WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Cont'd Thread - Malicious Infection Removal

Started by molydeus85 , Sep 13 2009 02:59 PM

This topic is locked

30 replies to this topic

#1 molydeus85

New Member

Authentic Member
13 posts

Posted 13 September 2009 - 02:59 PM

Hello, One of my machines was recently infected through an AIM link that left "oscSock Beta 1.1" in the profile of the user, but searching for removal of that specific infection hasn't helped me, as the malware is preventing me from running literally any anti-virus or anti-spyware program. I am at a loss at this point, so hopefully someone here will be able to assist. I don't have a root repeal log to copy, except for the log of errors it threw while running (the scan did not finish): 16:42:38: DeviceIoControl Error! Error Code = 0x0 16:42:38: DeviceIoControl Error! Error Code = 0x0 16:42:38: DeviceIoControl Error! Error Code = 0x0 16:42:38: DeviceIoControl Error! Error Code = 0x0 16:42:38: DeviceIoControl Error! Error Code = 0x0 16:42:38: DeviceIoControl Error! Error Code = 0x0 16:42:39: Could not get the name for PID 4. 16:42:39: Could not get the name for PID 528. 16:42:39: Could not get the name for PID 580. 16:42:39: Could not get the name for PID 604. 16:42:39: Could not get the name for PID 648. 16:42:39: Could not get the name for PID 660. 16:42:39: Could not get the name for PID 1180. 16:42:39: Could not get the name for PID 1196. 16:42:39: Could not get the name for PID 1472. 16:42:39: Could not get the name for PID 1656. 16:42:39: Could not get the name for PID 1040. 16:42:39: Could not get the name for PID 728. 16:42:39: Could not get the name for PID 1316. 16:42:39: Could not get the name for PID 1808. 16:42:39: Could not get the name for PID 1932. 16:42:39: DeviceIoControl Error! Error Code = 0xc0000001 16:42:39: DeviceIoControl Error! Error Code = 0xc0000001 16:43:20: Warning - the number of SSDT entries from the kernel and the number on-disk are different (0 and 284). 16:43:20: DeviceIoControl Error! Error Code = 0x0 16:43:20: WARNING: The SSDT in our driver has been faked (0x00000250)! 16:43:20: FOPS - DeviceIoControl Error! Error Code = 0xc0000001 Extended Info (0x00000060) 16:43:20: Could not read system registry! Please contact the author! And I cannot paste or attach the DDS logs, since that would not start up or run at all, from either of the 3 locations. Whenever I try to run an anti-virus or anti-spyware program, such as Spybot Search and Destroy, the scan will seem to begin but then the entire program will almost immediately shut down spontaneously. Sometimes, the programs will refuse to even run. As of this time, attempting to use System Restore results in this error: "System Restore is not able to protect your computer. Please restart your computer, and then run System Restore again" but restarting results in the same error. Also, the task bar has disappeared and nothing I do can make it reappear. Let me know if there is anything you guys think I can do to fix this. Thanks, Katie

Advertisements

Register to Remove

#2 OCD

SuperHelper

Malware Team
5,574 posts

Posted 13 September 2009 - 09:35 PM

Hello molydeus85,
Welcome to What the Tech.
My name is OCD, I will be helping you with your log today.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise.
This may cause a delay, but I will do my best to keep it as short as possible.

Allow me a little bit of time to do some research, I will post back shortly with instructions.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#3 OCD

SuperHelper

Malware Team
5,574 posts

Posted 14 September 2009 - 10:00 AM

molydeus85,

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

- - - - - Next - - - - -

Download Win32kDiag from any of the following locations and save it to your Desktop.

- - - - - Next - - - - -

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Right-click on the Win32kDiag.txt file that is located on your Desktop and select Rename, rename the file to Win32kDiag.txt post the entire contents of that log as a reply to this topic.

- - - - - Next - - - - -

On your next post please provide the following:
Win32kDiag.txt log

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#4 molydeus85

New Member

Authentic Member
13 posts

Posted 14 September 2009 - 04:33 PM

Hi OCD, thanks for taking the time to help me. It may be important to note that I could not run these scans from the Desktop as I cannot connect to the internet through the infected PC and it will not let me copy anything onto or off of the Desktop. I ran both from a thumb drive, that I am now accessing through a second functioning PC. The log from Win32kDiag.exe did appear on the Desktop though, I had to copy the contents into a second txt file on the thumb drive. ----exeHelper Log---- exeHelper by Raktor - 09 Build 20090914 Run at 18:12:03 on 09/14/09 Now searching... Checking for numerical processes... Checking for bad processes... Checking for bad files... Resetting filetype association for .exe Resetting filetype association for .com --Finished-- ---- Win32kDiag LOG: ---- Running from: H:\anti-malware\Win32kDiag.exe Log file at : C:\Documents and Settings\Kevin O'Connor.KEVINS-MINION\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe [1] 2004-08-04 08:00:00 743936 C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe () [1] 2008-04-13 20:12:21 744448 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\helpsvc.exe (Microsoft Corporation) [2] 2004-08-04 08:00:00 743936 C:\System Volume Information\_restore{C4EB2478-360B-4CE9-ADA5-D24B62221B1A}\RP88\A0013743.exe (Microsoft Corporation) Cannot access: C:\WINDOWS\SoftwareDistribution\Download\483f9239792ab1dfd6edf3fc484d2eb3\update\update.exe [1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation) [1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation) [1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation) [1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation) [1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation) [1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation) [1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation) [1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation) [1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation) [1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation) [1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924496\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB925720\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB932168\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935448\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB938759\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942615\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB943460\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944338\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB947864\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950759\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation) [1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB953838\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation) [1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB958470\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation) [1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB961118\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB969897\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB971032\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260\update\update.exe (Microsoft Corporation) [1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation) [1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation) [1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\1d5cae1db1c525dbb30a9177294f0dcc\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\483f9239792ab1dfd6edf3fc484d2eb3\update\update.exe () [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe () [1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe () [1] 2007-08-10 20:46:20 755576 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\update\update.exe (Microsoft Corporation) Cannot access: C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe [1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation) [1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation) [1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation) [1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation) [1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation) [1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation) [1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation) [1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation) [1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation) [1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation) [1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924496\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB925720\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB932168\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935448\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB938759\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942615\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB943460\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944338\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB947864\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950759\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation) [1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB953838\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation) [1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB958470\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation) [1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB961118\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB969897\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB971032\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260\update\update.exe (Microsoft Corporation) [1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation) [1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation) [1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\1d5cae1db1c525dbb30a9177294f0dcc\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\483f9239792ab1dfd6edf3fc484d2eb3\update\update.exe () [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe () [1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe () [1] 2007-08-10 20:46:20 755576 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\update\update.exe (Microsoft Corporation) Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe [1] 2004-10-14 11:34:54 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation) [1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation) [1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB885836\update\update.exe (Microsoft Corporation) [1] 2004-10-14 14:34:52 654848 C:\WINDOWS\$hf_mig$\KB886185\update\update.exe (Microsoft Corporation) [1] 2004-10-14 12:34:54 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation) [1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB888302\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB890046\update\update.exe (Microsoft Corporation) [1] 2005-02-24 20:35:06 718048 C:\WINDOWS\$hf_mig$\KB890859\update\update.exe (Microsoft Corporation) [1] 2004-11-30 15:46:40 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB893756\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB894391\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB896428\update\update.exe (Microsoft Corporation) [1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899587\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB900485\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB900725\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901017\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB902400\update\update.exe (Microsoft Corporation) [1] 2005-02-24 23:35:05 718048 C:\WINDOWS\$hf_mig$\KB905414\update\update.exe (Microsoft Corporation) [1] 2005-02-24 21:35:06 718048 C:\WINDOWS\$hf_mig$\KB905749\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB910437\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911280\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB911927\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB913580\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB914389\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB916595\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918118\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB919007\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB920213\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB920670\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920683\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920685\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB920872\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB921503\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB922582\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB922819\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923414\update\update.exe (Microsoft Corporation) [1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB923980\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924270\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB924496\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB925720\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB925902\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB926255\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:16:51 716000 C:\WINDOWS\$hf_mig$\KB926436\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927779\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB927802\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB927891\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB928255\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB928843\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB929123\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930178\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB930916\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB931261\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB931784\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB932168\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:28 716000 C:\WINDOWS\$hf_mig$\KB933729\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935448\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB935839\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB935840\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB936021\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB936357\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB937894\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB938127\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB938464\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB938759\update\update.exe (Microsoft Corporation) [1] 2005-10-12 19:12:29 716000 C:\WINDOWS\$hf_mig$\KB938828\update\update.exe (Microsoft Corporation) [1] 2006-01-19 15:29:19 716000 C:\WINDOWS\$hf_mig$\KB938829\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941568\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941644\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB941693\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942615\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942763\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB942840\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943055\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB943460\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB943485\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944338\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944533\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB944653\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB945553\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB946026\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB946627\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB947864\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB948590\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:56 716000 C:\WINDOWS\$hf_mig$\KB948881\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB950749\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950759\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation) [1] 2007-12-03 11:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB953838\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB953839\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB954211\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB956390\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB956391\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB957095\update\update.exe (Microsoft Corporation) [1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB958470\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation) [1] 2008-11-15 13:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation) [1] 2007-11-30 07:18:51 755576 C:\WINDOWS\$hf_mig$\KB961118\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB969897\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation) [1] 2007-11-30 08:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\$hf_mig$\KB971032\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation) [1] 2008-07-09 03:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260\update\update.exe (Microsoft Corporation) [1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation) [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation) [1] 2008-07-08 09:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation) [1] 2007-07-27 10:41:48 755576 C:\WINDOWS\SoftwareDistribution\Download\1d5cae1db1c525dbb30a9177294f0dcc\update\update.exe (Microsoft Corporation) [1] 2007-03-05 21:22:59 716000 C:\WINDOWS\SoftwareDistribution\Download\483f9239792ab1dfd6edf3fc484d2eb3\update\update.exe () [1] 2009-05-26 07:40:52 755576 C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe () [1] 2008-07-08 09:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe () [1] 2007-08-10 20:46:20 755576 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\update\update.exe (Microsoft Corporation) Cannot access: C:\WINDOWS\SYSTEM32\MRT.exe [1] 2009-08-28 17:38:20 24689600 C:\WINDOWS\SYSTEM32\MRT.exe () [2] 2009-06-01 12:51:12 23635392 C:\System Volume Information\_restore{C4EB2478-360B-4CE9-ADA5-D24B62221B1A}\RP49\A0005698.exe (Microsoft Corporation) [2] 2009-07-07 11:10:56 24539592 C:\System Volume Information\_restore{C4EB2478-360B-4CE9-ADA5-D24B62221B1A}\RP68\A0007262.exe (Microsoft Corporation) [2] 2009-07-29 20:49:14 24281536 C:\System Volume Information\_restore{C4EB2478-360B-4CE9-ADA5-D24B62221B1A}\RP88\A0011512.exe (Microsoft Corporation) Cannot access: C:\WINDOWS\SYSTEM32\svchost.exe [1] 2008-04-13 20:12:36 14336 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe (Microsoft Corporation) [1] 2004-08-04 08:00:00 14336 C:\WINDOWS\SYSTEM32\svchost.exe () [2] 2004-08-04 08:00:00 14336 C:\System Volume Information\_restore{C4EB2478-360B-4CE9-ADA5-D24B62221B1A}\RP88\A0015903.exe (Microsoft Corporation) [1] 2002-08-29 06:00:00 12800 C:\i386\SVCHOST.EXE (Microsoft Corporation) Finished!

#5 OCD

SuperHelper

Malware Team
5,574 posts

Posted 15 September 2009 - 09:26 AM

molydeus85,

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:
- Reg - File Associations
- Reg - Shell Spawning
- File - Lop Check
- File - Purity Scan
- Evnt - EventViewer Errors/Warnings (last 10)
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

- - - - - Next - - - - -

Download Sysprot Antirootkit from here:

http://sites.google....rotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select all items.
Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to.
Open the text file and copy/paste the log here.

- - - - - Next - - - - -

open notepad and copy/paste the text inside the codebox below into it:

@ECHO OFF
DIR /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\netlogon.dll C:\WINDOWS\eventlog.dll C:\Windows\cngaudit.dll >Log.txt
START Log.txt
DEL %0

Save this as look.bat Choose to "Save type as" - "All Files"

It should look like this: Posted Image

Double click on look.bat & allow it to run. Then post the log which it produces

- - - - - Next - - - - -

On your next post please provide the following:
OTS log
Sysprot log
look.bat log
Tell me how your computer is running at the moment.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#6 molydeus85

New Member

Authentic Member
13 posts

Posted 15 September 2009 - 11:35 PM

Hello again. I wasn't able to obtain a log from OTS.exe because the scan kept crashing in the middle with this error: "Access Violation at address 0053A9E5 in module 'OTS.exe'. Read of address 00000000." I have attached a zipped SysProtLog.txt file, as I could not successfully copy it into the window, due to its size, I presume. Look.bat log: Volume in drive C has no label. Volume Serial Number is FCD4-C342 Directory of C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp2qfe 02/06/2009 02:46 PM 408,064 netlogon.dll 1 File(s) 408,064 bytes Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e 04/13/2008 08:12 PM 181,248 scecli.dll Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e 04/13/2008 08:12 PM 407,040 netlogon.dll Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e 04/13/2008 08:11 PM 56,320 eventlog.dll 3 File(s) 644,608 bytes Directory of C:\WINDOWS\SYSTEM32 08/04/2004 08:00 AM 180,224 scecli.dll Directory of C:\WINDOWS\SYSTEM32 08/04/2004 08:00 AM 407,040 netlogon.dll Directory of C:\WINDOWS\SYSTEM32 08/04/2004 08:00 AM 55,808 eventlog.dll 3 File(s) 643,072 bytes Total Files Listed: 7 File(s) 1,695,744 bytes 0 Dir(s) 7,072,628,736 bytes free And there is currently no change to my computer's functionality, it is still mostly disabled and unusable. Thanks, Katie

Attached Files

SysProtLog.zip 211.61KB 255 downloads

#7 OCD

SuperHelper

Malware Team
5,574 posts

Posted 16 September 2009 - 12:38 AM

molydeus85,

Please delete the copy of OTS you downloaded, and download a fresh copy, but this time save it as OTS.com

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTS to your Desktop. (rename it to OTS.com)

Close ALL OTHER PROGRAMS.
Double-click on OTS.com to start the program.
Check the box that says Scan All Users
Under Additional Scans check the following:
- Reg - File Associations
- Reg - Shell Spawning
- File - Lop Check
- File - Purity Scan
- Evnt - EventViewer Errors/Warnings (last 10)
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please attach the log in your next post.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

- - - - - Next - - - - -

On your next post please provide the following:
OTS log

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#8 molydeus85

New Member

Authentic Member
13 posts

Posted 16 September 2009 - 04:04 PM

Hi OCD, I am sorry to say that I still cannot run the OTS.exe program, even when renamed to 'OTS.com'. I am receiving the same error message: "Access Violation at address 0053A9E5 in module 'OTS.com'. Read of address 00000000."

#9 OCD

SuperHelper

Malware Team
5,574 posts

Posted 17 September 2009 - 10:45 AM

moledues85,

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

- - - - - Next - - - - -

Please download Malwarebytes' Anti-Malware from here or here - rename the file to mbam.com

Double Click mbam.com to install the application.

Make sure a check mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.< < Don't forget this!
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
(The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.)
Copy and Paste the entire report in your next reply.

- - - - - Next - - - - -

If you are unsuccessful running either of these programs try running them in Safe Mode.

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc.
At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

- - - - - Next - - - - -

On your next post please provide the following:
RSIT logs - log.txt & info.txt
MalwareBytes log

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#10 molydeus85

New Member

Authentic Member
13 posts

Posted 17 September 2009 - 04:30 PM

I have the RSIT logs, they are as follows: ------------------- log.txt ------------------------- Logfile of random's system information tool 1.06 (written by random/random) Run by Kevin O'Connor at 2009-09-17 18:14:05 WIN_XP Service Pack 2 System drive C: has 7 GB (9%) free of 76 GB Total RAM: 2047 MB (79% free) HijackThis download failed ======Scheduled tasks folder====== C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ABIT uGuruIII"=C:\Program Files\ABIT\uGuru\uGuru.exe [2006-10-24 417792] "Steam"=C:\Program Files\Steam\Steam.exe [2009-06-16 1217784] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-02-13 486856] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208] "Aim6"=C:\Program Files\AIM6\aim6.exe [2009-04-27 49968] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-05-14 1830128] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] C:\Documents and Settings\Kevin O'Connor.KEVINS-MINION\Start Menu\Programs\Startup OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Steam\steamapps\exknight@kalikops.net\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\exknight@kalikops.net\counter-strike\hl.exe:*:Enabled:Half-Life Launcher" "C:\WINDOWS\SYSTEM32\PnkBstrA.exe"="C:\WINDOWS\SYSTEM32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\SYSTEM32\PnkBstrB.exe"="C:\WINDOWS\SYSTEM32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk" "C:\Program Files\Avant Browser\avant.exe"="C:\Program Files\Avant Browser\avant.exe:*:Enabled:Avant Browser" "C:\Program Files\Steam\steamapps\molydeus85\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\molydeus85\team fortress 2\hl2.exe:*:Enabled:hl2" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Steam\steamapps\outriderc\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\outriderc\team fortress 2\hl2.exe:*:Enabled:hl2" "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam" "C:\Program Files\Steam\steamapps\exknight@kalikops.net\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\exknight@kalikops.net\team fortress 2\hl2.exe:*:Enabled:hl2" "C:\Program Files\Steam\steamapps\noisemarine18\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\noisemarine18\team fortress 2\hl2.exe:*:Enabled:hl2" "C:\WINDOWS\SYSTEM32\dplaysvr.exe"="C:\WINDOWS\SYSTEM32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper" "C:\Program Files\Vampire The Masquerade - Redemption\Vampire.exe"="C:\Program Files\Vampire The Masquerade - Redemption\Vampire.exe:*:Enabled:Vampire" "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe:*:Enabled:nSvcAppFlt" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Program Files\Steam\steamapps\common\titan quest\help.htm"="C:\Program Files\Steam\steamapps\common\titan quest\help.htm:*:Enabled:Titan Quest" "C:\Program Files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe"="C:\Program Files\Steam\steamapps\common\titan quest immortal throne\Tqit.exe:*:Enabled:Titan Quest: Immortal Throne" "C:\Program Files\Steam\steamapps\common\titan quest immortal throne\help.htm"="C:\Program Files\Steam\steamapps\common\titan quest immortal throne\help.htm:*:Enabled:Titan Quest: Immortal Throne" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======List of files/folders created in the last 1 months====== 2009-09-17 18:14:05 ----D---- C:\rsit 2009-09-17 18:12:59 ----D---- C:\WINDOWS\LastGood 2009-09-14 18:13:54 ----SHD---- C:\RECYCLER 2009-09-13 22:54:57 ----A---- C:\ComboFix.txt 2009-09-13 22:40:37 ----D---- C:\WINDOWS\temp 2009-09-13 22:26:26 ----D---- C:\fixer 2009-09-13 16:43:20 ----A---- C:\RootRepeal report 09-13-09 (16-43-20).txt 2009-09-13 16:33:38 ----D---- C:\Program Files\ERUNT 2009-09-12 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-09-11 18:20:04 ----A---- C:\WINDOWS\system32\javaws.exe 2009-09-11 18:20:04 ----A---- C:\WINDOWS\system32\javaw.exe 2009-09-11 18:20:04 ----A---- C:\WINDOWS\system32\java.exe 2009-09-11 18:05:04 ----HD---- C:\WINDOWS\system32\GroupPolicy 2009-09-11 17:46:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion 2009-09-11 17:02:34 ----D---- C:\Program Files\AVG 2009-09-11 17:02:34 ----A---- C:\WINDOWS\system32\avgfwdx.dll 2009-09-11 17:02:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 2009-09-11 16:58:22 ----D---- C:\Documents and Settings\Kevin O'Connor.KEVINS-MINION\Application Data\AVG8 2009-09-10 15:59:29 ----A---- C:\WINDOWS\system32\winset.ini 2009-09-10 15:58:59 ----D---- C:\WINDOWS\tempie 2009-08-29 03:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-22 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-19 21:12:55 ----D---- C:\Documents and Settings\Kevin O'Connor.KEVINS-MINION\Application Data\openrpg 2009-08-19 21:12:51 ----D---- C:\Program Files\OpenRPG 2009-08-19 21:11:44 ----D---- C:\Python25 2009-08-19 21:11:44 ----D---- C:\Config.Msi ======List of files/folders modified in the last 1 months====== 2009-09-17 18:13:01 ----D---- C:\WINDOWS\system32\DRIVERS 2009-09-17 18:12:59 ----D---- C:\WINDOWS\SYSTEM32 2009-09-17 18:12:59 ----D---- C:\WINDOWS 2009-09-17 18:12:27 ----HD---- C:\WINDOWS\INF 2009-09-16 00:15:46 ----D---- C:\WINDOWS\Debug 2009-09-14 18:10:09 ----D---- C:\Program Files\Steam 2009-09-14 18:09:36 ----D---- C:\Documents and Settings\Kevin O'Connor.KEVINS-MINION\Application Data\OpenOffice.org2 2009-09-14 02:12:36 ----A---- C:\WINDOWS\PEV.exe 2009-09-13 23:33:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-13 22:58:41 ----D---- C:\Program Files\Mozilla Firefox 2009-09-13 22:55:00 ----AD---- C:\Qoobox 2009-09-13 22:54:22 ----SD---- C:\WINDOWS\Tasks 2009-09-13 22:49:57 ----D---- C:\WINDOWS\ERDNT 2009-09-13 22:45:10 ----A---- C:\WINDOWS\system.ini 2009-09-13 22:42:20 ----D---- C:\WINDOWS\system32\CONFIG 2009-09-13 22:39:50 ----SHD---- C:\WINDOWS\Installer 2009-09-13 22:33:39 ----D---- C:\WINDOWS\AppPatch 2009-09-13 22:33:37 ----D---- C:\Program Files\Common Files 2009-09-13 22:28:56 ----D---- C:\WINDOWS\VirtualEar 2009-09-13 22:28:56 ----D---- C:\WINDOWS\system32\XIRCOM 2009-09-13 22:28:56 ----D---- C:\WINDOWS\system32\WINS 2009-09-13 22:28:56 ----D---- C:\WINDOWS\system32\ShellExt 2009-09-13 22:28:56 ----D---- C:\WINDOWS\system32\Lang 2009-09-13 22:28:56 ----D---- C:\WINDOWS\system32\INETSRV 2009-09-13 22:28:55 ----RD---- C:\WINDOWS\Offline Web Pages 2009-09-13 22:28:55 ----HD---- C:\WINDOWS\ShellNew 2009-09-13 22:28:55 ----HD---- C:\WINDOWS\PIF 2009-09-13 22:28:55 ----HD---- C:\WINDOWS\msdownld.tmp 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\EXPORT 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\DHCP 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\CatRoot_bak 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\bits 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\3COM_DMI 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\3076 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\2052 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\1054 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\1042 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\1041 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\1037 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\1031 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\1028 2009-09-13 22:28:55 ----D---- C:\WINDOWS\system32\1025 2009-09-13 22:28:55 ----D---- C:\WINDOWS\report 2009-09-13 22:28:55 ----D---- C:\WINDOWS\network diagnostic 2009-09-13 22:28:55 ----D---- C:\WINDOWS\Minidump 2009-09-13 22:28:55 ----D---- C:\WINDOWS\Lycos 2009-09-13 22:28:55 ----D---- C:\WINDOWS\kdx 2009-09-13 22:28:55 ----D---- C:\WINDOWS\Internet Logs 2009-09-13 22:28:54 ----D---- C:\WINDOWS\DellPCH 2009-09-13 22:28:54 ----D---- C:\WINDOWS\Connection Wizard 2009-09-13 22:28:54 ----D---- C:\WINDOWS\Config 2009-09-13 22:28:54 ----D---- C:\WINDOWS\backup 2009-09-13 22:28:54 ----D---- C:\WINDOWS\AU_Log 2009-09-13 22:28:54 ----D---- C:\WINDOWS\AU_Backup 2009-09-13 22:28:53 ----D---- C:\WINDOWS\ADDINS 2009-09-13 22:28:53 ----D---- C:\WINDOWS\.file_store_32 2009-09-13 21:38:07 ----D---- C:\WINDOWS\SECURITY 2009-09-13 19:29:36 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE 2009-09-13 18:00:11 ----D---- C:\Program Files\uTorrent 2009-09-13 16:33:38 ----AD---- C:\Program Files 2009-09-12 03:00:46 ----D---- C:\WINDOWS\Prefetch 2009-09-12 03:00:36 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-11 18:46:03 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-11 18:20:02 ----D---- C:\Program Files\Java 2009-09-11 18:13:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-09-11 18:13:16 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-09-11 18:07:56 ----D---- C:\Program Files\SUPERAntiSpyware 2009-09-11 18:07:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-09-11 17:46:29 ----D---- C:\Program Files\Yahoo! 2009-09-11 17:00:59 ----SD---- C:\Documents and Settings\Kevin O'Connor.KEVINS-MINION\Application Data\Microsoft 2009-09-11 16:30:28 ----D---- C:\I386 2009-09-10 20:53:39 ----D---- C:\Documents and Settings\Kevin O'Connor.KEVINS-MINION\Application Data\Hamachi 2009-09-10 00:48:41 ----D---- C:\Program Files\Hamachi 2009-09-09 18:43:46 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-09 18:43:46 ----D---- C:\Program Files\Electronic Arts 2009-09-09 18:41:49 ----D---- C:\Documents and Settings\Kevin O'Connor.KEVINS-MINION\Application Data\My Games 2009-09-09 17:20:02 ----D---- C:\DELL 2009-09-09 17:20:01 ----D---- C:\EXILE2 2009-08-28 17:38:20 ----A---- C:\WINDOWS\system32\MRT.exe 2009-08-22 03:05:11 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-22 03:04:13 ----D---- C:\WINDOWS\Microsoft.NET ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-08-07 110080] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-10 25280] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-08-07 52736] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-08-07 18944] R3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Documents and Settings\Kevin O'Connor.KEVINS-MINION\Desktop\SysProt\SysProtDrv.sys [] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] S3 au5qkp34;au5qkp34; C:\WINDOWS\system32\drivers\au5qkp34.sys [] S3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-09-11 29208] S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-09-11 29208] S3 catchme;catchme; \??\C:\fixer\catchme.sys [] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716] S2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-09-08 172032] S2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-08 172090] S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-02-27 66872] S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-11-30 26488] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- -------------- info.txt -------------------------- info.txt logfile of random's system information tool 1.06 2009-09-17 18:14:08 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Vampire The Masquerade - Redemption\Vampire.isu" -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABIT uGuru-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF8500E6-EA0D-11D7-8755-0080C8F92A32}\Setup.exe" -l0x9 AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003} Advanced DVD Player-->"C:\Program Files\AdvancedDVDPlayer\unins000.exe" AIM 6-->C:\Program Files\AIM6\uninst.exe Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Atlantica Online-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A9AE490-5E3F-41D7-A792-8D506AEBE536}\Setup.exe" -l0x9 Avant Browser (remove only)-->"C:\Program Files\Avant Browser\uninst.exe" AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe" Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380 Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420 Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220 Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe" Hotfix for Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6} Microsoft Speech Recognition Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscsrgpc.inf, Uninstall.NT Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033 Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly OpenOffice.org 2.3-->MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A} OpenRPG-->C:\Program Files\OpenRPG\uninstall.exe PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u Python 2.5.1-->MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0} QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly RPG Maker VX RTP-->"C:\Program Files\Common Files\Enterbrain\RGSS2\RPGVX\unins000.exe" RPG Maker VX-->"C:\Program Files\Enterbrain\RPGVX\unins000.exe" Search Enhancer Toolbar-->regsvr32 /u /s "C:\Program Files\Search Enhancer Toolbar\NCL.dll" Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe" Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe" Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe" Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe" Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215 Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe System47 Screen Saver-->C:\WINDOWS\system32\System47.scr /u Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440 Titan Quest: Immortal Throne-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4550 Titan Quest-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4540 Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe" Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe VTFEdit 1.2.5-->"C:\Program Files\VTFEdit\unins000.exe" Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe wxPython 2.8.7.1 (unicode) for Python 2.5-->"C:\Python25\Lib\site-packages\wx-2.8-msw-unicode\unins000.exe" Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE Zip Motion Block Video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\ZMBV.INF Securitycenter WMI appears to be broken ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_REVISION"=0f0b "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip -----------------EOF----------------- I wasn't able to install the Malwarebytes' Anti-Malware program, I received this error during install in both normal mode and Safe Mode: "Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application."

Advertisements

Register to Remove

#11 OCD

SuperHelper

Malware Team
5,574 posts

Posted 18 September 2009 - 11:04 AM

molydeus85,

Please do the following:

Please save Win32kDiag to your desktop.
Now click on Start->Run, and copy/paste the following command (the text inside the quotebox) into the "Open" runbox, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r
When it's finished, there will be a log called Win32kDiag.txt on your desktop.
Please open it with notepad and post the contents here.

- - - - - Next - - - - -

Download Inherit and save it to your desk top
Drag each of the exe files that you are unable to run into Inherit.exe (must be the exe - not the shortcut)
Then wait for it to say "OK"

- - - - - Next - - - - -

Run the following scan: Eset Online Scanner
(you will need Internet Explorer to run this scan)

Place a check mark in the box YES, I accept the Terms Of Use
Click the Start button.
Now click the Install button.
Click Start. The scanner engine will initialize and update.
Do Not place a check mark in the box beside Remove found threats.
Click the Scan button. The scan will now run, please be patient.
When the scan finishes click the Details tab.
Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

- - - - - Next - - - - -

You logs show that you have run ComboFix in the past, please provide me with the most recent log if you still have it.

The log will be located here C:\ComboFix.txt (Provided 'C' is your root directory)

On your next post please provide the following:

Win32kDiag.txt
ESET log.txt

ComboFix.txt (if you have it)

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#12 OCD

SuperHelper

Malware Team
5,574 posts

Posted 21 September 2009 - 10:22 AM

Hello molydeus85,

It's been a few days, I was just checking to see if you still needed assistance?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#13 molydeus85

New Member

Authentic Member
13 posts

Posted 21 September 2009 - 06:28 PM

Hi, yes I apologize, I was away for the weekend. I ran win32kdiag with the following log as the result:

------ win32kdiag log ---------
Running from: C:\Documents and Settings\Administrator.KEVINS-MINION\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Administrator.KEVINS-MINION\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Cannot access: C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

Attempting to restore permissions of : C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\483f9239792ab1dfd6edf3fc484d2eb3\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\483f9239792ab1dfd6edf3fc484d2eb3\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\update\update.exe

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d\update\update.exe

Cannot access: C:\WINDOWS\SYSTEM32\MRT.exe

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\MRT.exe

Cannot access: C:\WINDOWS\SYSTEM32\svchost.exe

Attempting to restore permissions of : C:\WINDOWS\SYSTEM32\svchost.exe

Finished!

------------------------------

I could not drag any of the exe's into the Inherit because it won't let me drag anything on the desktop, I just click and drag off and it doesn't go anywhere. Probably whatever is denying me rights to copy/paste on the desktop is not allowing me to drag either.

------------------------

I cannot access the internet since when I open my Network Connection folder, the contents are gone and it is blank. The computer is not automatically connecting to the internet, at least not that is accessible to me. I am not sure if there is any alternative to get it to connect. Because of this, I could not run the Eset Online Scanner.

---------------------------

I was able to get comboFix to run by renaming it, the log is as follows:

ComboFix 09-09-13.04 - Administrator 09/13/2009 22:29.1.2 - NTFSx86 MINIMAL
Running from: H:\fixer.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AWS\WEATHE~1\MINIBU~1.DLL
c:\windows\Installer\11750464.msi
c:\windows\system32\rotscxeambujbo.dll
c:\windows\system32\rotscxeeudeens.dll
c:\windows\system32\rotscxgbvoesjh.dll
c:\windows\system32\rotscxgtnmvbog.dat
c:\windows\system32\rotscxmoxruiws.dll
c:\windows\system32\rotscxtwclragc.dat
c:\windows\system32\rotscxuejgjqtr.dat
c:\windows\system32\rotscxuxpfhvim.dat

c:\windows\system32\eventlog.dll . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

-- Previous Run --

c:\windows\system32\eventlog.dll . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

--------

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\system volume information\_restore{C4EB2478-360B-4CE9-ADA5-D24B62221B1A}\RP88\A0013553.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 )))))))))))))))))))))))))))))))
.

2009-09-13 20:33 . 2009-09-13 20:33 -------- d-----w- c:\program files\ERUNT
2009-09-13 19:49 . 2009-09-13 19:49 -------- d-----w- c:\documents and settings\Administrator.KEVINS-MINION\Local Settings\Application Data\Adobe
2009-09-11 22:05 . 2009-09-11 22:05 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-09-11 21:46 . 2009-09-11 21:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-09-11 21:34 . 2009-09-11 21:34 -------- d-----w- c:\documents and settings\Administrator.KEVINS-MINION\Local Settings\Application Data\Mozilla
2009-09-11 21:02 . 2009-09-11 21:02 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-09-11 21:02 . 2009-09-11 21:02 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-09-11 21:02 . 2009-09-11 21:02 -------- d-----w- c:\program files\AVG
2009-09-11 21:02 . 2009-09-11 21:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2009-09-11 20:58 . 2009-09-11 20:58 -------- d-----w- c:\documents and settings\Kevin O'Connor.KEVINS-MINION\Application Data\AVG8
2009-09-10 19:58 . 2009-09-11 21:00 -------- d-----w- c:\windows\tempie
2009-08-20 01:12 . 2009-08-20 03:02 -------- d-----w- c:\documents and settings\Kevin O'Connor.KEVINS-MINION\Application Data\openrpg
2009-08-20 01:12 . 2009-08-20 01:13 -------- d-----w- c:\program files\OpenRPG
2009-08-20 01:11 . 2009-08-20 01:12 -------- d-----w- C:\Python25

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-14 02:45 . 2008-03-04 23:40 -------- d-----w- c:\documents and settings\Kevin O'Connor.KEVINS-MINION\Application Data\OpenOffice.org2
2009-09-14 02:45 . 2008-01-12 06:23 -------- d-----w- c:\program files\Steam
2009-09-14 02:02 . 2008-12-21 20:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 22:00 . 2007-11-22 06:25 -------- d-----w- c:\program files\uTorrent
2009-09-13 19:46 . 2009-05-14 19:51 14248 ----a-w- c:\documents and settings\Administrator.KEVINS-MINION\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 22:20 . 2006-02-17 07:59 -------- d-----w- c:\program files\Java
2009-09-11 22:13 . 2008-12-21 10:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-09-11 22:13 . 2009-05-25 18:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-11 22:07 . 2009-05-25 05:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-11 22:07 . 2006-04-26 00:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-11 21:46 . 2003-11-17 22:28 -------- d-----w- c:\program files\Yahoo!
2009-09-11 00:53 . 2008-02-22 19:49 -------- d-----w- c:\documents and settings\Kevin O'Connor.KEVINS-MINION\Application Data\Hamachi
2009-09-10 04:48 . 2006-12-08 05:41 -------- d-----w- c:\program files\Hamachi
2009-09-10 04:48 . 2008-02-22 05:33 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-09-09 22:43 . 2004-06-11 18:33 -------- d-----w- c:\program files\Electronic Arts
2009-09-09 22:43 . 2003-09-07 11:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-09 22:41 . 2008-10-21 08:12 -------- d-----w- c:\documents and settings\Kevin O'Connor.KEVINS-MINION\Application Data\My Games
2009-08-25 01:50 . 2008-03-01 08:09 14248 ----a-w- c:\documents and settings\Kevin O'Connor.KEVINS-MINION\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-16 20:09 . 2009-08-16 20:09 7680 --sha-w- c:\program files\Common Files\Thumbs.db
2009-08-16 20:09 . 2003-09-28 07:53 -------- d-----w- c:\program files\Common Files\aolshare
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 09:23 . 2009-05-18 19:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 06:18 . 2004-08-04 12:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:18 . 2004-08-04 12:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2004-08-04 12:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-04 12:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-04 12:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-04 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-04 12:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-04 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-04 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-04 12:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-04 12:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-04 12:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-04 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-24 21:02 . 2009-06-24 07:05 1890 --sha-w- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2009-06-24 07:12 . 2009-06-24 07:05 88 --sh--r- c:\documents and settings\All Users.WINDOWS\Application Data\CFB92F2D02.sys
2009-06-22 11:49 . 2004-08-04 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-04 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-04 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-04 12:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-16 14:55 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

------- Sigcheck -------

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\browser.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\60\msft\windows\common\controls\comctl32.dll
[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comctl32.dll
[-] 2006-08-25 . B0124CB21D28B1C9F678B566B6B57D92 . 617472 . . [5.82] . . c:\windows\SYSTEM32\comctl32.dll
[-] 2006-08-25 . C4E80875C1CF1222FC5EFD0314AE5C01 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\cryptsvc.dll

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\asyncmac.sys

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\ndis.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntfs.sys
[-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\SYSTEM32\DRIVERS\ntfs.sys
[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\SYSTEM32\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\es.dll
[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 12:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\imm32.dll

[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\SYSTEM32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 . A01F9CA902A88F7CED06884174D6419D . 984576 . . [5.1.2600.3119] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\SYSTEM32\linkinfo.dll
[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\lpk.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\lsass.exe

[-] 2009-07-18 . 108F212B0E1B4439B014497EEC407981 . 3062272 . . [6.00.2900.3603] . . c:\windows\SYSTEM32\mshtml.dll
[-] 2009-07-18 . 7467941BE64DFC5F8E9F3DC1DE920806 . 3069440 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3GDR\mshtml.dll
[-] 2009-07-18 . 9A878C4D12BE5598B598B27BFEA1B3C2 . 3069440 . . [6.00.2900.3603] . . c:\windows\$hf_mig$\KB972260\SP2QFE\mshtml.dll
[-] 2009-07-18 . F3EE47F296295D08A97CB50EF57244D9 . 3069952 . . [6.00.2900.5848] . . c:\windows\$hf_mig$\KB972260\SP3QFE\mshtml.dll
[-] 2009-04-29 . 04AB92BFDDF275D50E3D42CDB4BF110E . 3060736 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\mshtml.dll
[-] 2009-04-29 . ABD8093E43E53AEA5898D2214B92E9BA . 3068928 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\mshtml.dll
[-] 2009-04-29 . 7BB862F4CBB8361551C34674291BA5EC . 3068928 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\mshtml.dll
[-] 2009-04-29 . 06CF679E3D24C3DF270556456A0F1EDA . 3069440 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\mshtml.dll
[-] 2009-02-20 . 03D98EB3F7BBD1FA14C650597F1989BC . 3067904 . . [6.00.2900.3527] . . c:\windows\$hf_mig$\KB963027\SP2QFE\mshtml.dll
[-] 2009-02-20 . B20FEE1734EF152AAA8D6C5A938DA902 . 3059712 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\mshtml.dll
[-] 2009-02-20 . 2F70F2F74C40397D031016FA162981C2 . 3068416 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\mshtml.dll
[-] 2009-02-20 . 1618A4A2C5DD8164B8295190C8EA6544 . 3068416 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\mshtml.dll
[-] 2008-12-12 . C8169B4320AC0CB8D1ED20454322E839 . 3060224 . . [6.00.2900.3492] . . c:\windows\$NtUninstallKB963027$\mshtml.dll
[-] 2008-12-12 . 6D1D493622EA050DBAABD0C4C1DFADB5 . 3067392 . . [6.00.2900.3492] . . c:\windows\$hf_mig$\KB960714\SP2QFE\mshtml.dll
[-] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3GDR\mshtml.dll
[-] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[-] 2008-10-16 . 9C2C058E341E6B627789EF88D3B98445 . 3059712 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB960714$\mshtml.dll
[-] 2008-10-16 . C99D8B48FC245D98E1A2BAB6594458C9 . 3067392 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\mshtml.dll
[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\mshtml.dll
[-] 2008-08-20 . B83EB71C2052E05D13D690A224357441 . 3060224 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\mshtml.dll
[-] 2008-08-20 . 20D44D1A5A406CD8E129D3D4F0B5717C . 3067392 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\mshtml.dll
[-] 2008-08-20 . 507BDA42F7DB8209C0F0B3556A043491 . 3067904 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll
[-] 2008-08-20 . BD45470B132A0F98596277323D9F2E5A . 3067904 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll
[-] 2008-06-25 . 04EEC0FF4DD3C7041628973CA6832C33 . 3067904 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\mshtml.dll
[-] 2008-06-23 . 1FC693A4EE1D9D9CD78DDA6C87232F6F . 3067392 . . [6.00.2900.3395] . . c:\windows\$hf_mig$\KB953838\SP2QFE\mshtml.dll
[-] 2008-06-23 . 74B5A84AC8FCF52C249B74C3D2A3E7B8 . 3059712 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\mshtml.dll
[-] 2008-06-23 . F433136C23D13B120412B300D1324A7E . 3067392 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\mshtml.dll
[-] 2008-04-21 . C75C6AD32C28BCE0D14E1CA2AB4862DC . 3059712 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\mshtml.dll
[-] 2008-04-21 . 083B967E6B0B2BB539CE6B08D45D631F . 3066880 . . [6.00.2900.3354] . . c:\windows\$hf_mig$\KB950759\SP2QFE\mshtml.dll
[-] 2008-04-21 . FE406DE0651C9E8201DCB0460609D739 . 3066880 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\mshtml.dll
[-] 2008-04-21 . 46A61BA430110F00DD990D058AA3D054 . 3067392 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\mshtml.dll
[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mshtml.dll
[-] 2008-02-16 . 77DBF6075405494AD6B6A99E2C732F86 . 3059712 . . [6.00.2900.3314] . . c:\windows\$NtUninstallKB950759$\mshtml.dll
[-] 2008-02-16 . 701A6798DDF875CAA3A5099EE75FD57F . 3066880 . . [6.00.2900.3314] . . c:\windows\$hf_mig$\KB947864\SP2QFE\mshtml.dll
[-] 2007-12-07 . DA9377A57A277170C78095C0E8BD8C85 . 3059200 . . [6.00.2900.3268] . . c:\windows\$NtUninstallKB947864$\mshtml.dll
[-] 2007-12-07 . 8A4DD074DEC1B0C063C8493ABF654CBC . 3066368 . . [6.00.2900.3268] . . c:\windows\$hf_mig$\KB944533\SP2QFE\mshtml.dll
[-] 2007-10-30 . DA077E334961230C12E3E4D62626286E . 3058688 . . [6.00.2900.3243] . . c:\windows\$NtUninstallKB944533$\mshtml.dll
[-] 2007-10-30 . 79314A0A6B0DA78AFE491FF2D8B117BA . 3065856 . . [6.00.2900.3243] . . c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll
[-] 2004-08-04 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB942615$\mshtml.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\SYSTEM32\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[-] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\sp2qfe\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\netlogon.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll

[-] 2009-02-07 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\Driver Cache\I386\ntoskrnl.exe
[-] 2009-02-06 . 16B5EBE97F243441264A8F8694C2F2AA . 2136064 . . [5.1.2600.3520] . . c:\windows\SYSTEM32\ntoskrnl.exe
[-] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[-] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 . DD31AB4B91C2605601A3C108AF57A0C9 . 2136064 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[-] 2008-08-14 . CE69DBD54221F2D40E49FF6DB77C6507 . 2185984 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe
[-] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 . 1220FAF071DEA8653EE21DE7DCDA8BFD . 2136064 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe
[-] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2005-03-02 . 48B3E89AF7074CEE0314A3E0C7FAFFDB . 2135552 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2004-08-04 . 626309040459C3915997EF98EC1C8D40 . 2148352 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\SYSTEM32\powrprof.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\SYSTEM32\qmgr.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\SYSTEM32\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\rpcss.dll
[-] 2005-07-26 . CE94A2BD25E3E9F4D46A7373FF455C6D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-04-28 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2004-08-04 . 5C83A4408604F737717AB96371201680 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\scecli.dll

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\SYSTEM32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572$\services.exe

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\sfc.dll

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\SYSTEM32\spoolsv.exe
[-] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
[-] 2004-08-04 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 14336 . . [------] . . c:\windows\SYSTEM32\svchost.exe

[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\SYSTEM32\tapisrv.dll
[-] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll

[-] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\userinit.exe

[-] 2009-06-26 . 70FFEA4793D7139A447B169CB0E500BC . 666624 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3GDR\wininet.dll
[-] 2009-06-26 . 8553E6D4EC1563277323E6B2D6FBB954 . 668160 . . [6.00.2900.5835] . . c:\windows\$hf_mig$\KB972260\SP3QFE\wininet.dll
[-] 2009-06-26 . ED97493090DA8871F4EB76E1FF3F6A78 . 659456 . . [6.00.2900.3592] . . c:\windows\SYSTEM32\wininet.dll
[-] 2009-06-26 . CF0B7B2738BEF0EB87673393CB7EA06E . 668160 . . [6.00.2900.3592] . . c:\windows\$hf_mig$\KB972260\SP2QFE\wininet.dll
[-] 2009-04-29 . 9D6E5AEB8F237E03D5892951EB3D6A7E . 659456 . . [6.00.2900.3562] . . c:\windows\$NtUninstallKB972260$\wininet.dll
[-] 2009-04-29 . 6002073519FA478BF89977369CDFD156 . 666624 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[-] 2009-04-29 . 9E36A148748C5DE4EA1F47B9B625F412 . 668160 . . [6.00.2900.3562] . . c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll
[-] 2009-04-29 . 04BCB4F87B35502568F6CF33433543A5 . 668160 . . [6.00.2900.5803] . . c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[-] 2009-02-20 . F1DBF177AA0DB2150E626595D0EFF604 . 659456 . . [6.00.2900.3527] . . c:\windows\$NtUninstallKB969897$\wininet.dll
[-] 2009-02-20 . 1EA0E6DD74199209D60991FD46CE8643 . 668160 . . [6.00.2900.3527] . . c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll
[-] 2009-02-20 . 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E . 666112 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[-] 2009-02-20 . 711FEABED387B29FF7ED61BC6806A06C . 667648 . . [6.00.2900.5764] . . c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[-] 2008-10-16 . 6F1E4BFD78C4E0D05FF3725D59B72925 . 659456 . . [6.00.2900.3462] . . c:\windows\$NtUninstallKB963027$\wininet.dll
[-] 2008-10-16 . 93C9D0A216498EE14EB9B26119BB95EE . 667648 . . [6.00.2900.3462] . . c:\windows\$hf_mig$\KB958215\SP2QFE\wininet.dll
[-] 2008-10-16 . E8FCE58A470999350F64C591557F9E42 . 667136 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\wininet.dll
[-] 2008-10-16 . 1576318BF08D28CC61D1278114AD8D5B . 666112 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3GDR\wininet.dll
[-] 2008-08-20 . 87E694D09893978F22024FEEEDF35342 . 659456 . . [6.00.2900.3429] . . c:\windows\$NtUninstallKB958215$\wininet.dll
[-] 2008-08-20 . C91E3A6EF094202F6B5CA8960DFCF243 . 667648 . . [6.00.2900.3429] . . c:\windows\$hf_mig$\KB956390\SP2QFE\wininet.dll
[-] 2008-08-20 . 9AF5F25124FBDC36E2B510729CBA2674 . 666112 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll
[-] 2008-08-20 . 94418F53D2612C26DBADC04DAFBC197C . 666624 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll
[-] 2008-06-23 . 611ACE3F4201E9610AF8452F7C268995 . 667136 . . [6.00.2900.3395] . . c:\windows\$hf_mig$\KB953838\SP2QFE\wininet.dll
[-] 2008-06-23 . 9EEA04BC4C3FA521D256D89940FAB4DB . 659456 . . [6.00.2900.3395] . . c:\windows\$NtUninstallKB956390$\wininet.dll
[-] 2008-06-23 . F12FBB673DE9CC802C5DC518FE99AA2F . 666112 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3GDR\wininet.dll
[-] 2008-06-23 . 972299B7241EC325D8C7E5638C884925 . 666624 . . [6.00.2900.5626] . . c:\windows\$hf_mig$\KB953838\SP3QFE\wininet.dll
[-] 2008-04-21 . 1EFB8A3EA8454AEC1BB8A240A2845598 . 659456 . . [6.00.2900.3354] . . c:\windows\$NtUninstallKB953838$\wininet.dll
[-] 2008-04-21 . 2E7DE1BF9418B071799EB53DE8CC22F5 . 666624 . . [6.00.2900.3354] . . c:\windows\$hf_mig$\KB950759\SP2QFE\wininet.dll
[-] 2008-04-21 . 2B0C24AA747A93A28987B6D65A4A74BC . 666112 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3GDR\wininet.dll
[-] 2008-04-21 . 26F240C250E5B4B395CB4B178BA75437 . 666624 . . [6.00.2900.5583] . . c:\windows\$hf_mig$\KB950759\SP3QFE\wininet.dll
[-] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wininet.dll
[-] 2008-02-16 . BB1EACD6AB47E78EBCA02EB781550D55 . 666112 . . [6.00.2900.3314] . . c:\windows\$hf_mig$\KB947864\SP2QFE\wininet.dll
[-] 2008-02-16 . 0C690E77C0E924C45B4D7045B182FFF1 . 659456 . . [6.00.2900.3314] . . c:\windows\$NtUninstallKB950759$\wininet.dll
[-] 2007-12-07 . 57D1B5150CF6331FAC6B3E04C1FCB966 . 659456 . . [6.00.2900.3268] . . c:\windows\$NtUninstallKB947864$\wininet.dll
[-] 2007-12-07 . 085A7C37F9C6EDE1BA870B7DBEC06399 . 666112 . . [6.00.2900.3268] . . c:\windows\$hf_mig$\KB944533\SP2QFE\wininet.dll
[-] 2007-10-11 . 2005AD86A22AEE68E21EE59F9CCB77F2 . 659456 . . [6.00.2900.3231] . . c:\windows\$NtUninstallKB944533$\wininet.dll
[-] 2007-10-11 . 80D660A49E0D118144423099B2A9F5DA . 666112 . . [6.00.2900.3231] . . c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll
[-] 2006-11-08 . 92995334F993E6E49C25C6D02EC04401 . 818688 . . [7.00.5730.11] . . c:\windows\tempie\wininet.dll
[-] 2004-08-04 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB942615$\wininet.dll

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\winlogon.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ws2_32.dll

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[-] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\schedsvc.dll

[-] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\termsrv.dll

[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\appmgmts.dll
[-] 2004-08-04 . 9C3C12975C97119412802B181FBEEFFE . 167936 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\appmgmts.dll

[-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\SYSTEM32\DRIVERS\acpiec.sys

[-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aec.sys
[-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\Driver Cache\I386\aec.sys
[-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\SYSTEM32\DRIVERS\aec.sys
[-] 2004-08-04 03:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\DRIVERS\ip6fw.sys

[-] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mfc40u.dll
[-] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\SYSTEM32\mfc40u.dll
[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\SYSTEM32\msgsvc.dll

[-] 2008-04-14 00:12 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\mspmsnsv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\SYSTEM32\mspmsnsv.dll

[-] 2009-02-07 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[-] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\Driver Cache\I386\ntkrnlpa.exe
[-] 2009-02-06 . B238AB60093BABFE76AEC8F34B4D399D . 2015744 . . [5.1.2600.3520] . . c:\windows\SYSTEM32\ntkrnlpa.exe
[-] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 . DC097A896A03B8277457D228FD12D4E6 . 2015744 . . [5.1.2600.3427] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[-] 2008-08-14 . 63EC865DFF6CCFC7BEF94B5C50297CAD . 2062976 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe
[-] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 . A58AC1C6199EF34228ABEE7FC057AE09 . 2015744 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe
[-] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2005-03-02 . 3CD941E472DDF3534E53038535719771 . 2015232 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2004-08-04 . FB142B7007CA2EEA76966C6C5CC12150 . 2015232 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll
[-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\SYSTEM32\ntmssvc.dll

[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\upnphost.dll
[-] 2007-02-05 . 36ACA6CDC19C95FF468A1426EB7F32F0 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 2007-02-05 . ACA5D98663D879C6BAAFCEA7E2F1B710 . 185344 . . [5.1.2600.3077] . . c:\windows\SYSTEM32\upnphost.dll
[-] 2004-08-04 . 0546477BDE979E33294FE97F6B3DE84A . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuruIII"="c:\program files\ABIT\uGuru\uGuru.exe" [2006-10-24 417792]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-16 1217784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2007-12-05 1626112]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\exknight@kalikops.net\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Steam\\steamapps\\molydeus85\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Steam\\steamapps\\outriderc\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\exknight@kalikops.net\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\noisemarine18\\team fortress 2\\hl2.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Program Files\\Vampire The Masquerade - Redemption\\Vampire.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nSvcAppFlt.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\titan quest\\help.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\titan quest immortal throne\\Tqit.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\titan quest immortal throne\\help.htm"=

R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2007-11-30 26488]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-09-11 29208]
R3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys [2009-09-11 29208]
S0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2006-05-03 14592]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-09-04 74480]

.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-30 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Kevin O'Connor.KEVINS-MINION\Application Data\Mozilla\Firefox\Profiles\keo34oll.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=&query=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Kevin O'Connor.KEVINS-MINION\Application Data\Mozilla\Firefox\Profiles\keo34oll.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\Kevin O'Connor.KEVINS-MINION\Application Data\Mozilla\Firefox\Profiles\keo34oll.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
Notify-avgrsstarter - avgrsstx.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 22:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-1801674531-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,62,3f,e8,06,00,cf,71,54,7c,9f,06,3d,de,47,16,02,d4,43,2e,7a,99,d0,
22,51,79,c2,a4,10,dd,11,4d,b4,cf,e7,2c,9b,a8,09,6f,2c,3c,c1,39,0b,88,f2,62,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-2000478354-1801674531-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:18,5c,80,7e,04,f2,3d,96,8a,77,ec,e2,fb,b3,9f,a7,35,01,c5,af,00,
99,20,f4,1c,8b,f4,3d,96,d7,a3,e2,14,1c,35,d0,66,ac,b6,d1,1d,51,56,71,84,c9,\
"rkeysecu"=hex:4d,53,2e,c9,a3,82,4f,98,de,1b,e9,de,12,b2,cd,76
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\windows\SYSTEM32\PnkBstrA.exe
c:\windows\SYSTEM32\rundll32.exe
c:\program files\OpenOffice.org 2.3\program\soffice.exe
c:\program files\OpenOffice.org 2.3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2009-09-14 22:54 - machine was rebooted [Kevin O'Connor]
ComboFix-quarantined-files.txt 2009-09-14 02:54

Pre-Run: 6,886,965,248 bytes free
Post-Run: 7,044,947,968 bytes free

482 --- E O F --- 2009-09-12 07:00

#14 OCD

SuperHelper

Malware Team
5,574 posts

Posted 22 September 2009 - 09:47 AM

molydeus85,

It is imperative that you DO NOT attempt any fixes without being instructed to do so.
ComboFix is a very powerful tool and should not be run unsupervised.
Running it without proper knowledge as to what it will do can render your computer inoperable.

- - - - - Next - - - - -

How many times have you run ComboFix?

Please provide me Any/All ComboFix logs you still have on your computer.
Check these locations

C:\ComboFix.txt
C:\Qoobox\ComboFix.txt - date @ time - all of these
C:\Qoobox\ComboFix-quarantined-files.txt

- - - - - Next - - - - -

Please download Junction.zip to your desktop.
Unzip the folder to your desktop

Please open Notepad
Click Start , then Run
Type notepad.exe in the Run Box.
Copy and Paste everything from the Quote box into Notepad:

@echo off
cls
junction -s c:\ >> log.txt
notepad log.txt
exit

Save the file to your DESKTOP as "junction.bat".
Make sure to save it with the quotes. Once saved, the icon to click should look like this on your desktop:
Posted Image

Double click Junction.bat.

- - - - - Next - - - - -

On your next post please provide the following:

All ComboFix logs available - (use multiple posts if necessary)
Junction.bat log

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#15 molydeus85

New Member

Authentic Member
13 posts

Posted 22 September 2009 - 05:19 PM

I understand that comboFix is dangerous to run without instruction. I ran it once before a few months ago under the guidance of a different website, to remove a virtumonde infection. When the current infection happened, I attempted to run it again as a last resort following the same rules, before I found your forums. I didn't rerun it or change anything, haven't run it since.

I will post the junction log first, with the first comboFix log, then the other 2 comboFix logs, which will require more than one post.

-------------- junction.bat log ----------------

Junction v1.05 - Windows junction creator and reparse point viewer
Copyright © 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com

Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.

..
Failed to open \\?\c:\\Documents and Settings\Kevin O'Connor: Access is denied.

.

...

...

...

...

.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0b59a2907bae85cb6f48f1610c6c68e6_7b71fbce-dff3-42c2-9259-d2367eb8daa9: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f785d93b2dcf1052ef64084e1eca362_7b71fbce-dff3-42c2-9259-d2367eb8daa9: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d3f9a7187b82bf3a842d3bbf32b1a2e_7b71fbce-dff3-42c2-9259-d2367eb8daa9: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b04d3e7aaa33b18cbd2ad0d360895857_7b71fbce-dff3-42c2-9259-d2367eb8daa9: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\caf1080f3fbbc4441830b9d4bf73d874_7b71fbce-dff3-42c2-9259-d2367eb8daa9: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e72689201844697d545ea297f9fbc908_7b71fbce-dff3-42c2-9259-d2367eb8daa9: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp: Access is denied.

.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Pure Networks\Network Magic\errordetails.xml: Access is denied.

.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E5C0000.VBN: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12880000.VBN: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12880001.VBN: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02280000\46EAC5C3.VBN: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07180000\47BC665C.VBN: Access is denied.

Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB40000\4EB5234B.VBN: Access is denied.

...

...

...
Failed to open \\?\c:\\Documents and Settings\Kevin O'Connor.KEVINS-MINION\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.

Failed to open \\?\c:\\Documents and Settings\Kevin O'Connor.KEVINS-MINION\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.

...

...

...

...

...

...

..
Failed to open \\?\c:\\My Shared Folder\enya: Access is denied.

.

...

...

...

...

...

...

...

...

Failed to open \\?\c:\\Program Files\IM Sniffer\convos: Access is denied.

...

...

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Program Files\Spybot - Search & Destroy\SpybotSD.exe: Access is denied.

.

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe: Access is denied.

.

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\System Volume Information\EfaData\SYMEFA.DB: Access is denied.

.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

No reparse points found.

----------- ComboFix-quarantined-files.txt ------------

2009-09-14 02:54:19 . 2009-09-14 02:54:19 378 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-avgrsstarter.reg.dat
2009-09-14 02:54:17 . 2009-09-14 02:54:17 132 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-AVG8_TRAY.reg.dat
2009-09-14 02:38:15 . 2009-09-14 02:38:15 1,398 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}.reg.dat
2009-09-14 02:28:42 . 2009-09-14 02:28:42 61,952 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\eventlog.dll.vir
2009-09-11 21:03:22 . 2009-09-11 21:03:22 43 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rotscxtwclragc.dat.vir
2009-09-11 21:03:20 . 2009-09-11 21:03:21 19,456 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rotscxeambujbo.dll.vir
2009-09-11 04:06:52 . 2009-09-11 21:03:22 212,076 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rotscxuxpfhvim.dat.vir
2009-09-11 00:06:52 . 2009-09-11 00:06:52 43 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rotscxuejgjqtr.dat.vir
2009-09-10 20:06:46 . 2009-09-10 20:06:46 19,456 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rotscxeeudeens.dll.vir
2009-09-10 20:01:44 . 2009-09-10 20:01:44 21,504 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rotscxgbvoesjh.dll.vir
2009-09-10 20:00:14 . 2009-09-11 00:06:52 3,215 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rotscxgtnmvbog.dat.vir
2009-09-10 20:00:10 . 2009-09-10 20:00:10 45,056 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\rotscxmoxruiws.dll.vir
2009-05-25 16:28:33 . 2009-05-25 16:28:33 562 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-procexp90.Sys.reg.dat
2009-05-25 16:27:48 . 2008-12-21 18:48:31 255 ----a-w- C:\Qoobox\Quarantine\D\AUTORUN.INF.vir
2009-05-25 16:27:00 . 2009-09-14 02:35:28 8,294 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-05-25 15:59:26 . 2009-09-14 02:28:56 340 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-05-18 18:08:11 . 2009-05-18 18:08:11 74,703 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\mfc45.dll.vir
2009-05-16 05:15:53 . 2009-05-16 13:54:42 1,406,509 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ajusonub.ini.vir
2009-05-15 17:16:01 . 2009-05-15 18:23:58 1,406,509 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\utefines.ini.vir
2009-05-14 05:13:09 . 2009-05-14 05:34:19 1,433,106 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\openebir.ini.vir
2009-02-13 17:12:36 . 2009-05-13 17:12:36 51,712 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\dosoyahe.exe.vir
2009-01-31 16:14:36 . 2009-01-31 16:14:36 827,904 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\11750464.msi.vir
2009-01-30 14:11:48 . 2009-01-30 14:11:48 67,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\popatetu.dll.tmp.vir
2009-01-30 14:11:48 . 2009-01-30 14:11:48 67,584 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\yinirare.dll.tmp.vir
2004-06-27 22:29:10 . 2004-04-20 13:46:48 335,872 ----a-w- C:\Qoobox\Quarantine\C\Program Files\AWS\WEATHE~1\MINIBU~1.DLL.vir

Body Background

skin color theme