoft\AVG7\avgw.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?615048336236464293e8653f83f6db47
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?615048336236464293e8653f83f6db47
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18839494-1C69-4A13-A7FA-BE7A1C679C99}: NameServer = 212.139.132.8 212.139.132.9
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8663 bytes











Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

12/17/2008 9:57:14 PM
mbam-log-2008-12-17 (21-57-07)dfsdfgsdgsgd

Scan type: Quick Scan
Objects scanned: 66808
Time elapsed: 6 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Sam\Local Settings\Temp\TDSSb38e.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Sam\Local Settings\Temp\TDSSb3ad.tmp (Trojan.FakeAlert) -> No action taken.
 
Hello, how is your computer running?

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Run Kaspersky Online AV Scanner
Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.


In your next reply i will need:
  • The Kaspersky log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
the AVG warnings have stopped, also is running a bit faster, still runs slow if i open 2 many tabs in Mozilla but that probs just because the computer isnt that good! and also before the internet was cutting out about every 30 mins, not actually disconnecting but just not working, and that hasn't appeared to happen again yet, thanks sam


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:05 PM, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S61.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: AVG Control Center.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Global Startup: AVG Test Center.lnk = C:\Program Files\Grisoft\AVG7\avgw.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?615048336236464293e8653f83f6db47
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?615048336236464293e8653f83f6db47
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18839494-1C69-4A13-A7FA-BE7A1C679C99}: NameServer = 212.139.132.8 212.139.132.9
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,wbsys.dll C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8663 bytes
 
Open HiJackThis and place a checkmark next to these entries, close all browsers and windows, and have HijackThis fix them by clicking Fix Checked:

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)



Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply i will need:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
combo fix log

ComboFix 08-12-16.03 - Sam 2008-12-17 23:25:17.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.597 [GMT 0:00]
Running from: c:\documents and settings\Sam\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Sam\Local Settings\Temporary Internet Files\fbk.sts
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\windows\system32\TDSSmtvd.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-17 to 2008-12-17 )))))))))))))))))))))))))))))))
.

2008-12-17 20:59 . 2008-12-17 20:59 <DIR> d-------- c:\temp\REX81
2008-12-17 20:58 . 2008-12-17 20:59 <DIR> d-------- c:\windows\system32\ni1
2008-12-17 20:58 . 2008-12-17 20:59 <DIR> d-------- c:\windows\system32\ip2
2008-12-17 20:58 . 2008-12-17 23:25 <DIR> d-------- C:\Temp
2008-12-17 20:56 . 2008-12-17 20:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-17 20:56 . 2008-12-17 20:56 <DIR> d-------- c:\documents and settings\Sam\Application Data\Malwarebytes
2008-12-17 20:56 . 2008-12-17 20:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 20:56 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 20:56 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-24 16:22 . 2008-11-24 16:22 <DIR> d-------- c:\program files\iPod
2008-11-24 16:22 . 2008-11-24 16:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-17 23:31 --------- d-----w c:\program files\DNA
2008-12-17 23:31 --------- d-----w c:\documents and settings\Sam\Application Data\DNA
2008-12-17 18:02 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-17 18:01 --------- d-----w c:\program files\Norton PC Checkup
2008-12-16 22:02 --------- d-----w c:\documents and settings\Sam\Application Data\BitTorrent
2008-12-15 23:44 --------- d-----w c:\documents and settings\Sam\Application Data\Metacafe
2008-12-15 23:44 --------- d-----w c:\documents and settings\All Users\Application Data\Metacafe
2008-12-15 20:19 --------- d-----w c:\program files\GameSpy Arcade
2008-12-15 20:13 --------- d-----w c:\program files\Airport Mania
2008-12-11 03:05 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-05 13:13 --------- d-----w c:\program files\Steam
2008-12-03 08:00 --------- d-----w c:\documents and settings\Sam\Application Data\AVG7
2008-11-24 16:22 --------- d-----w c:\program files\iTunes
2008-11-24 16:22 --------- d-----w c:\program files\Common Files\Apple
2008-11-24 16:20 --------- d-----w c:\program files\QuickTime
2008-11-20 16:22 106,496 ----a-w c:\windows\DUMP784c.tmp
2008-11-17 19:54 --------- d-----w c:\program files\Safari
2008-11-16 12:29 --------- d-----w c:\program files\BitTorrent
2008-11-16 00:09 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-11-15 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-18 19:54 --------- d-----w c:\documents and settings\Mum\Application Data\Dealio
2008-10-18 13:42 --------- d-----w c:\documents and settings\Sarah\Application Data\Dealio
2008-05-13 11:07 13,108 -c--a-w c:\documents and settings\Sam\Application Data\wklnhst.dat
2007-12-10 20:50 176 -c--a-w c:\documents and settings\Dad\Application Data\wklnhst.dat
2007-09-07 21:26 272 -c--a-w c:\documents and settings\Hayley\Application Data\wklnhst.dat
2007-08-29 19:13 1,090 -c--a-w c:\documents and settings\Sarah\Application Data\wklnhst.dat
2008-09-13 16:15 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( snapshot_2008-05-07_15.36.46.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-26 11:48:44 297,984 -c--a-w c:\windows\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB938464\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB938464\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB938464\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB938464\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB938464\update\updspapi.dll
+ 2008-05-02 13:30:08 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:49 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3GDR\msgsc.dll
+ 2008-05-02 13:42:10 83,968 ----a-w c:\windows\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:20:44 755,576 ----a-w c:\windows\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11 1,516,568 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 -c--a-w c:\windows\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w c:\windows\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w c:\windows\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w c:\windows\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w c:\windows\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w c:\windows\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-23 03:35:35 124,928 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll
+ 2008-04-23 03:35:35 347,136 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll
+ 2008-04-23 03:35:35 214,528 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll
+ 2008-04-23 03:35:35 132,608 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll
+ 2008-04-23 03:35:35 63,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll
+ 2008-04-22 08:02:19 70,656 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe
+ 2008-04-23 03:35:35 153,088 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll
+ 2008-04-23 03:35:35 230,400 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll
+ 2008-04-20 05:07:38 161,792 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat
+ 2008-04-23 03:35:35 383,488 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll
+ 2008-04-23 03:35:35 388,608 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll
+ 2008-04-23 03:35:36 6,068,224 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll
+ 2008-04-23 03:35:36 44,544 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll
+ 2008-04-23 03:35:36 267,776 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll
+ 2008-04-22 08:02:19 13,824 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe
+ 2008-04-22 08:02:46 625,664 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
+ 2008-04-23 03:35:36 27,648 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll
+ 2008-04-23 03:35:36 459,264 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll
+ 2008-04-23 03:35:36 52,224 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll
+ 2008-04-23 03:35:36 3,593,728 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
+ 2008-04-23 03:35:36 478,208 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll
+ 2008-04-23 03:35:36 193,024 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll
+ 2008-04-23 03:35:36 671,232 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll
+ 2008-04-23 03:35:36 102,912 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll
+ 2008-04-23 03:35:36 44,544 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll
+ 2008-04-23 03:35:36 105,984 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\url.dll
+ 2008-04-23 03:35:36 1,162,752 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll
+ 2008-04-23 03:35:36 233,472 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll
+ 2008-04-23 03:35:36 827,392 ----a-w c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB950759-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB950759-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB950759-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB950759-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB950759-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 ----a-w c:\windows\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 ----a-w c:\windows\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-07-07 20:06:43 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 18:39:39 683,520 ----a-w c:\windows\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:04:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-11 23:22:26 691,712 ----a-w c:\windows\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:31 755,576 ----a-w c:\windows\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w c:\windows\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-13 09:52:16 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-13 11:05:51 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-13 11:27:43 272,128 ----a-w c:\windows\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-04-14 11:00:16 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 12:30:49 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 12:36:35 272,128 ----a-w c:\windows\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 05:12:40 1,288,192 -c--a-w c:\windows\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 -c--a-w c:\windows\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB951698\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:15 512,000 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16 180,224 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16 172,032 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16 430,080 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:17 90,112 ----a-w c:\windows\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w c:\windows\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w c:\windows\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-05-01 15:04:00 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:33:02 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:38:05 331,776 ----a-w c:\windows\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w c:\windows\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 16:01:38 124,928 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll
+ 2008-06-23 16:01:38 347,136 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll
+ 2008-06-23 16:01:39 214,528 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll
+ 2008-06-23 16:01:39 132,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll
+ 2008-06-23 16:01:39 63,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll
+ 2008-06-23 08:23:18 70,656 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
+ 2008-06-23 16:01:39 153,088 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll
+ 2008-06-23 16:01:39 230,400 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll
+ 2008-06-21 05:23:53 161,792 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat
+ 2008-06-23 16:01:40 383,488 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll
+ 2008-06-23 16:01:40 388,608 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll
+ 2008-06-23 16:01:43 6,068,736 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll
+ 2008-06-23 16:01:43 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll
+ 2008-06-23 16:01:44 267,776 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll
+ 2008-06-23 08:23:18 13,824 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
+ 2008-06-23 08:23:52 625,664 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
+ 2008-06-23 16:01:46 27,648 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll
+ 2008-06-23 16:01:46 459,264 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll
+ 2008-06-23 16:01:46 52,224 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll
+ 2008-06-23 16:01:49 3,594,240 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
+ 2008-06-23 16:01:49 477,696 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll
+ 2008-06-23 16:01:49 193,024 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll
+ 2008-06-23 16:01:50 671,232 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll
+ 2008-06-23 16:01:50 102,912 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll
+ 2008-06-23 16:01:50 44,544 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll
+ 2008-06-23 16:01:50 105,984 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\url.dll
+ 2008-06-23 16:01:51 1,162,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll
+ 2008-06-23 16:01:51 233,472 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll
+ 2008-06-23 16:01:51 827,904 ----a-w c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w c:\windows\$hf_mig$\KB953838-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB953838-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB953839\update\updspapi.dll
+ 2008-09-15 12:25:27 1,846,912 ----a-w c:\windows\$hf_mig$\KB954211\SP3QFE\win32k.sys
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954211\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954211\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954211\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB954211\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954211\update\updspapi.dll
+ 2008-09-10 01:10:56 1,379,840 ----a-w c:\windows\$hf_mig$\KB954459\SP3QFE\msxml6.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB954459\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB954459\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB954459\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB954459\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB954459\update\updspapi.dll
+ 2008-09-04 17:12:27 1,106,944 ----a-w c:\windows\$hf_mig$\KB955069\SP3QFE\msxml3.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB955069\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB955069\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB955069\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB955069\update\update.exe
+ 2008-07-09 13:08:38 382,840 ----a-w c:\windows\$hf_mig$\KB955069\update\updspapi.dll
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-08-26 09:08:35 124,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:36 347,136 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:36 214,528 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:36 132,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:36 63,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:36 153,088 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:36 230,400 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:36 380,928 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:37 388,608 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 17:26:50 6,068,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:39 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:39 267,776 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:40 27,648 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:40 459,264 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:40 52,224 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:43 3,594,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:43 477,696 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:44 193,024 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:44 671,232 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:44 102,912 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:44 44,544 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:44 105,984 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:45 1,162,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:45 233,472 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:45 827,904 ----a-w c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w c:\windows\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w c:\windows\$hf_mig$\KB956390-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows
 
\$hf_mig$\KB956391\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB956391\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB956391\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB956391\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB956391\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-14 10:34:26 138,496 ----a-w c:\windows\$hf_mig$\KB956803\SP3QFE\afd.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956803\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956803\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956803\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956803\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB956803\update\updspapi.dll
+ 2008-08-14 10:39:28 2,145,280 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlmp.exe
+ 2008-08-14 14:39:46 2,066,048 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
+ 2008-08-14 10:09:44 2,023,936 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrpamp.exe
+ 2008-08-14 15:11:10 2,189,184 ----a-w c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB956841\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB956841\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB956841\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB956841\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956841\update\updspapi.dll
+ 2008-09-08 11:37:19 333,824 ----a-w c:\windows\$hf_mig$\KB957095\SP3QFE\srv.sys
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB957095\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB957095\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB957095\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB957095\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB957095\update\updspapi.dll
+ 2008-10-24 11:41:11 455,936 ----a-w c:\windows\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB957097\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB957097\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB957097\update\spcustom.dll
+ 2008-07-08 13:02:04 755,576 ----a-w c:\windows\$hf_mig$\KB957097\update\update.exe
+ 2008-07-08 13:02:12 382,840 ----a-w c:\windows\$hf_mig$\KB957097\update\updspapi.dll
+ 2008-10-15 16:25:53 339,456 ----a-w c:\windows\$hf_mig$\KB958644\SP3QFE\netapi32.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB958644\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB958644\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB958644\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w c:\windows\$hf_mig$\KB958644\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w c:\windows\$hf_mig$\KB958644\update\updspapi.dll
+ 2004-08-03 23:10:08 53,248 -c----w c:\windows\$NtServicePackUninstall$\1394bus.sys
+ 2004-08-03 23:00:04 12,288 -c----w c:\windows\$NtServicePackUninstall$\4mmdat.sys
+ 2004-08-03 23:10:12 48,128 -c----w c:\windows\$NtServicePackUninstall$\61883.sys
+ 2006-08-16 11:58:05 100,352 -c----w c:\windows\$NtServicePackUninstall$\6to4svc.dll
+ 2006-10-04 14:05:26 39,424 -c----w c:\windows\$NtServicePackUninstall$\acadproc.dll
+ 2006-10-04 14:05:26 39,424 -c----w c:\windows\$NtServicePackUninstall$\acadproc.dll.000
+ 2004-08-10 11:00:00 183,808 -c----w c:\windows\$NtServicePackUninstall$\accwiz.exe
+ 2004-08-10 11:00:00 1,852,416 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll
+ 2004-08-10 11:00:00 1,852,416 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll.000
+ 2004-08-10 11:00:00 450,048 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll
+ 2004-08-10 11:00:00 450,048 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll.000
+ 2004-08-10 11:00:00 137,728 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll
+ 2004-08-10 11:00:00 137,728 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll.000
+ 2004-08-10 11:00:00 114,688 -c----w c:\windows\$NtServicePackUninstall$\aclui.dll
+ 2004-08-10 11:00:00 187,776 -c----w c:\windows\$NtServicePackUninstall$\acpi.sys
+ 2004-08-10 11:00:00 244,736 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll
+ 2004-08-10 11:00:00 244,736 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll.000
+ 2004-08-10 11:00:00 194,048 -c----w c:\windows\$NtServicePackUninstall$\activeds.dll
+ 2004-08-10 11:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\actmovie.exe
+ 2004-08-10 11:00:00 101,888 -c----w c:\windows\$NtServicePackUninstall$\actxprxy.dll
+ 2004-08-10 11:00:00 116,224 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll
+ 2004-08-10 11:00:00 116,224 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll.000
+ 2004-08-10 11:00:00 29,696 -c----w c:\windows\$NtServicePackUninstall$\admexs.dll
+ 2003-03-24 16:52:04 20,540 -c----w c:\windows\$NtServicePackUninstall$\admin.dll
+ 2003-03-24 16:52:04 16,439 -c----w c:\windows\$NtServicePackUninstall$\admin.exe
+ 2004-08-10 11:00:00 43,520 -c----w c:\windows\$NtServicePackUninstall$\admwprox.dll
+ 2004-08-10 11:00:00 290,816 -c----w c:\windows\$NtServicePackUninstall$\adsiis51.dll
+ 2004-08-10 11:00:00 175,616 -c----w c:\windows\$NtServicePackUninstall$\adsldp.dll
+ 2004-08-10 11:00:00 143,360 -c----w c:\windows\$NtServicePackUninstall$\adsldpc.dll
+ 2004-08-10 11:00:00 68,096 -c----w c:\windows\$NtServicePackUninstall$\adsmsext.dll
+ 2004-08-10 11:00:00 263,680 -c----w c:\windows\$NtServicePackUninstall$\adsnt.dll
+ 2004-08-10 11:00:00 109,568 -c----w c:\windows\$NtServicePackUninstall$\adsnw.dll
+ 2004-08-04 00:56:42 4,255 -c----w c:\windows\$NtServicePackUninstall$\adv01nt5.dll
+ 2004-08-04 00:56:42 3,967 -c----w c:\windows\$NtServicePackUninstall$\adv02nt5.dll
+ 2004-08-04 00:56:42 3,615 -c----w c:\windows\$NtServicePackUninstall$\adv05nt5.dll
+ 2004-08-04 00:56:42 3,647 -c----w c:\windows\$NtServicePackUninstall$\adv07nt5.dll
+ 2004-08-04 00:56:42 3,135 -c----w c:\windows\$NtServicePackUninstall$\adv08nt5.dll
+ 2004-08-04 00:56:42 3,711 -c----w c:\windows\$NtServicePackUninstall$\adv09nt5.dll
+ 2004-08-04 00:56:42 3,775 -c----w c:\windows\$NtServicePackUninstall$\adv11nt5.dll
+ 2004-08-10 11:00:00 616,960 -c----w c:\windows\$NtServicePackUninstall$\advapi32.dll
+ 2006-02-15 00:22:26 142,464 -c----w c:\windows\$NtServicePackUninstall$\aec.sys
+ 2006-02-15 00:22:26 142,464 -c----w c:\windows\$NtServicePackUninstall$\aec.sys.000
+ 2008-06-20 10:44:38 138,368 -c----w c:\windows\$NtServicePackUninstall$\afd.sys
+ 2004-08-10 11:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\agentanm.dll
+ 2004-08-10 11:00:00 214,016 -c----w c:\windows\$NtServicePackUninstall$\agentctl.dll
+ 2006-10-12 13:54:18 42,496 -c----w c:\windows\$NtServicePackUninstall$\agentdp2.dll
+ 2007-03-09 13:58:57 57,344 -c----w c:\windows\$NtServicePackUninstall$\agentdpv.dll
+ 2004-08-10 11:00:00 49,152 -c----w c:\windows\$NtServicePackUninstall$\agentmpx.dll
+ 2004-08-10 11:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\agentpsh.dll
+ 2004-08-10 11:00:00 44,032 -c----w c:\windows\$NtServicePackUninstall$\agentsr.dll
+ 2006-10-12 11:54:07 256,512 -c----w c:\windows\$NtServicePackUninstall$\agentsvr.exe
+ 2004-08-03 23:07:42 42,368 -c----w c:\windows\$NtServicePackUninstall$\agp440.sys
+ 2004-08-03 23:07:44 44,928 -c----w c:\windows\$NtServicePackUninstall$\agpcpq.sys
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0401.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0404.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0405.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0406.dll
+ 2004-08-10 11:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt0407.dll
+ 2004-08-10 11:00:00 22,016 -c----w c:\windows\$NtServicePackUninstall$\agt0408.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0409.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt040b.dll
+ 2004-08-10 11:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt040c.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt040d.dll
+ 2004-08-10 11:00:00 19,968 -c----w c:\windows\$NtServicePackUninstall$\agt040e.dll
+ 2004-08-10 11:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0410.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0411.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0412.dll
+ 2004-08-10 11:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0413.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0414.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0415.dll
+ 2004-08-10 11:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0416.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0419.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041d.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041f.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0804.dll
+ 2004-08-10 11:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0816.dll
+ 2004-08-10 11:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0c0a.dll
+ 2004-08-10 11:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\agtintl.dll
+ 2004-08-10 11:00:00 98,304 -c----w c:\windows\$NtServicePackUninstall$\ahui.exe
+ 2004-08-10 11:00:00 44,544 -c----w c:\windows\$NtServicePackUninstall$\alg.exe
+ 2004-08-03 23:07:42 42,752 -c----w c:\windows\$NtServicePackUninstall$\alim1541.sys
+ 2004-08-10 11:00:00 17,408 -c----w c:\windows\$NtServicePackUninstall$\alrsvc.dll
+ 2004-08-03 23:07:44 43,008 -c----w c:\windows\$NtServicePackUninstall$\amdagp.sys
+ 2004-08-10 11:00:00 36,992 -c----w c:\windows\$NtServicePackUninstall$\amdk6.sys
+ 2004-08-10 11:00:00 37,376 -c----w c:\windows\$NtServicePackUninstall$\amdk7.sys
+ 2004-08-10 11:00:00 70,656 -c----w c:\windows\$NtServicePackUninstall$\amstream.dll
+ 2004-08-10 11:00:00 108,544 -c----w c:\windows\$NtServicePackUninstall$\appconf.dll
+ 2004-08-10 11:00:00 126,976 -c----w c:\windows\$NtServicePackUninstall$\apphelp.dll
+ 2004-08-10 11:00:00 167,936 -c----w c:\windows\$NtServicePackUninstall$\appmgmts.dll
+ 2004-08-10 11:00:00 295,936 -c----w c:\windows\$NtServicePackUninstall$\appmgr.dll
+ 2004-08-10 11:00:00 331,264 -c----w c:\windows\$NtServicePackUninstall$\aqueue.dll
+ 2004-08-10 11:00:00 60,800 -c----w c:\windows\$NtServicePackUninstall$\arp1394.sys
+ 2001-03-02 20:52:40 15,360 -c----w c:\windows\$NtServicePackUninstall$\asfsipc.dll
+ 2004-08-10 11:00:00 369,664 -c----w c:\windows\$NtServicePackUninstall$\asp51.dll
+ 2002-06-22 00:31:20 20,480 -c----w c:\windows\$NtServicePackUninstall$\aspnet_filter.dll
+ 2007-01-02 23:34:04 200,704 -c----w c:\windows\$NtServicePackUninstall$\aspnet_isapi.dll
+ 2004-08-04 05:11:06 24,576 -c----w c:\windows\$NtServicePackUninstall$\aspnet_regiis.exe
+ 2002-06-22 00:31:22 32,768 -c----w c:\windows\$NtServicePackUninstall$\aspnet_state.exe
+ 2007-01-02 23:34:04 32,768 -c----w c:\windows\$NtServicePackUninstall$\aspnet_wp.exe
+ 2004-08-10 11:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\asr_fmt.exe
+ 2004-08-10 11:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\asr_pfu.exe
+ 2004-08-10 11:00:00 65,024 -c----w c:\windows\$NtServicePackUninstall$\asycfilt.dll
+ 2004-08-10 11:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\asyncmac.sys
+ 2004-08-10 11:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\at.exe
+ 2004-08-10 11:00:00 95,360 -c----w c:\windows\$NtServicePackUninstall$\atapi.sys
+ 2004-08-04 00:56:42 229,376 -c----w c:\windows\$NtServicePackUninstall$\ati2cqag.dll
+ 2004-08-04 00:56:42 377,984 -c----w c:\windows\$NtServicePackUninstall$\ati2dvaa.dll
+ 2004-08-04 00:56:42 201,728 -c----w c:\windows\$NtServicePackUninstall$\ati2dvag.dll
+ 2004-08-04 00:56:42 870,784 -c----w c:\windows\$NtServicePackUninstall$\ati3d1ag.dll
+ 2004-08-04 00:56:42 1,888,992 -c----w c:\windows\$NtServicePackUninstall$\ati3duag.dll
+ 2004-08-04 00:56:42 32,768 -c----w c:\windows\$NtServicePackUninstall$\ativtmxx.dll
+ 2004-08-04 00:56:42 516,768 -c----w c:\windows\$NtServicePackUninstall$\ativvaxx.dll
+ 2004-08-10 11:00:00 58,880 -c----w c:\windows\$NtServicePackUninstall$\atl.dll
+ 2004-08-10 11:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\atmadm.exe
+ 2004-08-10 11:00:00 59,904 -c----w c:\windows\$NtServicePackUninstall$\atmarpc.sys
+ 2004-08-10 11:00:00 285,696 -c----w c:\windows\$NtServicePackUninstall$\atmfd.dll
+ 2004-08-10 11:00:00 55,936 -c----w c:\windows\$NtServicePackUninstall$\atmlane.sys
+ 2004-08-10 11:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\atmlib.dll
+ 2004-08-10 11:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\attrib.exe
+ 2004-08-04 00:56:42 21,183 -c----w c:\windows\$NtServicePackUninstall$\atv01nt5.dll
+ 2004-08-04 00:56:42 11,359 -c----w c:\windows\$NtServicePackUninstall$\atv02nt5.dll
+ 2004-08-04 00:56:42 25,471 -c----w c:\windows\$NtServicePackUninstall$\atv04nt5.dll
+ 2004-08-04 00:56:42 14,143 -c----w c:\windows\$NtServicePackUninstall$\atv06nt5.dll
+ 2004-08-04 00:56:42 17,279 -c----w c:\windows\$NtServicePackUninstall$\atv10nt5.dll
+ 2004-08-10 11:00:00 42,496 -c----w c:\windows\$NtServicePackUninstall$\audiosrv.dll
+ 2004-08-10 11:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\auditusr.exe
+ 2003-03-24 16:52:04 20,540 -c----w c:\windows\$NtServicePackUninstall$\author.dll
+ 2003-03-24 16:52:04 16,439 -c----w c:\windows\$NtServicePackUninstall$\author.exe
+ 2005-03-02 18:09:29 56,832 -c----w c:\windows\$NtServicePackUninstall$\authz.dll
+ 2004-08-10 11:00:00 588,800 -c----w c:\windows\$NtServicePackUninstall$\autochk.exe
+ 2004-08-10 11:00:00 602,624 -c----w c:\windows\$NtServicePackUninstall$\autoconv.exe
+ 2004-08-10 11:00:00 580,608 -c----w c:\windows\$NtServicePackUninstall$\autofmt.exe
+ 2004-08-10 11:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\autolfn.exe
+ 2004-08-03 23:10:12 38,912 -c----w c:\windows\$NtServicePackUninstall$\avc.sys
+ 2004-08-03 23:10:00 13,696 -c----w c:\windows\$NtServicePackUninstall$\avcstrm.sys
+ 2004-08-10 11:00:00 84,992 -c----w c:\windows\$NtServicePackUninstall$\avifil32.dll
+ 2004-08-10 11:00:00 52,736 -c----w c:\windows\$NtServicePackUninstall$\basesrv.dll
+ 2004-08-10 11:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\batmeter.dll
+ 2004-08-10 11:00:00 8,704 -c----w c:\windows\$NtServicePackUninstall$\batt.dll
+ 2001-08-17 13:57:54 14,080 -c----w c:\windows\$NtServicePackUninstall$\battc.sys
+ 2004-08-03 23:10:14 11,776 -c----w c:\windows\$NtServicePackUninstall$\bdasup.sys
+ 2004-08-10 11:00:00 17,408 -c----w c:\windows\$NtServicePackUninstall$\bidispl.dll
+ 2004-08-10 11:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\bitsprx2.dll
+ 2004-08-10 11:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\bitsprx3.dll
+ 2004-08-10 11:00:00 71,680 -c----w c:\windows\$NtServicePackUninstall$\blastcln.exe
+ 2004-08-10 11:00:00 136,704 -c----w c:\windows\$NtServicePackUninstall$\bootcfg.exe
+ 2004-08-10 11:00:00 71,552 -c----w c:\windows\$NtServicePackUninstall$\bridge.sys
+ 2004-08-10 11:00:00 63,488 -c----w c:\windows\$NtServicePackUninstall$\browselc.dll
+ 2004-08-10 11:00:00 77,312 -c----w c:\windows\$NtServicePackUninstall$\browser.dll
+ 2007-06-15 08:12:28 1,022,976 -c----w c:\windows\$NtServicePackUninstall$\browseui.dll
+ 2004-08-10 11:00:00 78,336 -c----w c:\windows\$NtServicePackUninstall$\browsewm.dll
+ 2004-08-10 11:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\bthci.dll
+ 2004-08-03 23:10:40 17,024 -c----w c:\windows\$NtServicePackUninstall$\bthenum.sys
+ 2004-08-03 23:10:40 38,016 -c----w c:\windows\$NtServicePackUninstall$\bthmodem.sys
+ 2004-08-03 22:58:40 100,992 -c----w c:\windows\$NtServicePackUninstall$\bthpan.sys
+ 2008-06-13 13:10:50 272,128 -c----w c:\windows\$NtServicePackUninstall$\bthport.sys
+ 2008-06-13 13:10:50 272,128 -c----w c:\windows\$NtServicePackUninstall$\bthport.sys.000
+ 2004-08-03 23:10:38 35,456 -c----w c:\windows\$NtServicePackUninstall$\bthprint.sys
+ 2004-08-10 11:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\bthserv.dll
+ 2004-08-03 23:10:36 18,944 -c----w c:\windows\$NtServicePackUninstall$\bthusb.sys
+ 2004-08-10 11:00:00 50,688 -c----w c:\windows\$NtServicePackUninstall$\btpanui.dll
+ 2004-08-10 11:00:00 218,112 -c----w c:\windows\$NtServicePackUninstall$\c_g18030.dll
+ 2004-08-10 11:00:00 59,904 -c----w c:\windows\$NtServicePackUninstall$\cabinet.dll
+ 2004-08-10 11:00:00 84,480 -c----w c:\windows\$NtServicePackUninstall$\cabview.dll
+ 2004-08-10 11:00:00 18,432 -c----w c:\windows\$NtServicePackUninstall$\cacls.exe
+ 2004-08-10 11:00:00 385,024 -c----w c:\windows\$NtServicePackUninstall$\callcont.dll
+ 2001-08-17 22:36:10 119,296 -c----w c:\windows\$NtServicePackUninstall$\camext30.dll
+ 2004-08-10 11:00:00 50,688 -c----w c:\windows\$NtServicePackUninstall$\camocx.dll
+ 2004-08-10 11:00:00 142,848 -c----w c:\windows\$NtServicePackUninstall$\capesnpn.dll
+ 2005-07-26 04:39:42 225,792 -c----w c:\windows\$NtServicePackUninstall$\catsrv.dll
+ 2004-08-10 11:00:00 85,504 -c----w c:\windows\$NtServicePackUninstall$\catsrvps.dll
+ 2005-07-26 04:39:43 625,152 -c----w c:\windows\$NtServicePackUninstall$\catsrvut.dll
+ 2004-08-03 23:10:18 17,024 -c----w c:\windows\$NtServicePackUninstall$\ccdecode.sys
+ 2004-08-10 11:00:00 63,744 -c----w c:\windows\$NtServicePackUninstall$\cdfs.sys
+ 2007-06-15 08:12:28 151,040 -c----w c:\windows\$NtServicePackUninstall$\cdfview.dll
+ 2005-09-10 01:53:41 2,067,968 -c----w c:\windows\$NtServicePackUninstall$\cdosys.dll
+ 2004-08-10 11:00:00 49,536 -c----w c:\windows\$NtServicePackUninstall$\cdrom.sys
+ 2004-08-10 11:00:00 194,560 -c----w c:\windows\$NtServicePackUninstall$\certcli.dll
+ 2004-08-10 11:00:00 457,728 -c----w c:\windows\$NtServicePackUninstall$\certmgr.dll
+ 2004-08-10 11:00:00 38,912 -c----w c:\windows\$NtServicePackUninstall$\cfgbkend.dll
+ 2004-08-10 11:00:00 16,896 -c----w c:\windows\$NtServicePackUninstall$\cfgmgr32.dll
+ 2003-03-24 16:52:04 188,480 -c----w c:\windows\$NtServicePackUninstall$\cfgwiz.exe
+ 2004-08-04 00:56:42 15,423 -c----w c:\windows\$NtServicePackUninstall$\ch7xxnt5.dll
+ 2004-08-03 23:00:14 8,192 -c----w c:\windows\$NtServicePackUninstall$\changer.sys
+ 2004-08-10 11:00:00 97,792 -c----w c:\windows\$NtServicePackUninstall$\chtmbx.dll
+ 2004-08-10 11:00:00 56,320 -c----w c:\windows\$NtServicePackUninstall$\chtskdic.dll
+ 2004-08-10 11:00:00 173,568 -c----w c:\windows\$NtServicePackUninstall$\chtskf.dll
+ 2004-08-10 11:00:00 109,568 -c----w c:\windows\$NtServicePackUninstall$\cic.dll
+ 2004-08-10 11:00:00 1,352,192 -c----w c:\windows\$NtServicePackUninstall$\cimwin32.dll
+ 2004-08-10 11:00:00 198,656 -c----w c:\windows\$NtServicePackUninstall$\cintime.dll
+ 2006-06-22 05:06:29 69,120 -c----w c:\windows\$NtServicePackUninstall$\ciodm.dll
+ 2004-08-10 11:00:00 56,320 -c----w c:\windows\$NtServicePackUninstall$\cipher.exe
+ 2004-08-10 11:00:00 5,632 -c----w c:\windows\$NtServicePackUninstall$\cisvc.exe
+ 2004-08-10 11:00:00 49,664 -c----w c:\windows\$NtServicePackUninstall$\classpnp.sys
+ 2005-07-26 04:39:43 110,080 -c----w c:\windows\$NtServicePackUninstall$\clbcatex.dll
+ 2005-07-26 04:39:43 498,688 -c----w c:\windows\$NtServicePackUninstall$\clbcatq.dll
+ 2004-08-10 11:00:00 64,000 -c----w c:\windows\$NtServicePackUninstall$\cleanmgr.exe
+ 2004-08-10 11:00:00 77,824 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.dll
+ 2004-08-10 11:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.exe
+ 2004-08-10 11:00:00 102,912 -c----w c:\windows\$NtServicePackUninstall$\clipbrd.exe
+ 2004-08-10 11:00:00 33,280 -c----w c:\windows\$NtServicePackUninstall$\clipsrv.exe
+ 2004-08-10 11:00:00 57,856 -c----w c:\windows\$NtServicePackUninstall$\clusapi.dll
+ 2004-08-03 23:07:40 14,080 -c----w c:\windows\$NtServicePackUninstall$\cmbatt.sys
+ 2004-08-10 11:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\cmcfg32.dll
+ 2004-08-10 11:00:00 388,608 -c----w c:\windows\$NtServicePackUninstall$\cmd.exe
+ 2004-08-10 11:00:00 45,568 -c----w c:\windows\$NtServicePackUninstall$\cmdevtgprov.dll
+ 2004-08-10 11:00:00 343,040 -c----w c:\windows\$NtServicePackUninstall$\cmdial32.dll
+ 2004-08-10 11:00:00 47,104 -c----w c:\windows\$NtServicePackUninstall$\cmdl32.exe
+ 2004-08-10 11:00:00 39,936 -c----w c:\windows\$NtServicePackUninstall$\cmmon32.exe
+ 2004-08-10 11:00:00 185,344 -c----w c:\windows\$NtServicePackUninstall$\cmprops.dll
+ 2004-08-10 11:00:00 13,824 -c----w c:\windows\$NtServicePackUninstall$\cmsetacl.dll
+ 2004-08-10 11:00:00 63,488 -c----w c:\windows\$NtServicePackUninstall$\cmstp.exe
+ 2004-08-10 11:00:00 39,936 -c----w c:\windows\$NtServicePackUninstall$\cmutil.dll
+ 2004-08-10 11:00:00 47,104 -c----w c:\windows\$NtServicePackUninstall$\cnbjmon.dll
+ 2004-08-10 11:00:00 46,592 -c----w c:\windows\$NtServicePackUninstall$\coadmin.dll
+ 2005-07-26 04:39:43 60,416 -c----w c:\windows\$NtServicePackUninstall$\colbact.dll
+ 2004-08-10 11:00:00 25,600 -c----w c:\windows\$NtServicePackUninstall$\comaddin.dll
+ 2005-07-26 04:39:44 195,072 -c----w c:\windows\$NtServicePackUninstall$\comadmin.dll
+ 2006-08-25 15:45:58 617,472 -c----w c:\windows\$NtServicePackUninstall$\comctl32.dll
+ 2004-08-10 11:00:00 276,992 -c----w c:\windows\$NtServicePackUninstall$\comdlg32.dll
+ 2004-08-10 11:00:00 252,928 -c----w c:\windows\$NtServicePackUninstall$\compatui.dll
+ 2001-08-17 13:58:00 9,344 -c----w c:\windows\$NtServicePackUninstall$\compbatt.sys
+ 2004-08-10 11:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\compfilt.dll
+ 2004-08-10 11:00:00 229,376 -c----w c:\windows\$NtServicePackUninstall$\compstui.dll
+ 2005-07-26 04:39:44 97,792 -c----w c:\windows\$NtServicePackUninstall$\comrepl.dll
+ 2004-08-10 11:00:00 9,728 -c----w c:\windows\$NtServicePackUninstall$\comrepl.exe
+ 2004-08-10 11:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\comrereg.exe
+ 2004-08-10 11:00:00 792,064 -c----w c:\windows\$NtServicePackUninstall$\comres.dll
+ 2004-08-10 11:00:00 259,584 -c----w c:\windows\$NtServicePackUninstall$\comsetup.dll
+ 2004-08-10 11:00:00 147,456 -c----w c:\windows\$NtServicePackUninstall$\comsnap.dll
+ 2005-07-26 04:39:44 1,267,200 -c----w c:\windows\$NtServicePackUninstall$\comsvcs.dll
+ 2005-07-26 04:39:45 540,160 -c----w c:\windows\$NtServicePackUninstall$\comuid.dll
+ 2004-08-10 11:00:00 1,032,192 -c----w c:\windows\$NtServicePackUninstall$\conf.exe
+ 2004-08-10 11:00:00 45,056 -c----w c:\windows\$NtServicePackUninstall$\confmrsl.dll
+ 2004-08-10 11:00:00 345,600 -c----w c:\windows\$NtServicePackUninstall$\confmsp.dll
+ 2004-08-10 11:00:00 27,648 -c----w c:\windows\$NtServicePackUninstall$\conime.exe
+ 2006-10-17 11:03:56 17,408 -c----w c:\windows\$NtServicePackUninstall$\corpol.dll
+ 2004-08-10 11:00:00 163,840 -c----w c:\windows\$NtServicePackUninstall$\credui.dll
+ 2004-08-10 11:00:00 36,480 -c----w c:\windows\$NtServicePackUninstall$\crusoe.sys
+ 2004-08-10 11:00:00 597,504 -c----w c:\windows\$NtServicePackUninstall$\crypt32.dll
+ 2004-08-10 11:00:00 74,752 -c----w c:\windows\$NtServicePackUninstall$\cryptdlg.dll
+ 2004-08-10 11:00:00 33,280 -c----w c:\windows\$NtServicePackUninstall$\cryptdll.dll
+ 2004-08-10 11:00:00 53,760 -c----w c:\windows\$NtServicePackUninstall$\cryptext.dll
+ 2004-08-10 11:00:00 63,488 -c----w c:\windows\$NtServicePackUninstall$\cryptnet.dll
+ 2004-08-10 11:00:00 60,416 -c----w c:\windows\$NtServicePackUninstall$\cryptsvc.dll
+ 2004-08-10 11:00:00 512,512 -c----w c:\windows\$NtServicePackUninstall$\cryptui.dll
+ 2004-08-10 11:00:00 101,888 -c----w c:\windows\$NtServicePackUninstall$\cscdll.dll
+ 2004-08-10 11:00:00 98,304 -c----w c:\windows\$NtServicePackUninstall$\cscript.exe
+ 2004-08-10 11:00:00 326,656 -c----w c:\windows\$NtServicePackUninstall$\cscui.dll
+ 2004-08-10 11:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\csrsrv.dll
+ 2004-08-10 11:00:00 6,144 -c----w c:\windows\$NtServicePackUninstall$\csrss.exe
+ 2004-08-10 11:00:00 15,360 -c----w c:\windows\$NtServicePackUninstall$\ctfmon.exe
+ 2004-08-04 00:56:42 249,856 -c----w c:\windows\$NtServicePackUninstall$\ctmasetp.dll
+ 2006-06-03 11:40:49 33,792 -c----w c:\windows\$NtServicePackUninstall$\custsat.dll
+ 2004-08-10 11:00:00 1,179,648 -c----w c:\windows\$NtServicePackUninstall$\d3d8.dll
+ 2004-08-10 11:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\d3d8thk.dll
+ 2004-08-10 11:00:00 1,689,088 -c----w c:\windows\$NtServicePackUninstall$\d3d9.dll
+ 2004-08-10 11:00:00 825,344 -c----w c:\windows\$NtServicePackUninstall$\d3dim700.dll
+ 2007-06-15 08:12:28 1,054,208 -c----w c:\windows\$NtServicePackUninstall$\danim.dll
+ 2004-08-10 11:00:00 54,272 -c----w c:\windows\$NtServicePackUninstall$\dataclen.dll
+ 2004-08-10 11:00:00 152,064 -c----w c:\windows\$NtServicePackUninstall$\datime.dll
+ 2004-08-10 11:00:00 42,496 -c----w c:\windows\$NtServicePackUninstall$\davcdata.exe
+ 2004-08-10 11:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\davclnt.dll
+ 2004-08-10 11:00:00 640,000 -c----w c:\windows\$NtServicePackUninstall$\dbghelp.dll
+ 2004-08-10 11:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\dbmsrpcn.dll
+ 2004-08-10 11:00:00 110,592 -c----w c:\windows\$NtServicePackUninstall$\dbnetlib.dll
+ 2004-08-10 11:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\dbnmpntw.dll
+ 2004-08-10 11:00:00 1,788 -c----w c:\windows\$NtServicePackUninstall$\dcache.bin
+ 2004-08-10 11:00:00 40,960 -c----w c:\windows\$NtServicePackUninstall$\dcap32.dll
+ 2004-08-10 11:00:00 8,704 -c----w c:\windows\$NtServicePackUninstall$\dciman32.dll
+ 2004-08-10 11:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\dcomcnfg.exe
+ 2004-08-10 11:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\ddeshare.exe
+ 2004-08-10 11:00:00 266,240 -c----w c:\windows\$NtServicePackUninstall$\ddraw.dll
+ 2004-08-10 11:00:00 27,136 -c----w c:\windows\$NtServicePackUninstall$\ddrawex.dll
+ 2004-08-10 11:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\defrag.exe
+ 2004-08-10 11:00:00 59,904 -c----w c:\windows\$NtServicePackUninstall$\devenum.dll
+ 2004-08-10 11:00:00 282,624 -c----w c:\windows\$NtServicePackUninstall$\devmgr.dll
+ 2004-08-10 11:00:00 82,432 -c----w c:\windows\$NtServicePackUninstall$\dfrgfat.exe
+ 2004-08-10 11:00:00 104,960 -c----w c:\windows\$NtServicePackUninstall$\dfrgntfs.exe
+ 2004-08-10 11:00:00 38,912 -c----w c:\windows\$NtServicePackUninstall$\dfrgsnap.dll
+ 2004-08-10 11:00:00 123,904 -c----w c:\windows\$NtServicePackUninstall$\dfrgui.dll
 
+ 2004-08-10 11:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\dfsshlex.dll
+ 2004-08-10 11:00:00 111,104 -c----w c:\windows\$NtServicePackUninstall$\dgnet.dll
+ 2006-05-19 12:59:41 111,616 -c----w c:\windows\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2004-08-10 11:00:00 370,176 -c----w c:\windows\$NtServicePackUninstall$\dhcpmon.dll
+ 2004-08-10 11:00:00 539,136 -c----w c:\windows\$NtServicePackUninstall$\dialer.exe
+ 2004-08-10 11:00:00 85,504 -c----w c:\windows\$NtServicePackUninstall$\diantz.exe
+ 2004-08-10 11:00:00 68,608 -c----w c:\windows\$NtServicePackUninstall$\digest.dll
+ 2004-08-10 11:00:00 159,232 -c----w c:\windows\$NtServicePackUninstall$\dinput.dll
+ 2004-08-10 11:00:00 181,760 -c----w c:\windows\$NtServicePackUninstall$\dinput8.dll
+ 2007-05-16 15:12:00 86,528 -c----w c:\windows\$NtServicePackUninstall$\directdb.dll
+ 2004-08-10 11:00:00 36,352 -c----w c:\windows\$NtServicePackUninstall$\disk.sys
+ 2004-08-10 11:00:00 1,501,696 -c----w c:\windows\$NtServicePackUninstall$\diskcopy.dll
+ 2004-08-10 11:00:00 14,208 -c----w c:\windows\$NtServicePackUninstall$\diskdump.sys
+ 2004-08-10 11:00:00 163,840 -c----w c:\windows\$NtServicePackUninstall$\diskpart.exe
+ 2004-08-10 11:00:00 45,083 -c----w c:\windows\$NtServicePackUninstall$\dispex.dll
+ 2004-08-10 11:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\dllhost.exe
+ 2004-08-03 23:00:06 8,320 -c----w c:\windows\$NtServicePackUninstall$\dlttape.sys
+ 2004-08-10 11:00:00 224,768 -c----w c:\windows\$NtServicePackUninstall$\dmadmin.exe
+ 2004-08-10 11:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\dmband.dll
+ 2004-08-10 11:00:00 799,744 -c----w c:\windows\$NtServicePackUninstall$\dmboot.sys
+ 2004-08-10 11:00:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\dmcompos.dll
+ 2004-08-10 11:00:00 273,920 -c----w c:\windows\$NtServicePackUninstall$\dmdlgs.dll
+ 2004-08-10 11:00:00 200,704 -c----w c:\windows\$NtServicePackUninstall$\dmdskmgr.dll
+ 2004-08-10 11:00:00 181,248 -c----w c:\windows\$NtServicePackUninstall$\dmime.dll
+ 2004-08-10 11:00:00 153,344 -c----w c:\windows\$NtServicePackUninstall$\dmio.sys
+ 2004-08-10 11:00:00 35,840 -c----w c:\windows\$NtServicePackUninstall$\dmloader.dll
+ 2004-08-10 11:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\dmremote.exe
+ 2004-08-10 11:00:00 82,432 -c----w c:\windows\$NtServicePackUninstall$\dmscript.dll
+ 2004-08-10 11:00:00 23,552 -c----w c:\windows\$NtServicePackUninstall$\dmserver.dll
+ 2004-08-10 11:00:00 105,984 -c----w c:\windows\$NtServicePackUninstall$\dmstyle.dll
+ 2004-08-10 11:00:00 103,424 -c----w c:\windows\$NtServicePackUninstall$\dmsynth.dll
+ 2004-08-10 11:00:00 104,448 -c----w c:\windows\$NtServicePackUninstall$\dmusic.dll
+ 2004-08-04 06:07:40 52,864 -c----w c:\windows\$NtServicePackUninstall$\dmusic.sys
+ 2004-08-10 11:00:00 52,224 -c----w c:\windows\$NtServicePackUninstall$\dmutil.dll
+ 2008-06-20 17:41:10 148,992 -c----w c:\windows\$NtServicePackUninstall$\dnsapi.dll
+ 2008-02-20 05:32:43 45,568 -c----w c:\windows\$NtServicePackUninstall$\dnsrslvr.dll
+ 2004-08-10 11:00:00 48,128 -c----w c:\windows\$NtServicePackUninstall$\docprop2.dll
+ 2004-08-03 22:58:30 207,360 -c----w c:\windows\$NtServicePackUninstall$\dot4.sys
+ 2004-08-10 11:00:00 96,768 -c----w c:\windows\$NtServicePackUninstall$\dpcdll.dll
+ 2004-08-10 11:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\dplaysvr.exe
+ 2004-08-10 11:00:00 229,888 -c----w c:\windows\$NtServicePackUninstall$\dplayx.dll
+ 2004-08-10 11:00:00 23,552 -c----w c:\windows\$NtServicePackUninstall$\dpmodemx.dll
+ 2004-08-10 11:00:00 3,584 -c----w c:\windows\$NtServicePackUninstall$\dpnaddr.dll
+ 2004-08-10 11:00:00 375,296 -c----w c:\windows\$NtServicePackUninstall$\dpnet.dll
+ 2004-08-10 11:00:00 35,328 -c----w c:\windows\$NtServicePackUninstall$\dpnhpast.dll
+ 2004-08-10 11:00:00 60,928 -c----w c:\windows\$NtServicePackUninstall$\dpnhupnp.dll
+ 2004-08-10 11:00:00 3,584 -c----w c:\windows\$NtServicePackUninstall$\dpnlobby.dll
+ 2004-08-10 11:00:00 18,432 -c----w c:\windows\$NtServicePackUninstall$\dpnsvr.exe
+ 2004-08-10 11:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\dpvacm.dll
+ 2004-08-10 11:00:00 212,480 -c----w c:\windows\$NtServicePackUninstall$\dpvoice.dll
+ 2004-08-10 11:00:00 83,456 -c----w c:\windows\$NtServicePackUninstall$\dpvsetup.exe
+ 2004-08-10 11:00:00 116,736 -c----w c:\windows\$NtServicePackUninstall$\dpvvox.dll
+ 2004-08-10 11:00:00 57,344 -c----w c:\windows\$NtServicePackUninstall$\dpwsockx.dll
+ 2004-08-10 11:00:00 58,368 -c----w c:\windows\$NtServicePackUninstall$\driverquery.exe
+ 2004-08-04 06:08:00 60,288 -c----w c:\windows\$NtServicePackUninstall$\drmk.sys
+ 2004-08-04 06:07:58 2,944 -c----w c:\windows\$NtServicePackUninstall$\drmkaud.sys
+ 2004-08-10 11:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\drprov.dll
+ 2004-08-10 11:00:00 58,368 -c----w c:\windows\$NtServicePackUninstall$\drvqry.exe
+ 2004-08-10 11:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\ds32gt.dll
+ 2004-08-10 11:00:00 181,760 -c----w c:\windows\$NtServicePackUninstall$\dsdmo.dll
+ 2004-08-10 11:00:00 71,680 -c----w c:\windows\$NtServicePackUninstall$\dsdmoprp.dll
+ 2004-08-10 11:00:00 92,672 -c----w c:\windows\$NtServicePackUninstall$\dskquota.dll
+ 2004-08-10 11:00:00 144,384 -c----w c:\windows\$NtServicePackUninstall$\dskquoui.dll
+ 2004-08-10 11:00:00 367,616 -c----w c:\windows\$NtServicePackUninstall$\dsound.dll
+ 2004-08-10 11:00:00 1,294,336 -c----w c:\windows\$NtServicePackUninstall$\dsound3d.dll
+ 2004-08-10 11:00:00 142,336 -c----w c:\windows\$NtServicePackUninstall$\dsprop.dll
+ 2004-08-10 11:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\dsprpres.dll
+ 2004-08-10 11:00:00 239,104 -c----w c:\windows\$NtServicePackUninstall$\dsquery.dll
+ 2004-08-10 11:00:00 51,200 -c----w c:\windows\$NtServicePackUninstall$\dssec.dll
+ 2004-08-10 11:00:00 137,216 -c----w c:\windows\$NtServicePackUninstall$\dssenh.dll
+ 2004-08-10 11:00:00 113,152 -c----w c:\windows\$NtServicePackUninstall$\dsuiext.dll
+ 2004-08-10 11:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\dswave.dll
+ 2004-08-10 11:00:00 10,752 -c----w c:\windows\$NtServicePackUninstall$\dumprep.exe
+ 2004-08-10 11:00:00 304,128 -c----w c:\windows\$NtServicePackUninstall$\duser.dll
+ 2004-08-10 11:00:00 17,920 -c----w c:\windows\$NtServicePackUninstall$\dvdupgrd.exe
+ 2004-08-10 11:00:00 180,224 -c----w c:\windows\$NtServicePackUninstall$\dwwin.exe
+ 2004-08-10 11:00:00 619,008 -c----w c:\windows\$NtServicePackUninstall$\dx7vb.dll
+ 2004-08-10 11:00:00 1,227,264 -c----w c:\windows\$NtServicePackUninstall$\dx8vb.dll
+ 2004-08-10 11:00:00 1,298,432 -c----w c:\windows\$NtServicePackUninstall$\dxdiag.exe
+ 2004-08-10 11:00:00 2,113,536 -c----w c:\windows\$NtServicePackUninstall$\dxdiagn.dll
+ 2004-08-10 11:00:00 71,040 -c----w c:\windows\$NtServicePackUninstall$\dxg.sys
+ 2006-08-22 11:05:26 498,742 -c----w c:\windows\$NtServicePackUninstall$\dxmasf.dll
+ 2004-08-10 11:00:00 26,624 -c----w c:\windows\$NtServicePackUninstall$\efsadu.dll
+ 2004-08-10 11:00:00 183,296 -c----w c:\windows\$NtServicePackUninstall$\els.dll
+ 2004-08-10 11:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\encapi.dll
+ 2004-08-10 11:00:00 23,040 -c----w c:\windows\$NtServicePackUninstall$\ersvc.dll
+ 2008-07-07 20:32:22 253,952 -c----w c:\windows\$NtServicePackUninstall$\es.dll
+ 2005-10-20 22:20:03 1,082,368 -c----w c:\windows\$NtServicePackUninstall$\esent.dll
+ 2004-08-10 11:00:00 247,808 -c----w c:\windows\$NtServicePackUninstall$\esscli.dll
+ 2004-08-10 11:00:00 193,024 -c----w c:\windows\$NtServicePackUninstall$\eudcedit.exe
+ 2004-08-10 11:00:00 50,176 -c----w c:\windows\$NtServicePackUninstall$\evcreate.exe
+ 2004-08-10 11:00:00 50,176 -c----w c:\windows\$NtServicePackUninstall$\eventcreate.exe
+ 2004-08-10 11:00:00 55,808 -c----w c:\windows\$NtServicePackUninstall$\eventlog.dll
+ 2004-08-10 11:00:00 77,824 -c----w c:\windows\$NtServicePackUninstall$\eventtriggers.exe
+ 2004-08-10 11:00:00 101,888 -c----w c:\windows\$NtServicePackUninstall$\evntagnt.dll
+ 2004-08-10 11:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\evntcmd.exe
+ 2004-08-10 11:00:00 22,016 -c----w c:\windows\$NtServicePackUninstall$\evntrprv.dll
+ 2004-08-10 11:00:00 92,160 -c----w c:\windows\$NtServicePackUninstall$\evntwin.exe
+ 2004-08-10 11:00:00 45,568 -c----w c:\windows\$NtServicePackUninstall$\evtgprov.dll
+ 2004-08-10 11:00:00 77,824 -c----w c:\windows\$NtServicePackUninstall$\evtrig.exe
+ 2007-06-13 10:23:07 1,033,216 -c----w c:\windows\$NtServicePackUninstall$\explorer.exe
+ 2004-08-10 11:00:00 380,957 -c----w c:\windows\$NtServicePackUninstall$\expsrv.dll
+ 2004-08-10 11:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\exstrace.dll
+ 2004-08-10 11:00:00 45,568 -c----w c:\windows\$NtServicePackUninstall$\extrac32.exe
+ 2004-08-10 11:00:00 121,856 -c----w c:\windows\$NtServicePackUninstall$\exts.dll
+ 2004-08-10 11:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\f3ahvoas.dll
+ 2004-08-10 11:00:00 143,360 -c----w c:\windows\$NtServicePackUninstall$\fastfat.sys
+ 2004-08-10 11:00:00 472,064 -c----w c:\windows\$NtServicePackUninstall$\fastprox.dll
+ 2004-08-10 11:00:00 80,384 -c----w c:\windows\$NtServicePackUninstall$\faultrep.dll
+ 2004-08-10 11:00:00 27,392 -c----w c:\windows\$NtServicePackUninstall$\fdc.sys
+ 2004-08-10 11:00:00 117,760 -c----w c:\windows\$NtServicePackUninstall$\fde.dll
+ 2004-08-10 11:00:00 73,728 -c----w c:\windows\$NtServicePackUninstall$\fdeploy.dll
+ 2004-08-10 11:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\feclient.dll
+ 2004-08-10 11:00:00 337,920 -c----w c:\windows\$NtServicePackUninstall$\filemgmt.dll
+ 2004-08-10 11:00:00 27,136 -c----w c:\windows\$NtServicePackUninstall$\findstr.exe
+ 2004-08-10 11:00:00 34,944 -c----w c:\windows\$NtServicePackUninstall$\fips.sys
+ 2004-08-10 11:00:00 87,552 -c----w c:\windows\$NtServicePackUninstall$\fldrclnr.dll
+ 2004-08-10 11:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\flpydisk.sys
+ 2006-08-21 12:21:06 16,896 -c----w c:\windows\$NtServicePackUninstall$\fltlib.dll
+ 2006-08-21 09:14:58 23,040 -c----w c:\windows\$NtServicePackUninstall$\fltmc.exe
+ 2006-08-21 09:14:58 128,896 -c----w c:\windows\$NtServicePackUninstall$\fltmgr.sys
+ 2004-08-10 11:00:00 382,976 -c----w c:\windows\$NtServicePackUninstall$\fontext.dll
+ 2005-10-17 21:14:45 80,896 -c----w c:\windows\$NtServicePackUninstall$\fontsub.dll
+ 2004-08-10 11:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\fontview.exe
+ 2004-08-10 11:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\forcedos.exe
+ 2004-08-10 11:00:00 25,600 -c----w c:\windows\$NtServicePackUninstall$\format.com
+ 2004-08-10 11:00:00 32,828 -c----w c:\windows\$NtServicePackUninstall$\fp40ext.dll
+ 2004-05-13 00:39:48 184,435 -c----w c:\windows\$NtServicePackUninstall$\fp4amsft.dll
+ 2003-03-24 16:52:04 82,035 -c----w c:\windows\$NtServicePackUninstall$\fp4anscp.dll
+ 2003-03-24 16:52:04 147,513 -c----w c:\windows\$NtServicePackUninstall$\fp4apws.dll
+ 2003-03-24 16:52:04 49,210 -c----w c:\windows\$NtServicePackUninstall$\fp4areg.dll
+ 2003-03-24 16:52:04 102,509 -c----w c:\windows\$NtServicePackUninstall$\fp4atxt.dll
+ 2003-03-24 23:52:04 618,605 -c----w c:\windows\$NtServicePackUninstall$\fp4autl.dll
+ 2003-03-24 16:52:04 41,020 -c----w c:\windows\$NtServicePackUninstall$\fp4avnb.dll
+ 2003-03-24 16:52:04 32,826 -c----w c:\windows\$NtServicePackUninstall$\fp4avss.dll
+ 2003-03-24 16:52:04 49,212 -c----w c:\windows\$NtServicePackUninstall$\fp4awebs.dll
+ 2004-05-13 00:39:48 876,653 -c----w c:\windows\$NtServicePackUninstall$\fp4awel.dll
+ 2003-03-24 16:52:04 14,608 -c----w c:\windows\$NtServicePackUninstall$\fp98sadm.exe
+ 2003-03-24 16:52:04 109,328 -c----w c:\windows\$NtServicePackUninstall$\fp98swin.exe
+ 2003-03-24 16:52:04 24,632 -c----w c:\windows\$NtServicePackUninstall$\fpadmcgi.exe
+ 2003-03-24 16:52:04 20,541 -c----w c:\windows\$NtServicePackUninstall$\fpadmdll.dll
+ 2003-03-24 16:52:04 188,494 -c----w c:\windows\$NtServicePackUninstall$\fpcount.exe
+ 2003-03-24 16:52:04 94,208 -c----w c:\windows\$NtServicePackUninstall$\fpencode.dll
+ 2003-03-24 16:52:04 20,541 -c----w c:\windows\$NtServicePackUninstall$\fpexedll.dll
+ 2004-05-13 00:39:48 598,071 -c----w c:\windows\$NtServicePackUninstall$\fpmmc.dll
+ 2003-03-24 16:52:06 208,896 -c----w c:\windows\$NtServicePackUninstall$\fpmmcsat.dll
+ 2003-03-24 16:52:04 20,538 -c----w c:\windows\$NtServicePackUninstall$\fpremadm.exe
+ 2004-08-10 11:00:00 9,344 -c----w c:\windows\$NtServicePackUninstall$\framebuf.dll
+ 2004-08-10 11:00:00 185,856 -c----w c:\windows\$NtServicePackUninstall$\framedyn.dll
+ 2004-08-10 11:00:00 193,024 -c----w c:\windows\$NtServicePackUninstall$\fsquirt.exe
+ 2004-08-10 11:00:00 42,496 -c----w c:\windows\$NtServicePackUninstall$\ftp.exe
+ 2004-08-10 11:00:00 6,144 -c----w c:\windows\$NtServicePackUninstall$\ftpmib.dll
+ 2004-08-10 11:00:00 125,952 -c----w c:\windows\$NtServicePackUninstall$\ftpsv251.dll
+ 2004-08-10 11:00:00 60,416 -c----w c:\windows\$NtServicePackUninstall$\fwcfg.dll
+ 2004-08-10 11:00:00 452,096 -c----w c:\windows\$NtServicePackUninstall$\fxsapi.dll
+ 2004-08-10 11:00:00 143,360 -c----w c:\windows\$NtServicePackUninstall$\fxsclnt.exe
+ 2004-08-10 11:00:00 72,192 -c----w c:\windows\$NtServicePackUninstall$\fxscom.dll
+ 2004-08-10 11:00:00 285,184 -c----w c:\windows\$NtServicePackUninstall$\fxscomex.dll
+ 2004-08-10 11:00:00 229,376 -c----w c:\windows\$NtServicePackUninstall$\fxscover.exe
+ 2004-08-10 11:00:00 27,136 -c----w c:\windows\$NtServicePackUninstall$\fxsdrv.dll
+ 2004-08-10 11:00:00 55,296 -c----w c:\windows\$NtServicePackUninstall$\fxsevent.dll
+ 2004-08-10 11:00:00 23,552 -c----w c:\windows\$NtServicePackUninstall$\fxsext32.dll
+ 2004-08-10 11:00:00 23,552 -c----w c:\windows\$NtServicePackUninstall$\fxsmon.dll
+ 2004-08-10 11:00:00 132,608 -c----w c:\windows\$NtServicePackUninstall$\fxsocm.dll
+ 2004-08-10 11:00:00 8,704 -c----w c:\windows\$NtServicePackUninstall$\fxsperf.dll
+ 2004-08-10 11:00:00 6,656 -c----w c:\windows\$NtServicePackUninstall$\fxsres.dll
+ 2004-08-10 11:00:00 562,176 -c----w c:\windows\$NtServicePackUninstall$\fxsst.dll
+ 2004-08-10 11:00:00 267,776 -c----w c:\windows\$NtServicePackUninstall$\fxssvc.exe
+ 2004-08-10 11:00:00 246,272 -c----w c:\windows\$NtServicePackUninstall$\fxst30.dll
+ 2004-08-10 11:00:00 397,312 -c----w c:\windows\$NtServicePackUninstall$\fxstiff.dll
+ 2004-08-10 11:00:00 154,112 -c----w c:\windows\$NtServicePackUninstall$\fxsui.dll
+ 2004-08-10 11:00:00 192,512 -c----w c:\windows\$NtServicePackUninstall$\fxswzrd.dll
+ 2004-08-10 11:00:00 400,384 -c----w c:\windows\$NtServicePackUninstall$\fxsxp32.dll
+ 2007-01-15 23:10:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\gacutil.exe
+ 2004-08-03 23:07:44 46,464 -c----w c:\windows\$NtServicePackUninstall$\gagp30kx.sys
+ 2004-08-03 23:08:22 10,624 -c----w c:\windows\$NtServicePackUninstall$\gameenum.sys
+ 2004-08-03 23:08:30 59,136 -c----w c:\windows\$NtServicePackUninstall$\gckernel.sys
+ 2008-02-20 06:51:05 282,624 -c----w c:\windows\$NtServicePackUninstall$\gdi32.dll
+ 2004-08-10 11:00:00 55,296 -c----w c:\windows\$NtServicePackUninstall$\getmac.exe
+ 2004-08-10 11:00:00 122,880 -c----w c:\windows\$NtServicePackUninstall$\glu32.dll
+ 2004-08-10 11:00:00 566,784 -c----w c:\windows\$NtServicePackUninstall$\gpedit.dll
+ 2004-08-10 11:00:00 9,728 -c----w c:\windows\$NtServicePackUninstall$\gpkrsrc.dll
+ 2004-08-10 11:00:00 119,808 -c----w c:\windows\$NtServicePackUninstall$\gpresult.exe
+ 2004-08-10 11:00:00 119,808 -c----w c:\windows\$NtServicePackUninstall$\gprslt.exe
+ 2004-08-10 11:00:00 198,656 -c----w c:\windows\$NtServicePackUninstall$\gptext.dll
+ 2004-08-10 11:00:00 39,424 -c----w c:\windows\$NtServicePackUninstall$\grpconv.exe
+ 2004-08-03 22:59:20 28,288 -c----w c:\windows\$NtServicePackUninstall$\grserial.sys
+ 2004-08-10 11:00:00 123,904 -c----w c:\windows\$NtServicePackUninstall$\guitrn.dll
+ 2004-08-10 11:00:00 32,256 -c----w c:\windows\$NtServicePackUninstall$\gzip.dll
+ 2004-08-10 11:00:00 57,344 -c----w c:\windows\$NtServicePackUninstall$\h323cc.dll
+ 2004-08-10 11:00:00 614,912 -c----w c:\windows\$NtServicePackUninstall$\h323msp.dll
+ 2004-08-10 11:00:00 134,400 -c----w c:\windows\$NtServicePackUninstall$\hal.dll
+ 2004-08-10 11:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\hccoin.dll
+ 2004-08-13 00:45:54 137,728 -c----w c:\windows\$NtServicePackUninstall$\hdaudbus.sys
+ 2004-08-10 11:00:00 14,848 -c----w c:\windows\$NtServicePackUninstall$\help.exe
+ 2004-08-10 11:00:00 768,512 -c----w c:\windows\$NtServicePackUninstall$\helpctr.exe
+ 2004-08-10 11:00:00 743,936 -c----w c:\windows\$NtServicePackUninstall$\helpsvc.exe
+ 2005-05-26 23:22:01 10,752 -c----w c:\windows\$NtServicePackUninstall$\hh.exe
+ 2005-05-27 02:04:27 41,472 -c----w c:\windows\$NtServicePackUninstall$\hhsetup.dll
+ 2004-08-10 11:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\hid.dll
+ 2001-08-17 13:58:00 19,200 -c----w c:\windows\$NtServicePackUninstall$\hidbatt.sys
+ 2004-08-03 23:10:38 25,600 -c----w c:\windows\$NtServicePackUninstall$\hidbth.sys
+ 2004-08-10 11:00:00 36,224 -c----w c:\windows\$NtServicePackUninstall$\hidclass.sys
+ 2005-06-28 23:43:35 19,200 -c----w c:\windows\$NtServicePackUninstall$\hidir.sys
+ 2005-06-28 23:43:35 19,200 -c----w c:\windows\$NtServicePackUninstall$\hidir.sys.000
+ 2004-08-10 11:00:00 24,960 -c----w c:\windows\$NtServicePackUninstall$\hidparse.sys
+ 2004-08-04 00:56:44 21,504 -c----w c:\windows\$NtServicePackUninstall$\hidserv.dll
+ 2004-08-10 11:00:00 9,600 -c----w c:\windows\$NtServicePackUninstall$\hidusb.sys
+ 2006-07-21 08:24:43 72,704 -c----w c:\windows\$NtServicePackUninstall$\hlink.dll
+ 2004-08-10 11:00:00 344,064 -c----w c:\windows\$NtServicePackUninstall$\hnetcfg.dll
+ 2004-08-10 11:00:00 330,752 -c----w c:\windows\$NtServicePackUninstall$\hnetwiz.dll
+ 2004-08-10 11:00:00 39,936 -c----w c:\windows\$NtServicePackUninstall$\hostmib.dll
+ 2004-08-10 11:00:00 144,896 -c----w c:\windows\$NtServicePackUninstall$\hotplug.dll
+ 2004-08-10 11:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\hscupd.exe
+ 2004-08-04 00:56:44 32,285 -c----w c:\windows\$NtServicePackUninstall$\hsfcisp2.dll
+ 2006-03-17 00:33:10 262,784 -c----w c:\windows\$NtServicePackUninstall$\http.sys
+ 2006-03-17 00:33:10 262,784 -c----w c:\windows\$NtServicePackUninstall$\http.sys.000
+ 2004-08-10 11:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\httpapi.dll
+ 2004-08-10 11:00:00 268,288 -c----w c:\windows\$NtServicePackUninstall$\httpext.dll
+ 2004-08-10 11:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\httpmb51.dll
+ 2004-08-10 11:00:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\httpod51.dll
+ 2004-08-10 11:00:00 41,984 -c----w c:\windows\$NtServicePackUninstall$\htui.dll
+ 2004-08-10 11:00:00 13,463,552 -c----w c:\windows\$NtServicePackUninstall$\hwxjpn.dll
+ 2004-11-17 17:41:24 347,136 -c----w c:\windows\$NtServicePackUninstall$\hypertrm.dll
+ 2004-08-03 23:00:52 8,192 -c----w c:\windows\$NtServicePackUninstall$\i2omgmt.sys
+ 2004-08-03 23:00:52 18,560 -c----w c:\windows\$NtServicePackUninstall$\i2omp.sys
+ 2004-08-10 11:00:00 52,736 -c----w c:\windows\$NtServicePackUninstall$\i8042prt.sys
+ 2004-08-04 00:56:44 702,845 -c----w c:\windows\$NtServicePackUninstall$\i81xdnt5.dll
+ 2004-08-10 11:00:00 119,808 -c----w c:\windows\$NtServicePackUninstall$\iasrad.dll
+ 2004-08-10 11:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\icaapi.dll
+ 2004-08-10 11:00:00 80,384 -c----w c:\windows\$NtServicePackUninstall$\iccvid.dll
+ 2005-06-29 01:46:00 254,976 -c----w c:\windows\$NtServicePackUninstall$\icm32.dll
+ 2004-08-10 11:00:00 3,584 -c----w c:\windows\$NtServicePackUninstall$\icmp.dll
+ 2004-08-10 11:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\iconlib.dll
+ 2004-08-10 11:00:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\icwconn.dll
+ 2004-08-10 11:00:00 214,528 -c----w c:\windows\$NtServicePackUninstall$\icwconn1.exe
+ 2004-08-10 11:00:00 86,016 -c----w c:\windows\$NtServicePackUninstall$\icwconn2.exe
+ 2004-08-10 11:00:00 73,728 -c----w c:\windows\$NtServicePackUninstall$\icwdial.dll
+ 2004-08-10 11:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\icwdl.dll
+ 2004-08-10 11:00:00 172,032 -c----w c:\windows\$NtServicePackUninstall$\icwhelp.dll
+ 2004-08-10 11:00:00 65,536 -c----w c:\windows\$NtServicePackUninstall$\icwphbk.dll
+ 2004-08-10 11:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\icwrmind.exe
+ 2004-08-10 11:00:00 49,152 -c----w c:\windows\$NtServicePackUninstall$\icwutil.dll
+ 2004-08-10 11:00:00 120,832 -c----w c:\windows\$NtServicePackUninstall$\idq.dll
+ 2006-10-17 11:06:00 78,336 -c----w c:\windows\$NtServicePackUninstall$\ieencode.dll
+ 2004-08-10 11:00:00 114,688 -c----w c:\windows\$NtServicePackUninstall$\iexpress.exe
+ 2004-08-10 11:00:00 135,680 -c----w c:\windows\$NtServicePackUninstall$\ifmon.dll
+ 2004-08-10 11:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\igmpagnt.dll
+ 2004-08-10 11:00:00 505,344 -c----w c:\windows\$NtServicePackUninstall$\iis.dll
+ 2004-08-10 11:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\iisadmin.dll
+ 2004-08-10 11:00:00 145,408 -c----w c:\windows\$NtServicePackUninstall$\iische51.dll
+ 2004-08-10 11:00:00 68,608 -c----w c:\windows\$NtServicePackUninstall$\iisext51.dll
+ 2004-08-10 11:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\iisfecnv.dll
+ 2004-08-10 11:00:00 79,872 -c----w c:\windows\$NtServicePackUninstall$\iislog51.dll
+ 2004-08-10 11:00:00 64,512 -c----w c:\windows\$NtServicePackUninstall$\iismap.dll
+ 2004-08-10 11:00:00 30,720 -c----w c:\windows\$NtServicePackUninstall$\iisrstas.exe
+ 2004-08-10 11:00:00 133,632 -c----w c:\windows\$NtServicePackUninstall$\iisrtl.dll
+ 2004-08-10 11:00:00 81,920 -c----w c:\windows\$NtServicePackUninstall$\ils.dll
+ 2004-08-10 11:00:00 144,384 -c----w c:\windows\$NtServicePackUninstall$\imagehlp.dll
+ 2004-08-10 11:00:00 150,016 -c----w c:\windows\$NtServicePackUninstall$\imapi.exe
+ 2004-08-10 11:00:00 41,856 -c----w c:\windows\$NtServicePackUninstall$\imapi.sys
+ 2004-08-10 11:00:00 106,496 -c----w c:\windows\$NtServicePackUninstall$\imekrcic.dll
+ 2004-08-10 11:00:00 86,016 -c----w c:\windows\$NtServicePackUninstall$\imekrmbx.dll
+ 2004-08-10 11:00:00 36,921 -c----w c:\windows\$NtServicePackUninstall$\imeshare.dll
+ 2004-08-10 11:00:00 811,064 -c----w c:\windows\$NtServicePackUninstall$\imjp81k.dll
+ 2004-08-10 11:00:00 368,696 -c----w c:\windows\$NtServicePackUninstall$\imjpcic.dll
+ 2004-08-10 11:00:00 716,856 -c----w c:\windows\$NtServicePackUninstall$\imjpcus.dll
+ 2004-08-10 11:00:00 81,976 -c----w c:\windows\$NtServicePackUninstall$\imjpdct.dll
+ 2004-08-10 11:00:00 274,489 -c----w c:\windows\$NtServicePackUninstall$\imjputyc.dll
+ 2004-08-10 11:00:00 102,456 -c----w c:\windows\$NtServicePackUninstall$\imlang.dll
+ 2004-08-10 11:00:00 110,080 -c----w c:\windows\$NtServicePackUninstall$\imm32.dll
+ 2004-08-10 11:00:00 115,712 -c----w c:\windows\$NtServicePackUninstall$\imsinsnt.dll
+ 2004-08-10 11:00:00 315,452 -c----w c:\windows\$NtServicePackUninstall$\imskf.dll
+ 2004-08-10 11:00:00 274,432 -c----w c:\windows\$NtServicePackUninstall$\inetcfg.dll
+ 2008-04-11 18:50:43 683,520 -c----w c:\windows\$NtServicePackUninstall$\inetcomm.dll
+ 2004-08-10 11:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\inetin51.exe
+ 2004-08-10 11:00:00 829,440 -c----w c:\windows\$NtServicePackUninstall$\inetmgr.dll
+ 2004-08-10 11:00:00 33,280 -c----w c:\windows\$NtServicePackUninstall$\inetmib1.dll
+ 2004-08-10 11:00:00 75,264 -c----w c:\windows\$NtServicePackUninstall$\inetpp.dll
+ 2004-08-10 11:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\inetppui.dll
+ 2004-08-10 11:00:00 48,128 -c----w c:\windows\$NtServicePackUninstall$\inetres.dll
+ 2004-08-10 11:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\inetwiz.exe
+ 2004-08-10 11:00:00 13,312 -c----w c:\windows\$NtServicePackUninstall$\infoadmn.dll
+ 2004-08-10 11:00:00 257,024 -c----w c:\windows\$NtServicePackUninstall$\infocomm.dll
+ 2004-08-10 11:00:00 147,456 -c----w c:\windows\$NtServicePackUninstall$\initpki.dll
+ 2004-08-10 11:00:00 123,392 -c----w c:\windows\$NtServicePackUninstall$\input.dll
+ 2004-08-03 22:59:42 5,504 -c----w c:\windows\$NtServicePackUninstall$\intelide.sys
+ 2004-08-10 11:00:00 36,096 -c----w c:\windows\$NtServicePackUninstall$\intelppm.sys
+ 2004-08-10 11:00:00 29,056 -c----w c:\windows\$NtServicePackUninstall$\ip6fw.sys
+ 2004-08-10 11:00:00 55,808 -c----w c:\windows\$NtServicePackUninstall$\ipconfig.exe
+ 2006-05-19 12:59:41 94,720 -c----w c:\windows\$NtServicePackUninstall$\iphlpapi.dll
+ 2004-08-10 11:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\ipinip.sys
+
 
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-17 23:30:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]
"ImagePath"="-"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\program files\AlienGUIse\fastload.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-12-17 23:35:46 - machine was rebooted [Sam]
ComboFix-quarantined-files.txt 2008-12-17 23:35:43

Pre-Run: 7,574,245,376 bytes free
Post-Run: 7,557,660,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect



its 2 long 2 post the whole thing!
 
hijack this Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:10 PM, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_S61.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: AVG Control Center.lnk = C:\Program Files\Grisoft\AVG7\avgcc.exe
O4 - Global Startup: AVG Test Center.lnk = C:\Program Files\Grisoft\AVG7\avgw.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?615048336236464293e8653f83f6db47
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?615048336236464293e8653f83f6db47
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18839494-1C69-4A13-A7FA-BE7A1C679C99}: NameServer = 212.139.132.8 212.139.132.9
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - - (file missing)
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8046 bytes
 
You must log in or register to reply here.
Back
Top