Ragnarokk Skrevet 5. september 2008 Del Skrevet 5. september 2008 (endret) Well, well. Huston, I have a problem. Hvor begynne? Hadde fått virusmelding fra trenc pc.cillin i høyre hjørne da jeg kom hjem fra jobb. trojan.generic.adv var funnet, og maskinen måtte restartes for å få fjernet dritten. Gjorde som jeg fikk beskjed om, men ble kun belønnet med at alt på skrivebordet så nær som bakgrunnsbildet var borte. Det gjelder også startlinje, klokke osv.Og en nifs beskjed om at fila UxTheme.dll manglet. For å få brukt program måtte jeg inn via ctrl+alt+del, og fikk via dette brukt maskina som normalt. Lastet ned den fila maskina klaget over at manglet, kjørte seff div antivirus, og hjt som var god som gull. Trend fant virus, og satte i karantene, hvorpå jeg slettet. Maskina virket flotters nå. Men, så, vel et døgn senere, er vi igang igjen. Maskina gir samme beskjed om restarting, men jeg har lært, og lar det være. Fullt brukbar maskin ennå. Trend gir beskjed om viktige, kritiske mangler, og sender meg til microsoft for nedlasting av nye oppdateringer, bla servicepack3. Dette vil imildertid ikke lastes. En utvidet feil er funnet, og lastingen og installeringen er ikke vellykket. Trend vil ikke gi meg eksakt svar på hvilke filer som mangler, dessverre. Fikk dette griseriet på stasjonær pc og lap samtidig, og min bror har samme sjuka. Vi har fulgt samme oppskrift, og har de samme problemene. Dette viruset ble omtalt i vg, hvor det var oppslag etter at det var funnet i en honda annonse på msn.no. Eneste beskyttelse var siste oppdatering av flash. Hvilket jeg har- eller hadde. Der skrev de også at eneste botemiddel var formatering. Det har jeg ikke planer om. Trenger noe idiotsikkert nå nå, siden jeg ikke har rene cd`er for å brenne ut viktige filer og dokumenter, så ikke led meg ut i villmarka her!! Noen som har lysst på en utfordring? Rimelig vanskelig antar jeg, men bør helst unngå restart, da dette antageligvis medfører at maskina ikke er brukende i sikkermodus heller. Og, selvsagt skal dere få se loggen min; Logfile of HijackThis v1.99.1 Scan saved at 23:36:39, on 05.09.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\Programfiler\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Trend Micro\BM\TMBMSRV.exe C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe C:\WINDOWS\System32\svchost.exe C:\Programfiler\MSN Messenger\usnsvc.exe C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe C:\Programfiler\Opera\Opera.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Jørund\Skrivebord\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a> O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Fellesfiler\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programfiler\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\RunOnce: [TSC] "C:\Programfiler\Trend Micro\Internet Security\tsc.exe" /HD O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PcSync] C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Startup: Adobe Gamma.lnk = C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programfiler\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programfiler\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Programfiler\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programfiler\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - <a href="http://go.microsoft.com/fwlink/?linkid=39204" target="_blank">http://go.microsoft.com/fwlink/?linkid=39204</a> O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - <a href="http://ragnatabascosaus.spaces.msn.com//Ph...ad/MsnPUpld.cab" target="_blank">http://ragnatabascosaus.spaces.msn.com//Ph...ad/MsnPUpld.cab</a> O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - <a href="http://update.microsoft.com/microsoftupdat...b?1128195292531" target="_blank">http://update.microsoft.com/microsoftupdat...b?1128195292531</a> O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - <a href="https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab" target="_blank">https://ssl.extrafilm.org/upload/activex/ImageUploader3.cab</a> O16 - DPF: {D1EA8D3D-F511-4388-B754-4A0CC14A4778} (Aurigma Image Uploader 3.0 Control) - <a href="http://eurofoto.no/activex/ImageUploader3.cab" target="_blank">http://eurofoto.no/activex/ImageUploader3.cab</a> O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IP-Uploader Control) - <a href="http://asp08.photoprintit.de/microsite/502...geUploader3.cab" target="_blank">http://asp08.photoprintit.de/microsite/502...geUploader3.cab</a> O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programfiler\Fellesfiler\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Unknown owner - C:\Programfiler\Trend Micro\BM\TMBMSRV.exe" /service (file missing) O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Programfiler\Trend Micro\Internet Security\TmProxy.exe Endret 8. september 2008 av Ragnarokk Lenke til kommentar
snippsat Skrevet 5. september 2008 Del Skrevet 5. september 2008 Loggen er ren den. Kan kjøre litt til. --- Last ned kjør CCleaner 'Valg'->'Avansert'. Fjern avkryssingen framfor: "bare slett midlertidige filer som er eldere enn 48 t. Kjør og register-renser"svar ja til og reparere"-->backup svar ja når du blir spørt. Kjør register-renser et par ganger til alle feil er borte. --- Last ned MBAM til skrivebordet. Velg Norsk språkdrakt-->kjør hurtig systemskann. Når MBAM er ferdig åpner den en logg,den poster du. --- Lenke til kommentar
Ragnarokk Skrevet 5. september 2008 Forfatter Del Skrevet 5. september 2008 Combologg også. Ccleaner er allerede kjørt etter instruks flere ganger. ComboFix 08-09-04.09 - Jørund 2008-09-05 23:42:42.4 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.404 [GMT 2:00] Running from: C:\Documents and Settings\Jørund\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-05 to 2008-09-05 ))))))))))))))))))))))))))))))) . 2008-09-05 23:13 . 2008-09-05 23:37 <DIR> dr-h----- C:\Documents and Settings\Jørund\Siste 2008-09-05 23:13 . 2008-09-05 23:37 <DIR> dr-h----- C:\Documents and Settings\Jørund\Siste 2008-09-05 13:25 . 2008-09-05 13:25 498,688 --a------ C:\WINDOWS\system32\OLD74F.tmp 2008-09-05 13:25 . 2008-09-05 23:41 1,880 --a------ C:\WINDOWS\DCEBOOT.CFG 2008-09-04 21:36 . 2008-09-05 13:25 <DIR> d-------- C:\WINDOWS\LastGood 2008-09-04 18:25 . 2008-09-04 18:25 113,838 --a------ C:\WINDOWS\system\6.0.2900.2180_EN.zip 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> dr------- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Start-meny 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> d--h----- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Skrivere 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> d-------- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Skrivebord 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> d--h----- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Siste 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> dr-h----- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Programdata 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> d-------- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Mine dokumenter 2008-09-04 11:45 . 2007-12-12 00:38 <DIR> d--h----- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Maler 2008-09-04 11:45 . 2008-09-05 23:44 <DIR> d--h----- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Lokale innstillinger 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> d-------- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Favoritter 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> d--h----- C:\Documents and Settings\Administrator.J-1617F615D9814.001\AndrMask 2008-09-04 11:45 . 2008-09-04 11:45 <DIR> d-------- C:\Documents and Settings\Administrator.J-1617F615D9814.001 2008-09-04 10:07 . 2008-09-05 23:41 10,752 --a------ C:\WINDOWS\DCEBoot.exe 2008-08-21 11:37 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\003146_.tmp 2008-08-21 11:37 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\003145_.tmp 2008-08-21 11:37 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\003144_.tmp 2008-08-21 11:20 . 2008-09-05 23:16 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-05 11:25 64,000 ----a-w C:\WINDOWS\system32\samlib.dll 2008-09-04 08:07 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-09-01 17:46 --------- d-----w C:\Programfiler\Java 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys 2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys 2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:41 658,944 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-25 09:44 603,176 ----a-w C:\Documents and Settings\Jørund\autoruns.exe 2008-02-25 09:44 603,176 ----a-w C:\Documents and Settings\Jørund\autoruns.exe 2008-02-25 09:44 513,064 ----a-w C:\Documents and Settings\Jørund\autorunsc.exe 2008-02-25 09:44 513,064 ----a-w C:\Documents and Settings\Jørund\autorunsc.exe . ((((((((((((((((((((((((((((( snapshot@2008-04-20_15.17.58,68 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-23 04:56:21 554,008 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll + 2007-12-10 12:41:11 518,944 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll + 2007-12-10 12:41:11 326,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll + 2007-12-10 12:41:11 1,516,568 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll + 2007-12-10 12:41:11 355,112 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll + 2007-11-01 05:16:22 166,688 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll + 2007-12-10 12:41:12 60,192 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll + 2007-12-10 12:41:12 248,608 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll + 2007-12-10 12:41:12 219,936 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll + 2007-12-10 12:41:12 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll + 2007-12-10 12:41:13 432,928 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll + 2007-12-10 12:41:13 322,336 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll + 2007-12-10 12:41:13 559,904 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll + 2007-12-10 12:41:13 264,992 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll + 2007-12-10 12:41:13 838,432 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll + 2007-11-01 05:16:23 621,344 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll + 2007-12-10 12:41:14 355,104 ----a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll + 2007-03-06 02:01:46 14,560 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll + 2007-03-06 02:01:51 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe + 2007-03-06 02:01:45 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll + 2007-03-06 02:02:09 721,120 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe + 2007-03-06 02:03:01 374,496 ----a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll + 2008-04-21 06:58:40 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll + 2008-04-21 06:58:40 151,552 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll + 2008-04-21 06:58:40 1,054,720 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll + 2008-04-21 06:58:41 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll + 2008-04-21 06:58:41 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll + 2008-04-21 06:58:41 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll + 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe + 2008-04-21 06:58:41 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll + 2008-04-21 06:58:41 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll + 2008-04-21 06:58:41 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll + 2008-04-21 06:58:44 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll + 2008-04-21 06:58:44 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll + 2008-04-21 06:58:44 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll + 2008-04-21 06:58:44 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll + 2008-04-21 06:58:44 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll + 2008-04-21 06:58:46 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll + 2008-04-21 06:58:47 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll + 2008-04-17 11:03:56 354,304 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\spru0414.dll + 2008-04-21 06:58:47 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll + 2008-04-21 06:58:48 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll + 2008-04-21 06:56:38 3,087,872 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll + 2008-04-21 06:56:38 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll + 2008-04-21 06:41:28 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll + 2008-04-21 06:41:28 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll + 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys + 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys + 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll + 2008-07-07 20:23:14 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll + 2008-07-07 20:29:49 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll + 2008-07-07 20:26:07 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll + 2007-11-30 12:39:47 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe + 2007-11-30 12:39:48 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll + 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe + 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe + 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe + 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll + 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe + 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll + 2008-06-14 18:06:18 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys + 2008-06-14 17:36:44 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys + 2008-06-14 17:42:06 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys + 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll + 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe + 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll + 2007-11-30 11:19:51 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe + 2007-11-30 11:19:51 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll + 2008-04-14 16:17:51 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP2QFE\bthport.sys + 2008-04-14 16:01:07 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3GDR\bthport.sys + 2008-04-14 16:23:11 272,256 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys + 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll + 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe + 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll + 2007-11-30 11:19:51 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe + 2007-11-30 11:19:51 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll + 2008-05-07 05:03:49 1,291,264 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll + 2008-05-07 05:12:39 1,291,264 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll + 2008-05-07 05:09:20 1,291,264 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll + 2007-11-30 11:19:51 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll + 2007-11-30 11:19:51 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe + 2007-11-30 11:19:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll + 2006-08-16 12:14:55 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll + 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys + 2008-06-20 17:37:54 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll + 2008-06-20 17:37:54 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll + 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys + 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys + 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys + 2008-06-20 17:49:37 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll + 2008-06-20 17:49:37 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll + 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys + 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys + 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys + 2008-06-20 17:45:13 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll + 2008-06-20 17:45:13 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll + 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys + 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll + 2007-11-30 12:39:47 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe + 2007-11-30 12:39:48 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll + 2008-06-24 16:31:15 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll + 2008-06-24 16:46:40 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll + 2008-06-24 16:54:35 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll + 2007-11-30 12:39:50 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe + 2007-11-30 12:39:50 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll + 2008-06-23 16:16:07 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\browseui.dll + 2008-06-23 16:16:07 151,552 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\cdfview.dll + 2008-06-23 16:16:08 1,054,720 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\danim.dll + 2008-06-23 16:16:08 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtmsft.dll + 2008-06-23 16:16:08 205,312 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\dxtrans.dll + 2008-06-23 16:16:08 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\extmgr.dll + 2008-06-23 09:53:58 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iedw.exe + 2008-06-23 16:16:08 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\iepeers.dll + 2008-06-23 16:16:08 96,768 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\inseng.dll + 2008-06-23 16:16:08 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\jsproxy.dll + 2008-06-23 16:16:09 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtml.dll + 2008-06-23 16:16:09 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mshtmled.dll + 2008-06-23 16:16:09 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\msrating.dll + 2008-06-23 16:16:09 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\mstime.dll + 2008-06-23 16:16:09 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\pngfilt.dll + 2008-06-23 16:16:10 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shdocvw.dll + 2008-06-23 16:16:10 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\shlwapi.dll + 2008-07-03 09:42:46 354,304 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\spru0414.dll + 2008-06-23 16:16:10 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\urlmon.dll + 2008-06-23 16:16:10 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP2QFE\wininet.dll + 2008-06-23 15:12:38 3,088,384 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\mshtml.dll + 2008-06-26 08:15:08 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\shdocvw.dll + 2008-06-26 08:15:08 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\urlmon.dll + 2008-06-23 15:12:38 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3GDR\wininet.dll + 2008-06-25 04:27:12 3,088,896 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\mshtml.dll + 2008-06-26 08:11:32 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\shdocvw.dll + 2008-06-26 08:11:33 618,496 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\urlmon.dll + 2008-06-23 14:57:11 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB953838\SP3QFE\wininet.dll + 2007-11-30 12:39:50 17,784 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spmsg.dll + 2007-11-30 12:39:50 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB953838\spuninst.exe + 2007-11-30 12:39:50 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\spcustom.dll + 2007-11-30 12:39:47 760,696 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\update.exe + 2007-11-30 12:39:48 385,912 ----a-w C:\WINDOWS\$hf_mig$\KB953838\update\updspapi.dll + 2004-09-28 19:06:45 561,179 -c----w C:\WINDOWS\$NtUninstallKB950749$\dao360.dll + 2004-09-28 19:11:04 512,029 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexch40.dll + 2004-09-28 19:11:04 319,517 -c----w C:\WINDOWS\$NtUninstallKB950749$\msexcl40.dll + 2004-09-28 19:11:19 1,507,356 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjet40.dll + 2004-09-28 19:11:19 358,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjetol1.dll + 2004-09-28 19:11:19 358,976 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjetoledb40.dll + 2004-09-28 19:11:20 159,775 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjint40.dll + 2004-09-28 19:11:20 53,279 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjter40.dll + 2004-09-28 19:11:20 241,693 -c----w C:\WINDOWS\$NtUninstallKB950749$\msjtes40.dll + 2004-09-28 19:11:21 213,023 -c----w C:\WINDOWS\$NtUninstallKB950749$\msltus40.dll + 2004-09-28 19:11:33 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\mspbde40.dll + 2004-09-28 19:11:37 421,919 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd2x40.dll + 2004-09-28 19:11:37 315,423 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrd3x40.dll + 2004-09-28 19:11:38 552,989 -c----w C:\WINDOWS\$NtUninstallKB950749$\msrepl40.dll + 2004-09-28 19:11:42 258,077 -c----w C:\WINDOWS\$NtUninstallKB950749$\mstext40.dll + 2004-09-28 19:11:47 831,519 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswdat10.dll + 2004-09-28 19:11:49 614,429 -c----w C:\WINDOWS\$NtUninstallKB950749$\mswstr10.dll + 2004-09-28 19:11:49 348,189 -c----w C:\WINDOWS\$NtUninstallKB950749$\msxbde40.dll + 2007-03-06 02:01:51 214,752 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe + 2007-03-06 02:03:01 374,496 -c----w C:\WINDOWS\$NtUninstallKB950749$\spuninst\updspapi.dll + 2008-02-16 09:05:40 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB950759$\browseui.dll + 2008-02-16 09:05:40 151,552 -c----w C:\WINDOWS\$NtUninstallKB950759$\cdfview.dll + 2008-02-16 09:05:41 1,054,720 -c----w C:\WINDOWS\$NtUninstallKB950759$\danim.dll + 2008-02-16 09:05:42 357,888 -c----w C:\WINDOWS\$NtUninstallKB950759$\dxtmsft.dll + 2008-02-16 09:05:42 205,312 -c----w C:\WINDOWS\$NtUninstallKB950759$\dxtrans.dll + 2008-02-16 09:05:42 55,808 -c----w C:\WINDOWS\$NtUninstallKB950759$\extmgr.dll + 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\$NtUninstallKB950759$\iedw.exe + 2008-02-16 09:05:42 251,392 -c----w C:\WINDOWS\$NtUninstallKB950759$\iepeers.dll + 2008-02-16 09:05:42 96,768 -c----w C:\WINDOWS\$NtUninstallKB950759$\inseng.dll + 2008-02-16 09:05:42 16,384 -c----w C:\WINDOWS\$NtUninstallKB950759$\jsproxy.dll + 2008-02-16 22:35:48 3,080,704 -c----w C:\WINDOWS\$NtUninstallKB950759$\mshtml.dll + 2008-02-16 09:05:48 449,024 -c----w C:\WINDOWS\$NtUninstallKB950759$\mshtmled.dll + 2008-02-16 09:05:48 146,432 -c----w C:\WINDOWS\$NtUninstallKB950759$\msrating.dll + 2008-02-16 09:05:48 532,480 -c----w C:\WINDOWS\$NtUninstallKB950759$\mstime.dll + 2008-02-16 09:05:49 39,424 -c----w C:\WINDOWS\$NtUninstallKB950759$\pngfilt.dll + 2008-02-16 09:05:52 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB950759$\shdocvw.dll + 2008-02-16 09:05:52 474,112 -c----w C:\WINDOWS\$NtUninstallKB950759$\shlwapi.dll + 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe + 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB950759$\spuninst\updspapi.dll + 2008-02-16 09:05:53 615,936 -c----w C:\WINDOWS\$NtUninstallKB950759$\urlmon.dll + 2008-02-16 09:05:54 658,944 -c----w C:\WINDOWS\$NtUninstallKB950759$\wininet.dll + 2008-02-15 23:03:24 354,304 -c----w C:\WINDOWS\$NtUninstallKB950759$\xpsp3res.dll + 2007-11-30 12:39:50 26,488 -c----w C:\WINDOWS\$NtUninstallKB950760$\spcustom.dll + 2007-11-30 12:39:50 17,784 -c----w C:\WINDOWS\$NtUninstallKB950760$\spmsg.dll + 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst.exe + 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe + 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB950760$\spuninst\updspapi.dll + 2007-11-30 12:39:50 760,696 -c----w C:\WINDOWS\$NtUninstallKB950760$\update.exe + 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB950760$\updspapi.dll + 2006-07-13 08:48:58 202,240 -c----w C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys + 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe + 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi.dll + 2008-04-14 15:54:25 272,256 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys + 2007-11-30 11:19:51 232,824 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe + 2007-11-30 11:19:51 385,912 -c----w C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll + 2004-08-03 22:55:08 274,432 -c----w C:\WINDOWS\$NtUninstallKB951376$\bthport.sys + 2007-11-30 11:19:51 232,824 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe + 2007-11-30 11:19:51 385,912 -c----w C:\WINDOWS\$NtUninstallKB951376$\spuninst\updspapi.dll + 2007-10-29 22:45:19 1,290,752 -c----w C:\WINDOWS\$NtUninstallKB951698$\quartz.dll + 2007-11-30 11:19:51 232,824 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe + 2007-11-30 12:39:50 385,912 -c----w C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi.dll + 2004-09-28 19:05:43 138,496 -c----w C:\WINDOWS\$NtUninstallKB951748$\afd.sys + 2008-02-20 05:39:05 148,992 -c----w C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll + 2004-09-28 19:11:48 246,784 -c----w C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll + 2007-11-30 12:39:50 232,824 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe + 2007-11-30 12:39:48 385,912 -c----w C:\WINDOWS\$NtUninstallKB951748$\spuninst\updspapi.dll + 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys + 2006-08-16 09:37:30 225,664 -c----w C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys + 2008-06-14 18:00:44 272,256 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE - 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe + 2000-08-31 06:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe + 2008-06-25 15:56:00 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe + 2008-04-20 20:00:49 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe + 2008-04-20 20:00:49 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe + 2008-09-05 11:25:38 498,688 ----a-w C:\WINDOWS\LastGood\system32\clbcatq.dll - 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe + 2004-08-07 07:36:14 218,624 ----a-w C:\WINDOWS\system\uxtheme.dll - 2008-02-16 09:05:40 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll + 2008-06-23 15:41:43 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll - 2008-02-16 09:05:40 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll + 2008-06-23 15:41:43 151,552 ----a-w C:\WINDOWS\system32\cdfview.dll - 2005-07-26 04:43:10 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll + 2004-08-03 23:03:08 501,248 ----a-w C:\WINDOWS\system32\clbcatq.dll - 2008-02-16 09:05:41 1,054,720 ----a-w C:\WINDOWS\system32\danim.dll + 2008-06-23 15:41:43 1,054,720 ----a-w C:\WINDOWS\system32\danim.dll - 2004-09-28 19:05:43 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys + 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys - 2008-02-16 09:05:40 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll + 2008-06-23 15:41:43 1,023,488 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll + 2008-06-14 18:00:44 272,256 -c----w C:\WINDOWS\system32\dllcache\bthport.sys - 2008-02-16 09:05:40 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll + 2008-06-23 15:41:43 151,552 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll - 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2008-07-18 20:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll - 2005-07-26 04:43:10 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll + 2004-08-03 23:03:08 501,248 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll - 2008-02-16 09:05:41 1,054,720 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll + 2008-06-23 15:41:43 1,054,720 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll - 2004-09-28 19:06:45 561,179 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll + 2008-03-25 04:50:25 554,008 -c--a-w C:\WINDOWS\system32\dllcache\dao360.dll - 2008-02-20 05:39:05 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll + 2008-06-20 17:43:13 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll - 2008-02-16 09:05:42 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-06-23 15:41:43 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-02-16 09:05:42 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-06-23 15:41:43 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2005-07-26 04:43:11 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll + 2008-07-07 20:33:05 253,952 -c--a-w C:\WINDOWS\system32\dllcache\es.dll - 2008-02-16 09:05:42 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-06-23 15:41:43 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-02-15 09:23:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe + 2008-06-23 09:49:29 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe - 2008-02-16 09:05:42 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll + 2008-06-23 15:41:43 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll - 2007-08-21 06:18:26 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll + 2008-04-11 18:52:25 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll - 2008-02-16 09:05:42 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll + 2008-06-23 15:41:43 96,768 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll - 2008-02-16 09:05:42 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-06-23 15:41:43 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2004-09-28 19:10:49 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll + 2008-05-01 14:34:30 331,776 -c--a-w C:\WINDOWS\system32\dllcache\msadce.dll - 2005-06-29 01:53:12 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll + 2008-06-24 16:24:51 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll - 2004-09-28 19:11:04 512,029 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll + 2008-03-25 04:50:28 518,944 -c--a-w C:\WINDOWS\system32\dllcache\msexch40.dll - 2004-09-28 19:11:04 319,517 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll + 2008-03-25 04:50:30 326,432 -c--a-w C:\WINDOWS\system32\dllcache\msexcl40.dll - 2008-02-16 22:35:48 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-06-23 15:41:44 3,080,704 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-02-16 09:05:48 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-06-23 15:41:44 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2004-09-28 19:11:19 1,507,356 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll + 2008-03-25 04:50:34 1,516,568 -c--a-w C:\WINDOWS\system32\dllcache\msjet40.dll - 2004-09-28 19:11:19 358,976 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll + 2008-03-25 04:50:40 355,112 -c--a-w C:\WINDOWS\system32\dllcache\msjetol1.dll - 2004-09-28 19:11:20 159,775 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll + 2008-03-25 04:51:59 166,688 -c--a-w C:\WINDOWS\system32\dllcache\msjint40.dll - 2004-09-28 19:11:20 53,279 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll + 2008-03-25 04:50:42 60,192 -c--a-w C:\WINDOWS\system32\dllcache\msjter40.dll - 2004-09-28 19:11:20 241,693 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll + 2008-03-25 04:50:42 248,608 -c--a-w C:\WINDOWS\system32\dllcache\msjtes40.dll - 2004-09-28 19:11:21 213,023 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll + 2008-03-25 04:50:44 219,936 -c--a-w C:\WINDOWS\system32\dllcache\msltus40.dll - 2004-09-28 19:11:33 348,189 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll + 2008-03-25 04:50:45 355,104 -c--a-w C:\WINDOWS\system32\dllcache\mspbde40.dll - 2008-02-16 09:05:48 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-06-23 15:41:44 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2004-09-28 19:11:37 421,919 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll + 2008-03-25 04:50:47 432,928 -c--a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll - 2004-09-28 19:11:37 315,423 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll + 2008-03-25 04:50:49 322,336 -c--a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll - 2004-09-28 19:11:38 552,989 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll + 2008-03-25 04:50:52 559,904 -c--a-w C:\WINDOWS\system32\dllcache\msrepl40.dll - 2004-09-28 19:11:42 258,077 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll + 2008-03-25 04:50:55 264,992 -c--a-w C:\WINDOWS\system32\dllcache\mstext40.dll - 2008-02-16 09:05:48 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-06-23 15:41:44 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2004-09-28 19:11:47 831,519 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll + 2008-03-25 04:50:57 838,432 -c--a-w C:\WINDOWS\system32\dllcache\mswdat10.dll - 2004-09-28 19:11:48 246,784 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll + 2008-06-20 17:43:14 246,784 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll - 2004-09-28 19:11:49 614,429 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll + 2008-03-25 04:51:59 621,344 -c--a-w C:\WINDOWS\system32\dllcache\mswstr10.dll - 2004-09-28 19:11:49 348,189 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll + 2008-03-25 04:50:58 355,104 -c--a-w C:\WINDOWS\system32\dllcache\msxbde40.dll - 2008-02-16 09:05:49 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-06-23 15:41:44 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-10-29 22:45:19 1,290,752 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll + 2008-05-07 05:16:33 1,290,752 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll - 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys + 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys - 2008-02-16 09:05:52 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll + 2008-06-23 15:41:44 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll - 2008-02-16 09:05:52 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll + 2008-06-23 15:41:44 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll - 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys + 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys - 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys + 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys - 2008-02-16 09:05:53 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-06-23 15:41:44 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-02-16 09:05:54 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-06-23 15:41:45 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2008-07-18 20:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2008-07-18 20:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2008-07-18 20:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2008-07-18 20:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll + 2008-07-18 20:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll - 2007-07-30 17:19:28 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-18 20:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll - 2008-02-20 05:39:05 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll + 2008-06-20 17:43:13 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll - 2004-09-28 19:05:43 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys + 2008-06-20 10:44:38 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys - 2004-08-03 22:55:08 274,432 ------w C:\WINDOWS\system32\drivers\bthport.sys + 2008-06-14 18:00:44 272,256 ------w C:\WINDOWS\system32\drivers\bthport.sys - 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys + 2008-05-08 12:28:49 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys - 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys + 2008-06-20 10:45:13 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys - 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys + 2008-06-20 09:52:06 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys - 2008-02-16 09:05:42 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-06-23 15:41:43 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-02-16 09:05:42 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-06-23 15:41:43 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-02-16 09:05:42 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-06-23 15:41:43 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll - 2008-02-16 09:05:42 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll + 2008-06-23 15:41:43 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll - 2007-08-21 06:18:26 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll + 2008-04-11 18:52:25 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll - 2008-02-16 09:05:42 96,768 ----a-w C:\WINDOWS\system32\inseng.dll + 2008-06-23 15:41:43 96,768 ----a-w C:\WINDOWS\system32\inseng.dll - 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe + 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe - 2008-02-16 09:05:42 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-06-23 15:41:43 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2007-02-15 17:01:04 1,476,992 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll + 2008-03-20 16:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll - 2008-04-06 05:56:20 19,836,024 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-08-05 09:11:02 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe - 2004-09-28 19:11:04 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll + 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll - 2004-09-28 19:11:04 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll + 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll - 2008-02-16 22:35:48 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-06-23 15:41:44 3,080,704 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-02-16 09:05:48 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-06-23 15:41:44 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2004-09-28 19:11:19 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll + 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll - 2004-09-28 19:11:19 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll + 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll - 2004-09-28 19:11:20 159,775 ----a-w C:\WINDOWS\system32\msjint40.dll + 2008-03-25 04:51:59 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll - 2004-09-28 19:11:20 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll + 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll - 2004-09-28 19:11:20 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll + 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll - 2004-09-28 19:11:21 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll + 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll - 2004-09-28 19:11:33 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll + 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll - 2008-02-16 09:05:48 146,432 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-06-23 15:41:44 146,432 ----a-w C:\WINDOWS\system32\msrating.dll - 2004-09-28 19:11:37 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll + 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll - 2004-09-28 19:11:37 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll + 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll - 2004-09-28 19:11:38 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll + 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll - 2004-09-28 19:11:42 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll + 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll - 2008-02-16 09:05:48 532,480 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-06-23 15:41:44 532,480 ----a-w C:\WINDOWS\system32\mstime.dll - 2004-09-28 19:11:47 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll + 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll - 2004-09-28 19:11:49 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll + 2008-03-25 04:51:59 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll - 2004-09-28 19:11:49 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll + 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll - 2008-02-16 09:05:49 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-06-23 15:41:44 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-10-29 22:45:19 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll + 2008-05-07 05:16:33 1,290,752 ----a-w C:\WINDOWS\system32\quartz.dll + 2004-08-03 21:10:40 17,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\bthenum.sys + 2008-06-14 18:00:44 272,256 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\bthport.sys + 2004-08-03 21:10:36 18,944 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\BTHUSB.SYS + 2004-09-28 19:07:24 193,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\fsquirt.exe + 2004-08-03 20:58:40 100,992 ----a-w C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\bthpan.sys + 2004-08-03 21:10:40 17,024 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\BthEnum.sys + 2004-08-04 00:03:34 152,576 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\irftp.exe + 2004-08-04 00:03:14 27,136 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\irmon.dll + 2004-08-03 21:10:40 59,648 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\rfcomm.sys + 2004-09-28 19:21:19 108,032 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\wshBth.dll + 2004-08-04 00:03:28 8,192 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\wshirda.dll + 2004-09-28 19:08:07 39,936 ----a-w C:\WINDOWS\system32\ReinstallBackups\0016\DriverFiles\i386\intelppm.sys + 2004-09-28 19:08:07 39,936 ----a-w C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\i386\intelppm.sys + 2001-10-06 11:24:44 35,968 ----a-w C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\i386\isapnp.sys - 2008-02-16 09:05:52 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2008-06-23 15:41:44 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll - 2008-02-16 09:05:52 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2008-06-23 15:41:44 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll + 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll - 2004-08-03 23:03:38 8,192 ----a-w C:\WINDOWS\system32\spdwnwxp.exe + 2008-04-14 16:23:11 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe - 2006-09-25 15:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2007-08-10 06:22:34 17,784 ------w C:\WINDOWS\system32\spmsg.dll - 2006-09-25 15:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe + 2007-08-10 06:22:36 26,488 ----a-w C:\WINDOWS\system32\spupdsvc.exe - 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe + 2008-07-14 11:09:18 62,976 ------w C:\WINDOWS\system32\tzchange.exe - 2008-02-16 09:05:53 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-06-23 15:41:44 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-02-15 23:03:24 354,304 ----a-w C:\WINDOWS\system32\xpsp3res.dll + 2008-07-03 09:42:46 354,304 ----a-w C:\WINDOWS\system32\xpsp3res.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-28 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 7110656] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 86016] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648] "OpwareSE4"="C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632] "UfSeAgnt.exe"="C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "nwiz"="nwiz.exe" [2005-08-02 C:\WINDOWS\system32\nwiz.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-28 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-28 15360] C:\Documents and Settings\J›rund\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] WinZip Quick Pick.lnk - C:\Programfiler\WinZip\WZQKPICK.EXE [2006-01-11 122880] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;C:\WINDOWS\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936] *Newly Created Service* - PSEXESVC . - - - - ORPHANS REMOVED - - - - HKCU-Run-PcSync - C:\Programfiler\Nokia\Nokia PC Suite 6\PcSync2.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Jørund\Programdata\Mozilla\Firefox\Profiles\fg6xylac.default\ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-05 23:45:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\SAMLIB.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\system32\SAMLIB.dll . Completion time: 2008-09-05 23:47:21 ComboFix-quarantined-files.txt 2008-09-05 21:46:51 ComboFix2.txt 2008-04-26 07:08:12 ComboFix3.txt 2008-04-20 18:56:47 ComboFix4.txt 2008-04-20 13:18:36 Pre-Run: 44,789,960,704 byte ledig Post-Run: 44,779,528,192 byte ledig 617 --- E O F --- 2008-09-05 21:06:50 Lenke til kommentar
Ragnarokk Skrevet 5. september 2008 Forfatter Del Skrevet 5. september 2008 MBAM Malwarebytes' Anti-Malware 1.26 Database versjon: 1118 Windows 5.1.2600 Service Pack 2 2008-09-06 00:02:39 mbam-log-2008-09-06 (00-02-24).txt Skanntype: Rask Skann Objekter skannet: 44866 Tid tilbakelagt: 4 minute(s), 9 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 0 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: (Ingen mistenkelige filer funnet) Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\winlogon.ini (Heuristics.Reserved.Word.Exploit) -> No action taken. Lenke til kommentar
snippsat Skrevet 5. september 2008 Del Skrevet 5. september 2008 Kopiere fet tekst under bildet->åpne notisblokk og lim inn. Lagre på skrivebordet som CFScript.txt Gjør som på bildet combofix vil starte,Post logg c:\combofix.txt File:: C:\WINDOWS\system32\OLD74F.tmp C:\WINDOWS03146_.tmp C:\WINDOWS03145_.tmp C:\WINDOWS03144_.tmp Suspect::[3] C:\WINDOWS\DCEBoot.exe Dirlook:: C:\WINDOWS\system32\CatRoot_bak --- No action taken---> du må merka så MBAM sletter den filen. --- Som du så i denne posten så er dette tred sin feil. https://www.diskusjon.no/index.php?showtopic=1004302 Lenke til kommentar
Ragnarokk Skrevet 6. september 2008 Forfatter Del Skrevet 6. september 2008 Har seff merka så MBAM sletta fila, bare litt ivrig på å poste logg Har fulgt anvisning, og fått ny combologg (mens programmet lager loggen, kommer følgende beskjed: "ipconfig.exe-programfeil. Programmet ble ikke riktig initialisert") ComboFix 08-09-04.09 - Jørund 2008-09-06 8:34:51.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.396 [GMT 2:00] Running from: C:\Documents and Settings\Jørund\Skrivebord\ComboFix.exe Command switches used :: C:\Documents and Settings\Jørund\Skrivebord\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\OLD74F.tmp . ((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))) . 2008-09-05 23:51 . 2008-09-05 23:55 <DIR> d-------- C:\Programfiler\Malwarebytes' Anti-Malware 2008-09-05 23:51 . 2008-09-05 23:51 <DIR> d-------- C:\Documents and Settings\Jørund\Programdata\Malwarebytes 2008-09-05 23:51 . 2008-09-05 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Malwarebytes 2008-09-05 23:51 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-05 23:51 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-05 23:13 . 2008-09-06 08:33 <DIR> dr-h----- C:\Documents and Settings\Jørund\Siste 2008-09-05 23:13 . 2008-09-06 08:33 <DIR> dr-h----- C:\Documents and Settings\Jørund\Siste 2008-09-05 13:25 . 2008-09-05 23:41 1,880 --a------ C:\WINDOWS\DCEBOOT.CFG 2008-09-04 21:36 . 2008-09-05 13:25 <DIR> d-------- C:\WINDOWS\LastGood 2008-09-04 18:25 . 2008-09-04 18:25 113,838 --a------ C:\WINDOWS\system\6.0.2900.2180_EN.zip 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> dr------- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Start-meny 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> d--h----- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Skrivere 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> d-------- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Skrivebord 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> d--h----- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Siste 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> dr-h----- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Programdata 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> d-------- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Mine dokumenter 2008-09-04 11:45 . 2007-12-12 00:38 <DIR> d--h----- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Maler 2008-09-04 11:45 . 2008-09-06 08:37 <DIR> d--h----- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Lokale innstillinger 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> d-------- C:\Documents and Settings\Administrator.J-1617F615D9814.001\Favoritter 2008-09-04 11:45 . 2005-09-19 20:54 <DIR> d--h----- C:\Documents and Settings\Administrator.J-1617F615D9814.001\AndrMask 2008-09-04 11:45 . 2008-09-04 11:45 <DIR> d-------- C:\Documents and Settings\Administrator.J-1617F615D9814.001 2008-09-04 10:07 . 2008-09-05 23:41 10,752 --a------ C:\WINDOWS\DCEBoot.exe 2008-08-21 11:37 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\003146_.tmp 2008-08-21 11:37 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\003145_.tmp 2008-08-21 11:37 . 2006-12-28 21:01 19,569 --a------ C:\WINDOWS\003144_.tmp 2008-08-21 11:20 . 2008-09-05 23:16 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-05 11:25 64,000 ----a-w C:\WINDOWS\system32\samlib.dll 2008-09-04 08:07 --------- d-----w C:\Programfiler\SUPERAntiSpyware 2008-09-01 17:46 --------- d-----w C:\Programfiler\Java 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-18 17:08 36,368 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys 2008-07-18 17:08 205,328 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys 2008-07-18 16:51 1,195,448 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:41 658,944 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-25 09:44 603,176 ----a-w C:\Documents and Settings\Jørund\autoruns.exe 2008-02-25 09:44 603,176 ----a-w C:\Documents and Settings\Jørund\autoruns.exe 2008-02-25 09:44 513,064 ----a-w C:\Documents and Settings\Jørund\autorunsc.exe 2008-02-25 09:44 513,064 ----a-w C:\Documents and Settings\Jørund\autorunsc.exe . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\WINDOWS\system32\CatRoot_bak ---- ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-28 15360] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Programfiler\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 7110656] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-08-02 86016] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "SSBkgdUpdate"="C:\Programfiler\Fellesfiler\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648] "OpwareSE4"="C:\Programfiler\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632] "UfSeAgnt.exe"="C:\Programfiler\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024] "Adobe Reader Speed Launcher"="C:\Programfiler\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunJavaUpdateSched"="C:\Programfiler\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "nwiz"="nwiz.exe" [2005-08-02 C:\WINDOWS\system32\nwiz.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-28 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-28 15360] C:\Documents and Settings\J›rund\Start-meny\Programmer\Oppstart\ Adobe Gamma.lnk - C:\Programfiler\Fellesfiler\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Microsoft Office.lnk - C:\Programfiler\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] WinZip Quick Pick.lnk - C:\Programfiler\WinZip\WZQKPICK.EXE [2006-01-11 122880] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 12:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\LimeWire\\LimeWire.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= S3 OMNUSB;Omnikey AG CardMan 2020 USB-smartkortleser;C:\WINDOWS\system32\DRIVERS\sccmusbm.sys [2001-08-17 23936] *Newly Created Service* - PSEXESVC . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 08:37:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\SAMLIB.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\system32\SAMLIB.dll . Completion time: 2008-09-06 8:38:39 ComboFix-quarantined-files.txt 2008-09-06 06:38:31 ComboFix2.txt 2008-09-05 21:47:22 ComboFix3.txt 2008-04-26 07:08:12 ComboFix4.txt 2008-04-20 18:56:47 ComboFix5.txt 2008-09-06 06:34:13 Pre-Run: 44,675,584,000 byte ledig Post-Run: 44,784,660,480 byte ledig 142 --- E O F --- 2008-09-05 21:06:50 Lenke til kommentar
ola-ola Skrevet 6. september 2008 Del Skrevet 6. september 2008 Synderen er Trend Internet Security! Dersom det ikke allerede har skjedd, så kommer den i neste omgang til å ta livet av samlib.dll, og da har du et ordentlig problem! Du må få avinstallert Trend mens du fortsatt har tilgang til å bruke maskinen. Installer Avast, AVG eller noe annet godt gratis antivirus, og aktiver Windows firewall igjen. Ellers kan du finne innlegg om uxtheme-problemet her: http://hellreject.baywords.com/2008/09/04/...hemedll-solved/ Ola Lenke til kommentar
Alastor Skrevet 6. september 2008 Del Skrevet 6. september 2008 Mhm, for AVG og Avast er virkelig på toppen blant gode antivirusprogrammer...NEI DET ER DE IKKE!! Tviler ikke på at trend nødvendigvis er synderen her, men anbefalingene rundt hva du skal bruke istedenfor blir helt feil. Lenke til kommentar
r2d290 Skrevet 6. september 2008 Del Skrevet 6. september 2008 (endret) nvm Endret 6. september 2008 av r2d290 Lenke til kommentar
r2d290 Skrevet 6. september 2008 Del Skrevet 6. september 2008 (endret) nvm Endret 6. september 2008 av r2d290 Lenke til kommentar
r2d290 Skrevet 6. september 2008 Del Skrevet 6. september 2008 (endret) gjør som snippsat skrev om CFScript på disse filene: File:: C:\WINDOWS\003146_.tmp C:\WINDOWS\003145_.tmp C:\WINDOWS\003144_.tmp Endret 6. september 2008 av r2d290 Lenke til kommentar
ola-ola Skrevet 6. september 2008 Del Skrevet 6. september 2008 Mhm, for AVG og Avast er virkelig på toppen blant gode antivirusprogrammer...NEI DET ER DE IKKE!! Tviler ikke på at trend nødvendigvis er synderen her, men anbefalingene rundt hva du skal bruke istedenfor blir helt feil. At en moderator poster dette blir etter min mening helt feil. ...for hva du mener om andre antivirusprogrammer er det vesentlige i min post..? Trend Antivirus dreper enkelte dll-filer som kom med siste oppdatering fra Microsoft. XP servicepack 3 og Vista SP1 er ikke kompatible med enkelte utgaver av Trend IS. Kast ut Trend, og erstatt med et antivirusprogram etter egne preferenser, gratis eller ikke. Lenke til kommentar
r2d290 Skrevet 6. september 2008 Del Skrevet 6. september 2008 (endret) Så lenge en moderator ikke presiserer at det er skrevet som moderator, så skal du regne det som et vanlig innlegg De er mennesker de også, og ønsker å bruke forumet på samme måte som deg og meg Alastor har sin mening, du har din mening, og alle har rett til å si hva de vil så lenge det ikke er rasistisk eller mot rikslovene... Alastor er tydligvis uenig i at Avast og AVG ikke er noen gode programmer. Vil ikke stille meg helt bak ryggen h*ns, men det stemmer at det finnes bedre programmer (se oversikt på www.av-comparatives.org Men det er EN ting jeg synes blir helt feil, og det gjelder både Alastor (nå går jeg mot deg som bruker, og ikke som brukermoderator ) og ola-ola, og det er at dere kommer med ganske påståelige påstander, uten å backe dem opp med politlige kilder. Dette gjør bare trådstarter forvirret... Dessuten er ikke trådstarter ferdig med opprensingen v.h.a combofix, og det holder med én "løsningstype" om gangen. Hvis trådstarter får beskjed om å gjøre flere forskjellige ting samtidig, gjør det h*n bare forvirret... Så jeg fåreslår at vi lar Ragnarokk og Snippsat få fortsette Endret 6. september 2008 av r2d290 Lenke til kommentar
ola-ola Skrevet 6. september 2008 Del Skrevet 6. september 2008 Okidok. Jeg ser poenget ditt, og tar det til etteretning. Forøvrig: Har fikset 8 laptops siste 2 døgn med samme problem som over. (IT-ansvarlig i bedrift..) Felles for alle? Trend Micro Internet Security. Først røk UxTheme.dll. Greit å fikse. Med en gang UxTheme-problemet var rettet, så røk samlib.dll. Når samlib.dll ble erstattet, ble den slettet umiddelbart av Trend, som nå heller ikke lot seg avinstallere. De maskinen i parken som ikke ble affektert av problemene var de som ikke hadde aktivisert automatiske oppdateringer i Windows. Derfor ble Kapersky kjøpt inn til alle maskinene som ennå ikke var problematiske. Disse har ikke hatt problemer etterpå, selv ikke når oppdateringer ble kjørt. Derfor påståeligheten. Jeg skal holde meg unna til eventuelle andre løsninger kommer, og heller delta hvis dette kke løses på annet vis. Lenke til kommentar
r2d290 Skrevet 6. september 2008 Del Skrevet 6. september 2008 Der kom du med et MYE mer konstruktivt innlegg Ja, du får følge med på tråden, og se hvordan det går Lenke til kommentar
Alastor Skrevet 6. september 2008 Del Skrevet 6. september 2008 Beklager selv min manglende konstruktivitet. Må innrømme at det er fordi jeg er rimelig lei av en del mennesker som mener at AVG og kompani er mye bedre enn en del betalbare sikkerhetsløsninger, og som blåser av min anbefaling av å kjøpe Norton08, F-Secure eller iallefall orientere seg litt. Data-kongen som er med kompisen som skal ha seg ny pc: "Neida, bruk AVG du, norton brukte jeg for flere år siden og det ødelegger pcen din ytelsesmessig. Jeg får aldri virus med AVG". Så. Beklager at jeg slang ut litt useriøsitet . Men nå går vi off topic her, tilbake til å hjelpe trådstarter... Lenke til kommentar
Ragnarokk Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 Bror har kommet noe lengre enn meg, og fått problemer med den ...lib fila. Tviler ikke på at Trend har noe med dette å gjøre, men... Lenke til kommentar
Ragnarokk Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 gjør som snippsat skrev om CFScript på disse filene:File:: C:\WINDOWS\003146_.tmp C:\WINDOWS\003145_.tmp C:\WINDOWS\003144_.tmp Èn gang til? Har gjort dette etter snippsats anvisninger en gang. Lenke til kommentar
Ragnarokk Skrevet 7. september 2008 Forfatter Del Skrevet 7. september 2008 Litt skeptisk til å kvitte meg med Trend, som jeg forøvrig er fornøyd med ellers. Vi ahr hatt div. andre oppgjennom, og alltid hatt masse problemer med maskinene. Nå som vi har Trend har vi hatt minimalt. Dette er vel andre tredje gang vi sliter skikkelig. Blir litt rådvill her nå, er jo noe nervøs for samlib fila da, men samtidig ønsker jeg ikke rote mer enn jeg må, og å avinnstallere Trend blir derfor ikke gjort foreløpig. Dersom ikke snippsat sier at jeg skal gjøre det da, your word is my command! Lenke til kommentar
r2d290 Skrevet 7. september 2008 Del Skrevet 7. september 2008 gjør som snippsat skrev om CFScript på disse filene:File:: C:\WINDOWS\003146_.tmp C:\WINDOWS\003145_.tmp C:\WINDOWS\003144_.tmp Èn gang til? Har gjort dette etter snippsats anvisninger en gang. Ja, en gang til. Det er en bug (eller hva jeg skal kalle det) i forumet, som gjør at hvis du skriver skråstrek "\" og deretter "0" så forsvinner disse tegnene. Dette skjedde i snippsat sitt innlegg, og du har derfor ikke fått fjernet den fila. Hvis du kopierer det jeg har skrevet (jeg har satt undertekst under null-en for å hindre at den forsvinner), så vil det fungere bedre Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå