Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus,Virus everywhere,avast,avg all hav failed!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby sidk » July 4th, 2008, 7:04 am

hi guys,im new here,pls help -


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:07 PM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\DAP\DAP.EXE
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Messenger\msmsgs.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
D:\Program Files\Alwil Software\Avast4\ashSimpl.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashQuick.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7ACD99BA-A796-4FFF-AB4A-6C8BE4A28984} - (no file)
O2 - BHO: (no name) - {A260787B-911C-49A1-AE73-EC76A3CEC27E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] D:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BMdf0ae71b] Rundll32.exe "D:\WINDOWS\system32\oyamiiof.dll",s
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [34e362a5] rundll32.exe "D:\WINDOWS\system32\vehnshdn.dll",b
O4 - HKCU\..\Run: [filehippo.com] "D:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [PolicyRun] D:\WINDOWS\system32\spoolsv32.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: wvUkLDvV - wvUkLDvV.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6234 bytes
sidk
Regular Member
 
Posts: 44
Joined: July 3rd, 2008, 2:07 am
Advertisement
Register to Remove

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby askey127 » July 4th, 2008, 7:23 am

sidk,
Unfortunately, you have a multiple dangerous infections on your machine, with "backdoor" capabilities.
This can give remote intruders complete control of your computer, which can include logging key strokes, stealing information, etc.
You are strongly advised to do the following immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *ALL* of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
Because of the infection's backdoor functionality(i.e., remote control capability), the basic security of your PC is very likely compromised, and there is no way to be sure it can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action is to reformat the hard drive and reinstall the Windows Operating System. The reason for this is that the infection can make undetectable changes to your security settings, which may enable a re-installation of the infection after the machine is "cleaned" and reconnected to the internet. (This infection can, in effect, leave a "cellar door" unlocked so it can come back later and gain entry).

If you do not have the resources to reinstall your Windows Operating System and would like me to attempt to clean your machine, I will be happy to do so. This is your choice to make. A successful outcome is by no means assured in this case, however.

The following articles may be of assistance in your decision: Should you have any questions, please feel free to ask.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby sidk » July 4th, 2008, 12:27 pm

Used avast again,no respite,thnx for d reply.


I will try to clean my pc 1st,pls guide me in doing so,thnx.
sidk
Regular Member
 
Posts: 44
Joined: July 3rd, 2008, 2:07 am

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby sidk » July 4th, 2008, 12:36 pm

I scanned with avast again and here is a fresh log in case u require it -


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:17 PM, on 7/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\DAP\DAP.EXE
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: (no name) - {4a454d01-62bd-4a6c-bc0e-47e70bfc06ab} - D:\WINDOWS\system32\ldwajk.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7ACD99BA-A796-4FFF-AB4A-6C8BE4A28984} - (no file)
O2 - BHO: (no name) - {A260787B-911C-49A1-AE73-EC76A3CEC27E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] D:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BMdf0ae71b] Rundll32.exe "D:\WINDOWS\system32\oyamiiof.dll",s
O4 - HKLM\..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [34e362a5] rundll32.exe "D:\WINDOWS\system32\vehnshdn.dll",b
O4 - HKCU\..\Run: [filehippo.com] "D:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [PolicyRun] D:\WINDOWS\system32\spoolsv32.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O20 - Winlogon Notify: wvUkLDvV - wvUkLDvV.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6490 bytes
sidk
Regular Member
 
Posts: 44
Joined: July 3rd, 2008, 2:07 am

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby askey127 » July 4th, 2008, 2:52 pm

sidk,
There is a lot to do here, one step at a time.
-------------------------------------------------------------------
Disable Spybot's TeaTimer. This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the older version 1.4, Click on Exit Spybot S&D Resident
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident (shows a red/white shield).
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
PunkBuster
Spybot
Download Accelerator Plus (DAP)
uTorrent

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
-----------------------------------------------------
Download FixPolicies.exe, a self-extracting ZIP archive, and save it to your Desktop.
You can get it from here:: http://downloads.malwareremoval.com/BillCastner/FixPolicies.exe
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
-----------------------------------------------------------
Retrieve the List of Installed programs Using HiJackThis
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder. In addition, the list opens in Notepad so you can also save as another name in another location if you wish. Please paste the contents into your next reply.
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
We will run ComboFix.exe to deal with the Vundo Infection. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.
Please include the following report in your reply
C:\ComboFix.txt
-----------------------------------------------------------
Post a New HiJackThis Log
Reboot your computer. Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

So we are looking for The Installed Programs list from HiJackThis, The Combofix log, and a new HiJackThis log.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby sidk » July 4th, 2008, 11:15 pm

but i need dap,punkbuster and utorrent!!!!
sidk
Regular Member
 
Posts: 44
Joined: July 3rd, 2008, 2:07 am

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby sidk » July 5th, 2008, 1:00 am

Done everythink including d deletions,here r d logs -

Uninstall list -

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
AGEIA PhysX v7.09.13
avast! Antivirus
CCleaner (remove only)
CDBurnerXP
Counter-Strike: Condition Zero
Defraggler (remove only)
filehippo.com Update Checker
Foxit Reader
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB935448)
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
Java(TM) 6 Update 6
LimeWire 4.18.1
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0)
MSVC80_x86
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
NVIDIA Drivers
OpenAL
PC Connectivity Solution
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Tony Hawks Pro Skater 4
Top Spin 2
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB942763)
VideoLAN VLC media player 0.8.6h
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Messenger

Combofix logs -

ComboFix 08-07-04.2 - XYZ 2008-07-05 10:20:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1518 [GMT 5.5:30]
Running from: D:\Documents and Settings\XYZ\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\XYZ\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\BMdf0ae71b.txt
D:\WINDOWS\cookies.ini
D:\WINDOWS\system32\gMpXFfhk.ini
D:\WINDOWS\system32\gMpXFfhk.ini2
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\ndhsnhev.ini
D:\WINDOWS\system32\winsys.exe
D:\WINDOWS\system32\yhqrqmuw.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LPTRDCSRV
-------\Legacy_TCPSR


((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-05 09:01 . 2008-07-05 09:42 <DIR> d-------- D:\Program Files\COMODO
2008-07-05 09:01 . 2008-07-05 09:01 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\Comodo
2008-07-05 09:01 . 2008-07-05 09:01 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\comodo
2008-07-04 21:32 . 2008-07-04 21:32 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2008-07-04 14:22 . 2004-08-04 10:56 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
2008-07-04 14:17 . 2008-07-05 08:43 1,355 --a------ D:\WINDOWS\imsins.BAK
2008-07-03 17:19 . 2008-07-03 17:19 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-03 14:49 . 2008-07-03 14:49 <DIR> d-------- D:\Program Files\Foxit Software
2008-07-03 12:58 . 2008-07-03 12:58 95 --a------ D:\WINDOWS\wininit.ini
2008-07-03 12:29 . 2008-07-05 09:52 <DIR> d-------- D:\Program Files\Spybot - Search & Destroy
2008-07-03 12:29 . 2008-07-05 09:49 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-03 11:38 . 2008-06-13 18:40 272,128 --------- D:\WINDOWS\system32\drivers\bthport.sys
2008-07-03 11:38 . 2008-06-13 18:40 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys
2008-07-03 11:33 . 2008-07-03 11:33 <DIR> d-------- D:\Program Files\Trend Micro
2008-07-03 10:35 . 2008-07-04 14:24 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2008-07-03 08:19 . 2008-07-03 08:19 <DIR> d-------- D:\Program Files\Alwil Software
2008-07-02 15:27 . 2008-07-03 08:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\avg8
2008-07-02 14:17 . 2008-07-02 14:17 754 --a------ D:\WINDOWS\WORDPAD.INI
2008-07-02 06:25 . 2008-07-03 12:23 110,505 --a------ D:\WINDOWS\BMdf0ae71b.xml
2008-07-01 16:02 . 2008-07-03 17:06 <DIR> d-------- D:\Program Files\Miranda IM
2008-07-01 13:00 . 2008-07-03 08:13 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\Hamachi
2008-07-01 12:59 . 2008-07-01 12:59 25,280 --a------ D:\WINDOWS\system32\drivers\hamachi.sys
2008-07-01 12:34 . 2008-07-01 12:34 0 --a------ D:\WINDOWS\system32\5kG8s0W0.exe.a_a
2008-07-01 11:57 . 2008-07-01 11:57 0 --a------ D:\WINDOWS\nsreg.dat
2008-07-01 10:14 . 2008-07-03 08:30 <DIR> d-------- D:\Program Files\Total Video Converter
2008-07-01 09:52 . 2008-07-01 09:52 29,760 --a------ D:\WINDOWS\system32\0alaS41F.exe
2008-07-01 09:52 . 2008-07-01 09:52 0 --a------ D:\WINDOWS\system32\0alaS41F.exe.a_a
2008-07-01 09:40 . 2008-07-01 09:40 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\Canneverbe_Limited
2008-07-01 09:39 . 2008-07-01 09:39 <DIR> d-------- D:\Program Files\CDBurnerXP
2008-07-01 09:26 . 2008-07-01 09:26 <DIR> d-------- D:\Program Files\Defraggler
2008-06-30 14:33 . 2008-06-30 14:33 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\vlc
2008-06-30 14:13 . 2008-07-03 16:09 <DIR> d-------- D:\Program Files\FlashGet
2008-06-30 14:13 . 2004-08-04 09:14 359,040 --a------ D:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-06-29 18:47 . 2008-06-29 23:12 <DIR> d-------- D:\Program Files\Google
2008-06-29 18:47 . 2008-07-04 15:37 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\LimeWire
2008-06-29 18:45 . 2008-06-29 18:45 <DIR> d-------- D:\Program Files\Java
2008-06-29 18:45 . 2008-06-29 18:45 <DIR> d-------- D:\Program Files\Common Files\Java
2008-06-29 18:45 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-06-29 15:38 . 2008-06-29 15:41 <DIR> d-------- D:\Program Files\LimeWire
2008-06-29 13:58 . 2008-07-03 15:14 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\GetRight
2008-06-29 13:38 . 2008-06-29 13:38 <DIR> d-------- D:\Program Files\filehippo.com
2008-06-29 13:25 . 2008-06-29 13:25 <DIR> d---s---- D:\Documents and Settings\XYZ\UserData
2008-06-26 19:29 . 2001-08-17 14:02 9,600 --a------ D:\WINDOWS\system32\drivers\hidusb.sys
2008-06-26 19:29 . 2001-08-17 14:02 9,600 --a--c--- D:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-26 10:28 . 2008-06-26 10:32 1,905 --a------ D:\WINDOWS\diagwrn.xml
2008-06-26 10:28 . 2008-06-26 10:32 1,905 --a------ D:\WINDOWS\diagerr.xml
2008-06-26 10:14 . 2008-06-26 10:15 3,639 --a------ D:\WINDOWS\VGSCDAPI.VXD
2008-06-15 22:03 . 2008-06-15 22:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Aspyr
2008-06-15 20:20 . 2004-12-10 09:06 327,680 --a------ D:\WINDOWS\system32\vp6dec.ax
2008-06-15 17:07 . 2008-06-15 17:07 <DIR> d-------- D:\Program Files\Aspyr
2008-06-15 14:26 . 2008-06-15 14:26 20 --a------ D:\WINDOWS\mafosav.INI
2008-06-15 10:51 . 2008-06-21 10:58 604 --a------ D:\WINDOWS\Thps3.INI
2008-06-14 22:20 . 2008-06-28 13:49 22 --a------ D:\WINDOWS\clofghls.dll
2008-06-14 22:17 . 2008-06-14 22:17 <DIR> d-------- D:\WINDOWS\system32\Futuremark
2008-06-14 22:17 . 2004-10-25 20:02 21,664 --a------ D:\WINDOWS\system32\drivers\Entech.sys
2008-06-14 22:17 . 1999-11-02 10:01 6,173 --a------ D:\WINDOWS\system32\drivers\Entech.vxd
2008-06-14 22:17 . 2004-06-22 15:44 5,632 --a------ D:\WINDOWS\system32\drivers\Entech64.sys
2008-06-14 22:17 . 2001-11-19 19:05 3,972 --a------ D:\WINDOWS\system32\drivers\PciBus.sys
2008-06-12 21:43 . 2007-10-12 15:14 3,734,536 --a------ D:\WINDOWS\system32\d3dx9_36.dll
2008-06-12 21:43 . 2007-10-12 15:14 1,374,232 --a------ D:\WINDOWS\system32\D3DCompiler_36.dll
2008-06-12 21:43 . 2007-10-02 09:56 444,776 --a------ D:\WINDOWS\system32\d3dx10_36.dll
2008-06-12 21:43 . 2007-10-22 03:39 267,272 --a------ D:\WINDOWS\system32\xactengine2_10.dll
2008-06-12 21:43 . 2007-07-20 00:57 267,112 --a------ D:\WINDOWS\system32\xactengine2_9.dll
2008-06-12 21:26 . 2008-06-12 21:26 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\InstallShield
2008-06-10 14:03 . 2008-06-10 14:03 <DIR> d-------- D:\Program Files\OpenAL
2008-06-10 14:03 . 2008-07-01 10:57 413,696 --a------ D:\WINDOWS\system32\wrap_oal.dll
2008-06-10 14:03 . 2008-07-01 10:57 110,592 --a------ D:\WINDOWS\system32\OpenAL32.dll
2008-06-10 14:00 . 2008-06-10 14:00 <DIR> d-------- D:\WINDOWS\system32\xlive
2008-06-08 11:47 . 2008-06-08 11:47 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\HP
2008-06-08 10:46 . 2008-06-08 10:46 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\Disney Interactive Studios
2008-06-07 15:18 . 2008-06-07 15:18 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\dvdcss
2008-06-07 13:03 . 2008-06-07 13:03 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\Nokia Multimedia Player
2008-06-07 13:02 . 2004-08-03 23:08 25,600 --a------ D:\WINDOWS\system32\drivers\usbser.sys
2008-06-07 13:02 . 2004-08-03 23:08 25,600 --a--c--- D:\WINDOWS\system32\dllcache\usbser.sys
2008-06-07 13:02 . 2008-06-07 13:02 0 --ah----- D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-07 13:02 . 2008-06-07 13:02 0 --ah----- D:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-06 21:49 . 2008-06-06 21:50 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\DeepBurner
2008-06-06 21:45 . 2008-06-06 21:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-06 21:42 . 2008-06-06 21:42 <DIR> d-------- D:\Program Files\PC Connectivity Solution
2008-06-06 21:42 . 2008-06-06 21:42 <DIR> d-------- D:\Program Files\Common Files\PCSuite
2008-06-06 21:42 . 2008-06-06 21:42 <DIR> d-------- D:\Program Files\Common Files\Nokia
2008-06-06 21:42 . 2008-06-07 13:07 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\Nokia
2008-06-06 21:42 . 2007-09-17 15:53 21,632 --a------ D:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-06-06 21:41 . 2008-06-06 21:42 <DIR> d-------- D:\Program Files\Nokia
2008-06-06 21:41 . 2007-11-29 10:33 1,419,232 --a------ D:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-06 21:41 . 2007-11-29 10:39 95,744 --a------ D:\WINDOWS\system32\nmwcdcocls.dll
2008-06-06 21:41 . 2007-11-29 10:39 19,328 --a------ D:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-06 21:41 . 2007-11-29 10:39 16,896 --a------ D:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-06 21:41 . 2007-11-29 10:39 8,064 --a------ D:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-06 21:40 . 2008-06-06 21:40 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Installations
2008-06-06 21:39 . 2008-06-06 21:39 <DIR> d-------- D:\Program Files\DAEMON Tools Lite
2008-06-06 21:36 . 2008-06-06 21:36 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\DAEMON Tools
2008-06-05 21:41 . 2008-06-05 21:41 <DIR> d-------- D:\Program Files\DIFX
2008-06-05 21:41 . 2008-06-07 13:03 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\PC Suite
2008-06-05 21:40 . 2007-11-29 10:32 48,128 --a------ D:\WINDOWS\system32\nmwcdcls.dll
2008-06-05 13:52 . 2005-02-27 21:48 356,352 --a------ D:\WINDOWS\system32\RealMediaSplitter.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 04:20 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-07-04 15:31 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-07-03 11:48 --------- d-----w D:\Program Files\Yahoo!
2008-07-03 02:54 --------- d-----w D:\Program Files\OCCT
2008-07-02 09:57 --------- d-----w D:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-01 04:10 --------- d-----w D:\Program Files\Ahead
2008-07-01 04:09 --------- d-----w D:\Program Files\Common Files\Ahead
2008-06-15 14:50 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-06-09 10:13 --------- d-----w D:\Documents and Settings\XYZ\Application Data\Ahead
2008-06-08 13:33 --------- d-----w D:\Program Files\Common Files\Adobe
2008-06-06 16:06 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-05-31 07:15 --------- d-----w D:\Program Files\HP
2008-05-08 12:28 202,752 ----a-w D:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 10:57 --------- d-----w D:\Program Files\CCleaner
.

------- Sigcheck -------

2007-10-30 22:50 360064 90caff4b094573449a0872a0f919b178 D:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2gdr\tcpip.sys
2007-10-30 22:23 360832 64798ecfa43d78c7178375fcdd16d8c8 D:\WINDOWS\SoftwareDistribution\Download\146ae5e7b51a37f45e0e5cf03d0d5e3c\sp2qfe\tcpip.sys
2004-08-04 09:14 359040 9f4b36614a0fc234525ba224957de55c D:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 09:14 359040 6a603809f598332dbedd535bdbce313e D:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"filehippo.com"="D:\Program Files\filehippo.com\UpdateChecker.exe" [2008-04-30 18:20 136704]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 19:30 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"="D:\WINDOWS\system32\winsys2.exe" [2007-10-30 14:07 208896]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16:24 16116224 D:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 D:\WINDOWS\system32\nwiz.exe]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dih44.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Valve\\Condition Zero\\czero.exe"=
"D:\\Program Files\\Aspyr\\Top Spin 2\\Data\\Top Spin 2.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=



[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1EC04D97-5F10-DD1B-0306-020403060503}]
D:\WINDOWS\system32\SecSystem.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-01 04:22:41 D:\WINDOWS\Tasks\At1.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-05 03:30:01 D:\WINDOWS\Tasks\At10.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-05 04:30:01 D:\WINDOWS\Tasks\At11.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-03 05:30:01 D:\WINDOWS\Tasks\At12.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-03 06:30:01 D:\WINDOWS\Tasks\At13.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-03 07:30:01 D:\WINDOWS\Tasks\At14.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-03 08:30:02 D:\WINDOWS\Tasks\At15.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-04 09:30:01 D:\WINDOWS\Tasks\At16.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-04 10:45:43 D:\WINDOWS\Tasks\At17.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-04 11:30:02 D:\WINDOWS\Tasks\At18.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-04 12:30:01 D:\WINDOWS\Tasks\At19.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-01 04:22:41 D:\WINDOWS\Tasks\At2.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-04 13:30:01 D:\WINDOWS\Tasks\At20.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-03 14:30:01 D:\WINDOWS\Tasks\At21.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-04 15:30:01 D:\WINDOWS\Tasks\At22.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-04 16:30:01 D:\WINDOWS\Tasks\At23.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-01 04:22:41 D:\WINDOWS\Tasks\At24.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-01 04:22:41 D:\WINDOWS\Tasks\At3.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-01 04:22:41 D:\WINDOWS\Tasks\At4.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-01 04:22:41 D:\WINDOWS\Tasks\At5.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-01 04:22:41 D:\WINDOWS\Tasks\At6.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-01 04:22:41 D:\WINDOWS\Tasks\At7.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-02 01:30:01 D:\WINDOWS\Tasks\At8.job"
- D:\WINDOWS\system32\0alaS41F.exe
"2008-07-03 02:30:02 D:\WINDOWS\Tasks\At9.job"
- D:\WINDOWS\system32\0alaS41F.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{4a454d01-62bd-4a6c-bc0e-47e70bfc06ab} - D:\WINDOWS\system32\ldwajk.dll
BHO-{7ACD99BA-A796-4FFF-AB4A-6C8BE4A28984} - (no file)
BHO-{A260787B-911C-49A1-AE73-EC76A3CEC27E} - (no file)
HKLM-Run-BMdf0ae71b - D:\WINDOWS\system32\oyamiiof.dll
HKLM-Run-34e362a5 - D:\WINDOWS\system32\vehnshdn.dll
HKLM-Run-DXDllRegExe - dxdllreg.exe
HKLM-Explorer_Run-PolicyRun - D:\WINDOWS\system32\spoolsv32.exe
ShellExecuteHooks-{A260787B-911C-49A1-AE73-EC76A3CEC27E} - (no file)
Notify-winjyg32 - winjyg32.dll
Notify-wvUkLDvV - wvUkLDvV.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 10:23:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\winlogon.exe
-> D:\WINDOWS\system32\HookShield.dll
-> D:\WINDOWS\system32\Auxiliary.dll

PROCESS: D:\WINDOWS\system32\lsass.exe
-> D:\WINDOWS\system32\HookShield.dll
-> D:\WINDOWS\system32\Auxiliary.dll

PROCESS: D:\WINDOWS\explorer.exe
-> D:\WINDOWS\system32\HookShield.dll
-> D:\WINDOWS\system32\Auxiliary.dll

PROCESS: D:\WINDOWS\system32\csrss.exe
-> D:\WINDOWS\system32\HookShield.dll
-> D:\WINDOWS\system32\Auxiliary.dll
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-07-05 10:26:55 - machine was rebooted [XYZ]
ComboFix-quarantined-files.txt 2008-07-05 04:56:51

Pre-Run: 1,456,631,808 bytes free
Post-Run: 1,370,083,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

282 --- E O F --- 2008-07-05 04:17:58


Hijack this log -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:44 AM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: (no name) - {4a454d01-62bd-4a6c-bc0e-47e70bfc06ab} - D:\WINDOWS\system32\ldwajk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7ACD99BA-A796-4FFF-AB4A-6C8BE4A28984} - (no file)
O2 - BHO: (no name) - {A260787B-911C-49A1-AE73-EC76A3CEC27E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinSys2] D:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [filehippo.com] "D:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5049 bytes
sidk
Regular Member
 
Posts: 44
Joined: July 3rd, 2008, 2:07 am

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby askey127 » July 5th, 2008, 8:03 am

sidk,
You can re-install the P2P and Punkbuster stuff when we are done, if we are successful.
I hope you do realize that you will continually get re-infected if you persist in using file sharing and undocumented downloads.
-------------------------------------------------------------
Please Uninstall Limewire
-------------------------------------------------------------
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard
    Code: Select all
    File::
    D:\WINDOWS\system32\winsys2.exe
    D:\WINDOWS\system32\5kG8s0W0.exe.a_a
    D:\WINDOWS\system32\0alaS41F.exe.a_a
    D:\WINDOWS\system32\0alaS41F.exe
    D:\WINDOWS\Tasks\At1.job
    D:\WINDOWS\Tasks\At2.job
    D:\WINDOWS\Tasks\At3.job
    D:\WINDOWS\Tasks\At4.job
    D:\WINDOWS\Tasks\At5.job
    D:\WINDOWS\Tasks\At6.job
    D:\WINDOWS\Tasks\At7.job
    D:\WINDOWS\Tasks\At8.job
    D:\WINDOWS\Tasks\At9.job
    D:\WINDOWS\Tasks\At10.job
    D:\WINDOWS\Tasks\At12.job
    D:\WINDOWS\Tasks\At13.job
    D:\WINDOWS\Tasks\At14.job
    D:\WINDOWS\Tasks\At15.job
    D:\WINDOWS\Tasks\At16.job
    D:\WINDOWS\Tasks\At17.job
    D:\WINDOWS\Tasks\At18.job
    D:\WINDOWS\Tasks\At19.job
    D:\WINDOWS\Tasks\At20.job
    D:\WINDOWS\Tasks\At21.job
    D:\WINDOWS\Tasks\At22.job
    D:\WINDOWS\Tasks\At23.job
    D:\WINDOWS\Tasks\At24.job
    D:\WINDOWS\Tasks\At25.job
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinSys2"=-
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.
-----------------------------------------------------------
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath.
Copy and paste this filepath:
D:\WINDOWS\system32\HookShield.dll

Then hit Submit or Upload, depending on the scanner.
The scan will take a while before the result comes up so please be patient.
Then copy and/or save the result and post it here in this thread.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html
or virus.org here: http://scanner.virus.org/

Repeat the above process uploading D:\WINDOWS\system32\Auxiliary.dll
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is risky, especially on an infected machine).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis (or reveal.exe).
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: (no name) - {4a454d01-62bd-4a6c-bc0e-47e70bfc06ab} - D:\WINDOWS\system32\ldwajk.dll (file missing)
O2 - BHO: (no name) - {7ACD99BA-A796-4FFF-AB4A-6C8BE4A28984} - (no file)
O2 - BHO: (no name) - {A260787B-911C-49A1-AE73-EC76A3CEC27E} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [WinSys2] D:\WINDOWS\system32\winsys2.exe

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
Post a New HiJackThis Log
Reboot your computer. Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

So we are looking for the Combofix log, the results from Jotti on two files, and a new HiJackThis log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby sidk » July 5th, 2008, 9:06 am

Unsuccesful,after repeated trials,even after restarting comofix says that the file is being used by some other process.

Deleted the thngs u asked from HijackThis.
sidk
Regular Member
 
Posts: 44
Joined: July 3rd, 2008, 2:07 am

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby askey127 » July 5th, 2008, 10:31 am

What was unsuccessful? Combofix?
Did it say which file? Is it winsys2.exe?

I still need the combofix log and rest of the stuff I asked for.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby sidk » July 5th, 2008, 12:16 pm

The CFScript thing was unsuccessful.It didn't specify d name of any file.
sidk
Regular Member
 
Posts: 44
Joined: July 3rd, 2008, 2:07 am

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby sidk » July 5th, 2008, 12:53 pm

Every thin done.

Both files u gave were maleware free.


Combofix log -

ComboFix 08-07-04.2 - XYZ 2008-07-05 22:16:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1643 [GMT 5.5:30]
Running from: D:\Documents and Settings\XYZ\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\XYZ\Desktop\CFScript.txt
* Created a new restore point

FILE ::
D:\WINDOWS\system32\0alaS41F.exe
D:\WINDOWS\system32\0alaS41F.exe.a_a
D:\WINDOWS\system32\5kG8s0W0.exe.a_a
D:\WINDOWS\system32\winsys2.exe
D:\WINDOWS\system32\WinSys2.exe
D:\WINDOWS\Tasks\At1.job
D:\WINDOWS\Tasks\At10.job
D:\WINDOWS\Tasks\At12.job
D:\WINDOWS\Tasks\At13.job
D:\WINDOWS\Tasks\At14.job
D:\WINDOWS\Tasks\At15.job
D:\WINDOWS\Tasks\At16.job
D:\WINDOWS\Tasks\At17.job
D:\WINDOWS\Tasks\At18.job
D:\WINDOWS\Tasks\At19.job
D:\WINDOWS\Tasks\At2.job
D:\WINDOWS\Tasks\At20.job
D:\WINDOWS\Tasks\At21.job
D:\WINDOWS\Tasks\At22.job
D:\WINDOWS\Tasks\At23.job
D:\WINDOWS\Tasks\At24.job
D:\WINDOWS\Tasks\At25.job
D:\WINDOWS\Tasks\At3.job
D:\WINDOWS\Tasks\At4.job
D:\WINDOWS\Tasks\At5.job
D:\WINDOWS\Tasks\At6.job
D:\WINDOWS\Tasks\At7.job
D:\WINDOWS\Tasks\At8.job
D:\WINDOWS\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\BMdf0ae71b.xml
D:\WINDOWS\system32\0alaS41F.exe
D:\WINDOWS\system32\0alaS41F.exe.a_a
D:\WINDOWS\system32\5kG8s0W0.exe.a_a
D:\WINDOWS\system32\WinSys2.exe
D:\WINDOWS\Tasks\At1.job
D:\WINDOWS\Tasks\At10.job
D:\WINDOWS\Tasks\At12.job
D:\WINDOWS\Tasks\At13.job
D:\WINDOWS\Tasks\At14.job
D:\WINDOWS\Tasks\At15.job
D:\WINDOWS\Tasks\At16.job
D:\WINDOWS\Tasks\At17.job
D:\WINDOWS\Tasks\At18.job
D:\WINDOWS\Tasks\At19.job
D:\WINDOWS\Tasks\At2.job
D:\WINDOWS\Tasks\At20.job
D:\WINDOWS\Tasks\At21.job
D:\WINDOWS\Tasks\At22.job
D:\WINDOWS\Tasks\At23.job
D:\WINDOWS\Tasks\At24.job
D:\WINDOWS\Tasks\At3.job
D:\WINDOWS\Tasks\At4.job
D:\WINDOWS\Tasks\At5.job
D:\WINDOWS\Tasks\At6.job
D:\WINDOWS\Tasks\At7.job
D:\WINDOWS\Tasks\At8.job
D:\WINDOWS\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))
.

2008-07-05 11:05 . 2008-07-05 18:48 107,832 --a------ D:\WINDOWS\system32\PnkBstrB.exe
2008-07-05 11:05 . 2008-07-05 11:05 66,872 --a------ D:\WINDOWS\system32\PnkBstrA.exe
2008-07-05 11:05 . 2008-07-05 18:48 22,328 --a------ D:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-05 10:34 . 2008-07-05 10:34 <DIR> d-------- D:\New Folder
2008-07-05 09:01 . 2008-07-05 09:42 <DIR> d-------- D:\Program Files\COMODO
2008-07-05 09:01 . 2008-07-05 09:01 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\Comodo
2008-07-05 09:01 . 2008-07-05 09:01 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\comodo
2008-07-04 21:32 . 2008-07-04 21:32 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2008-07-04 14:22 . 2004-08-04 10:56 221,184 --a------ D:\WINDOWS\system32\wmpns.dll
2008-07-03 17:19 . 2008-07-03 17:19 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-03 14:49 . 2008-07-03 14:49 <DIR> d-------- D:\Program Files\Foxit Software
2008-07-03 12:58 . 2008-07-03 12:58 95 --a------ D:\WINDOWS\wininit.ini
2008-07-03 12:29 . 2008-07-05 09:52 <DIR> d-------- D:\Program Files\Spybot - Search & Destroy
2008-07-03 12:29 . 2008-07-05 09:49 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-03 11:38 . 2008-06-13 18:40 272,128 --------- D:\WINDOWS\system32\drivers\bthport.sys
2008-07-03 11:38 . 2008-06-13 18:40 272,128 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys
2008-07-03 11:33 . 2008-07-03 11:33 <DIR> d-------- D:\Program Files\Trend Micro
2008-07-03 10:35 . 2008-07-04 14:24 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2008-07-03 08:19 . 2008-07-03 08:19 <DIR> d-------- D:\Program Files\Alwil Software
2008-07-02 15:27 . 2008-07-03 08:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\avg8
2008-07-02 14:17 . 2008-07-02 14:17 754 --a------ D:\WINDOWS\WORDPAD.INI
2008-07-01 16:02 . 2008-07-03 17:06 <DIR> d-------- D:\Program Files\Miranda IM
2008-07-01 13:00 . 2008-07-03 08:13 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\Hamachi
2008-07-01 12:59 . 2008-07-01 12:59 25,280 --a------ D:\WINDOWS\system32\drivers\hamachi.sys
2008-07-01 11:57 . 2008-07-01 11:57 0 --a------ D:\WINDOWS\nsreg.dat
2008-07-01 10:14 . 2008-07-03 08:30 <DIR> d-------- D:\Program Files\Total Video Converter
2008-07-01 09:40 . 2008-07-01 09:40 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\Canneverbe_Limited
2008-07-01 09:39 . 2008-07-01 09:39 <DIR> d-------- D:\Program Files\CDBurnerXP
2008-07-01 09:26 . 2008-07-01 09:26 <DIR> d-------- D:\Program Files\Defraggler
2008-06-30 14:33 . 2008-06-30 14:33 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\vlc
2008-06-30 14:13 . 2008-07-03 16:09 <DIR> d-------- D:\Program Files\FlashGet
2008-06-30 14:13 . 2004-08-04 09:14 359,040 --a------ D:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-06-29 18:47 . 2008-06-29 23:12 <DIR> d-------- D:\Program Files\Google
2008-06-29 18:47 . 2008-07-05 14:24 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\LimeWire
2008-06-29 18:45 . 2008-06-29 18:45 <DIR> d-------- D:\Program Files\Java
2008-06-29 18:45 . 2008-06-29 18:45 <DIR> d-------- D:\Program Files\Common Files\Java
2008-06-29 18:45 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl
2008-06-29 15:38 . 2008-06-29 15:41 <DIR> d-------- D:\Program Files\LimeWire
2008-06-29 13:58 . 2008-07-03 15:14 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\GetRight
2008-06-29 13:38 . 2008-06-29 13:38 <DIR> d-------- D:\Program Files\filehippo.com
2008-06-29 13:25 . 2008-06-29 13:25 <DIR> d---s---- D:\Documents and Settings\XYZ\UserData
2008-06-26 19:29 . 2001-08-17 14:02 9,600 --a------ D:\WINDOWS\system32\drivers\hidusb.sys
2008-06-26 19:29 . 2001-08-17 14:02 9,600 --a--c--- D:\WINDOWS\system32\dllcache\hidusb.sys
2008-06-26 10:28 . 2008-06-26 10:32 1,905 --a------ D:\WINDOWS\diagwrn.xml
2008-06-26 10:28 . 2008-06-26 10:32 1,905 --a------ D:\WINDOWS\diagerr.xml
2008-06-26 10:14 . 2008-06-26 10:15 3,639 --a------ D:\WINDOWS\VGSCDAPI.VXD
2008-06-15 22:03 . 2008-06-15 22:03 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Aspyr
2008-06-15 20:20 . 2004-12-10 09:06 327,680 --a------ D:\WINDOWS\system32\vp6dec.ax
2008-06-15 17:07 . 2008-06-15 17:07 <DIR> d-------- D:\Program Files\Aspyr
2008-06-15 14:26 . 2008-06-15 14:26 20 --a------ D:\WINDOWS\mafosav.INI
2008-06-15 10:51 . 2008-06-21 10:58 604 --a------ D:\WINDOWS\Thps3.INI
2008-06-14 22:20 . 2008-06-28 13:49 22 --a------ D:\WINDOWS\clofghls.dll
2008-06-14 22:17 . 2008-06-14 22:17 <DIR> d-------- D:\WINDOWS\system32\Futuremark
2008-06-14 22:17 . 2004-10-25 20:02 21,664 --a------ D:\WINDOWS\system32\drivers\Entech.sys
2008-06-14 22:17 . 1999-11-02 10:01 6,173 --a------ D:\WINDOWS\system32\drivers\Entech.vxd
2008-06-14 22:17 . 2004-06-22 15:44 5,632 --a------ D:\WINDOWS\system32\drivers\Entech64.sys
2008-06-14 22:17 . 2001-11-19 19:05 3,972 --a------ D:\WINDOWS\system32\drivers\PciBus.sys
2008-06-12 21:43 . 2007-10-12 15:14 3,734,536 --a------ D:\WINDOWS\system32\d3dx9_36.dll
2008-06-12 21:43 . 2007-10-12 15:14 1,374,232 --a------ D:\WINDOWS\system32\D3DCompiler_36.dll
2008-06-12 21:43 . 2007-10-02 09:56 444,776 --a------ D:\WINDOWS\system32\d3dx10_36.dll
2008-06-12 21:43 . 2007-10-22 03:39 267,272 --a------ D:\WINDOWS\system32\xactengine2_10.dll
2008-06-12 21:43 . 2007-07-20 00:57 267,112 --a------ D:\WINDOWS\system32\xactengine2_9.dll
2008-06-12 21:26 . 2008-06-12 21:26 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\InstallShield
2008-06-10 14:03 . 2008-06-10 14:03 <DIR> d-------- D:\Program Files\OpenAL
2008-06-10 14:03 . 2008-07-01 10:57 413,696 --a------ D:\WINDOWS\system32\wrap_oal.dll
2008-06-10 14:03 . 2008-07-01 10:57 110,592 --a------ D:\WINDOWS\system32\OpenAL32.dll
2008-06-10 14:00 . 2008-06-10 14:00 <DIR> d-------- D:\WINDOWS\system32\xlive
2008-06-08 11:47 . 2008-06-08 11:47 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\HP
2008-06-08 10:46 . 2008-06-08 10:46 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\Disney Interactive Studios
2008-06-07 15:18 . 2008-06-07 15:18 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\dvdcss
2008-06-07 13:03 . 2008-06-07 13:03 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\Nokia Multimedia Player
2008-06-07 13:02 . 2004-08-03 23:08 25,600 --a------ D:\WINDOWS\system32\drivers\usbser.sys
2008-06-07 13:02 . 2004-08-03 23:08 25,600 --a--c--- D:\WINDOWS\system32\dllcache\usbser.sys
2008-06-07 13:02 . 2008-06-07 13:02 0 --ah----- D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-07 13:02 . 2008-06-07 13:02 0 --ah----- D:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-06-06 21:49 . 2008-06-06 21:50 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\DeepBurner
2008-06-06 21:45 . 2008-06-06 21:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-06 21:42 . 2008-06-06 21:42 <DIR> d-------- D:\Program Files\PC Connectivity Solution
2008-06-06 21:42 . 2008-06-06 21:42 <DIR> d-------- D:\Program Files\Common Files\PCSuite
2008-06-06 21:42 . 2008-06-06 21:42 <DIR> d-------- D:\Program Files\Common Files\Nokia
2008-06-06 21:42 . 2008-06-07 13:07 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\Nokia
2008-06-06 21:42 . 2007-09-17 15:53 21,632 --a------ D:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-06-06 21:41 . 2008-06-06 21:42 <DIR> d-------- D:\Program Files\Nokia
2008-06-06 21:41 . 2007-11-29 10:33 1,419,232 --a------ D:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-06 21:41 . 2007-11-29 10:39 95,744 --a------ D:\WINDOWS\system32\nmwcdcocls.dll
2008-06-06 21:41 . 2007-11-29 10:39 19,328 --a------ D:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-06-06 21:41 . 2007-11-29 10:39 16,896 --a------ D:\WINDOWS\system32\drivers\ccdcmb.sys
2008-06-06 21:41 . 2007-11-29 10:39 8,064 --a------ D:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-06-06 21:40 . 2008-06-06 21:40 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Installations
2008-06-06 21:39 . 2008-06-06 21:39 <DIR> d-------- D:\Program Files\DAEMON Tools Lite
2008-06-06 21:36 . 2008-06-06 21:36 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\DAEMON Tools
2008-06-05 21:41 . 2008-06-05 21:41 <DIR> d-------- D:\Program Files\DIFX
2008-06-05 21:41 . 2008-06-07 13:03 <DIR> d-------- D:\Documents and Settings\XYZ\Application Data\PC Suite
2008-06-05 21:40 . 2007-11-29 10:32 48,128 --a------ D:\WINDOWS\system32\nmwcdcls.dll
2008-06-05 13:52 . 2005-02-27 21:48 356,352 --a------ D:\WINDOWS\system32\RealMediaSplitter.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-05 04:20 --------- d---a-w D:\Documents and Settings\All Users\Application Data\TEMP
2008-07-04 15:31 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-07-03 11:48 --------- d-----w D:\Program Files\Yahoo!
2008-07-03 02:54 --------- d-----w D:\Program Files\OCCT
2008-07-02 09:57 --------- d-----w D:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-01 04:10 --------- d-----w D:\Program Files\Ahead
2008-07-01 04:09 --------- d-----w D:\Program Files\Common Files\Ahead
2008-06-16 11:04 446,464 ----a-w D:\WINDOWS\system32\NVUNINST.EXE
2008-06-15 14:50 --------- d-----w D:\Program Files\Common Files\InstallShield
2008-06-15 14:35 98,304 ----a-w D:\WINDOWS\system32\CmdLineExt.dll
2008-06-09 10:13 --------- d-----w D:\Documents and Settings\XYZ\Application Data\Ahead
2008-06-08 13:33 --------- d-----w D:\Program Files\Common Files\Adobe
2008-06-06 16:06 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-05-31 07:15 --------- d-----w D:\Program Files\HP
2008-05-08 12:28 202,752 ----a-w D:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 10:57 --------- d-----w D:\Program Files\CCleaner
2008-05-07 05:18 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w D:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-05_10.26.28.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-11-17 17:31:32 347,136 ----a-w D:\WINDOWS\$hf_mig$\KB873339\SP2QFE\hypertrm.dll
+ 2004-10-14 05:04:52 7,168 ----a-w D:\WINDOWS\$hf_mig$\KB873339\spmsg.dll
+ 2004-10-14 05:06:18 169,984 ----a-w D:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
+ 2004-10-14 05:06:16 21,504 ----a-w D:\WINDOWS\$hf_mig$\KB873339\update\spcustom.dll
+ 2004-10-14 05:04:54 654,848 ----a-w D:\WINDOWS\$hf_mig$\KB873339\update\update.exe
+ 2004-10-28 01:28:18 721,920 ----a-w D:\WINDOWS\$hf_mig$\KB885835\SP2QFE\lsasrv.dll
+ 2004-10-28 01:15:16 448,128 ----a-w D:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
+ 2004-10-28 01:14:56 174,592 ----a-w D:\WINDOWS\$hf_mig$\KB885835\SP2QFE\rdbss.sys
+ 2004-10-14 06:04:52 7,168 ----a-w D:\WINDOWS\$hf_mig$\KB885835\spmsg.dll
+ 2004-10-14 06:06:18 169,984 ----a-w D:\WINDOWS\$hf_mig$\KB885835\spuninst.exe
+ 2004-10-14 06:06:16 21,504 ----a-w D:\WINDOWS\$hf_mig$\KB885835\update\spcustom.dll
+ 2004-10-14 06:04:54 654,848 ----a-w D:\WINDOWS\$hf_mig$\KB885835\update\update.exe
+ 2004-10-14 06:04:52 7,168 ----a-w D:\WINDOWS\$hf_mig$\KB885836\spmsg.dll
+ 2004-10-14 06:06:18 169,984 ----a-w D:\WINDOWS\$hf_mig$\KB885836\spuninst.exe
+ 2004-10-14 06:06:16 21,504 ----a-w D:\WINDOWS\$hf_mig$\KB885836\update\spcustom.dll
+ 2004-10-14 06:04:54 654,848 ----a-w D:\WINDOWS\$hf_mig$\KB885836\update\update.exe
+ 2005-07-08 16:28:58 249,344 ----a-w D:\WINDOWS\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
+ 2005-02-24 15:05:06 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB893756\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w D:\WINDOWS\$hf_mig$\KB893756\spuninst.exe
+ 2005-07-07 13:57:08 30,720 ----a-w D:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
+ 2005-02-24 15:05:06 22,240 ----a-w D:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w D:\WINDOWS\$hf_mig$\KB893756\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w D:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll
+ 2005-04-28 19:35:02 1,286,144 ----a-w D:\WINDOWS\$hf_mig$\KB894391\SP2QFE\ole32.dll
+ 2005-04-28 19:35:01 74,752 ----a-w D:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecli32.dll
+ 2005-04-28 19:35:01 37,376 ----a-w D:\WINDOWS\$hf_mig$\KB894391\SP2QFE\olecnv32.dll
+ 2005-04-28 19:35:01 396,288 ----a-w D:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll
+ 2005-02-24 15:05:06 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w D:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
+ 2005-02-24 15:05:06 22,240 ----a-w D:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w D:\WINDOWS\$hf_mig$\KB894391\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w D:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
+ 2005-06-11 00:17:13 57,856 ----a-w D:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
+ 2005-02-24 15:05:06 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w D:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
+ 2005-06-29 11:24:32 30,720 ----a-w D:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
+ 2005-02-24 15:05:06 22,240 ----a-w D:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w D:\WINDOWS\$hf_mig$\KB896423\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w D:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
+ 2005-06-15 17:42:35 297,984 ----a-w D:\WINDOWS\$hf_mig$\KB899587\SP2QFE\kerberos.dll
+ 2005-02-24 15:05:06 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB899587\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w D:\WINDOWS\$hf_mig$\KB899587\spuninst.exe
+ 2005-06-29 11:24:32 30,720 ----a-w D:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
+ 2005-02-24 15:05:06 22,240 ----a-w D:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w D:\WINDOWS\$hf_mig$\KB899587\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w D:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll
+ 2005-06-10 04:06:01 139,528 ----a-w D:\WINDOWS\$hf_mig$\KB899591\SP2QFE\rdpwd.sys
+ 2005-02-24 15:05:06 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w D:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
+ 2005-06-29 11:24:32 30,720 ----a-w D:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
+ 2005-02-24 15:05:06 22,240 ----a-w D:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w D:\WINDOWS\$hf_mig$\KB899591\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w D:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
+ 2006-02-15 00:30:07 142,464 ----a-w D:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB900485\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB900485\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB900485\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll
+ 2005-09-10 01:48:47 2,068,480 ----a-w D:\WINDOWS\$hf_mig$\KB901017\SP2QFE\cdosys.dll
+ 2005-02-24 15:05:06 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB901017\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w D:\WINDOWS\$hf_mig$\KB901017\spuninst.exe
+ 2005-09-09 10:56:26 30,720 ----a-w D:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
+ 2005-02-24 15:05:06 22,240 ----a-w D:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w D:\WINDOWS\$hf_mig$\KB901017\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w D:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll
+ 2005-07-26 04:20:23 225,792 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrv.dll
+ 2005-07-26 04:20:23 625,152 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\catsrvut.dll
+ 2005-07-26 04:20:23 110,080 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatex.dll
+ 2005-07-26 04:20:24 498,688 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\clbcatq.dll
+ 2005-07-26 04:20:24 60,416 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\colbact.dll
+ 2005-07-26 04:20:24 195,072 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comadmin.dll
+ 2005-07-26 04:20:25 97,792 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comrepl.dll
+ 2005-07-26 04:20:27 1,267,200 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comsvcs.dll
+ 2005-07-26 04:20:28 540,160 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\comuid.dll
+ 2005-07-26 04:20:28 243,200 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
+ 2005-07-25 23:42:35 8,704 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe
+ 2005-07-26 04:20:29 425,472 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcprx.dll
+ 2005-07-26 04:20:31 945,152 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtctm.dll
+ 2005-07-26 04:20:31 161,280 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\msdtcuiu.dll
+ 2005-07-26 04:20:39 66,560 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxclu.dll
+ 2005-07-26 04:20:40 91,136 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\mtxoci.dll
+ 2005-07-26 04:20:40 1,285,632 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\ole32.dll
+ 2005-07-26 04:20:40 74,752 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecli32.dll
+ 2005-07-26 04:20:40 37,376 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\olecnv32.dll
+ 2005-07-26 04:20:40 398,336 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
+ 2005-07-26 04:20:40 101,376 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\txflog.dll
+ 2005-07-26 04:20:40 11,776 ----a-w D:\WINDOWS\$hf_mig$\KB902400\SP2QFE\xolehlp.dll
+ 2005-02-24 15:05:06 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB902400\spmsg.dll
+ 2005-02-24 15:05:06 209,632 ----a-w D:\WINDOWS\$hf_mig$\KB902400\spuninst.exe
+ 2005-07-25 13:51:18 30,720 ----a-w D:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
+ 2005-02-24 15:05:06 22,240 ----a-w D:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll
+ 2005-02-24 15:05:06 718,048 ----a-w D:\WINDOWS\$hf_mig$\KB902400\update\update.exe
+ 2005-02-24 15:05:08 371,936 ----a-w D:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll
+ 2005-10-17 21:21:19 80,896 ----a-w D:\WINDOWS\$hf_mig$\KB908519\SP2QFE\fontsub.dll
+ 2005-10-17 21:21:19 117,760 ----a-w D:\WINDOWS\$hf_mig$\KB908519\SP2QFE\t2embed.dll
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB908519\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB908519\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB908519\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB908519\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB908519\update\updspapi.dll
+ 2006-06-22 10:36:52 180,736 ----a-w D:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB911280\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
+ 2006-03-23 05:53:08 143,360 ----a-w D:\WINDOWS\$hf_mig$\KB911562\SP2QFE\msadco.dll
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB911562\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB911562\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB911562\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB911562\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB911562\update\updspapi.dll
+ 2006-01-04 04:18:34 68,096 ----a-w D:\WINDOWS\$hf_mig$\KB911927\SP2QFE\webclnt.dll
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB911927\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB911927\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB911927\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB911927\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB911927\update\updspapi.dll
+ 2006-05-05 10:16:39 454,400 ----a-w D:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
+ 2006-05-05 10:22:52 174,592 ----a-w D:\WINDOWS\$hf_mig$\KB914389\SP2QFE\rdbss.sys
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB914389\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB914389\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB914389\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB914389\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB914389\update\updspapi.dll
+ 2006-06-26 17:45:19 147,456 ----a-w D:\WINDOWS\$hf_mig$\KB920683\SP2QFE\dnsapi.dll
+ 2006-06-26 17:45:19 7,680 ----a-w D:\WINDOWS\$hf_mig$\KB920683\SP2QFE\rasadhlp.dll
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB920683\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB920683\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB920683\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB920683\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB920683\update\updspapi.dll
+ 2006-06-22 05:22:04 69,120 ----a-w D:\WINDOWS\$hf_mig$\KB920685\SP2QFE\ciodm.dll
+ 2006-06-22 05:22:05 1,435,648 ----a-w D:\WINDOWS\$hf_mig$\KB920685\SP2QFE\query.dll
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB920685\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB920685\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB920685\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB920685\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB920685\update\updspapi.dll
+ 2006-08-16 12:08:32 100,352 ----a-w D:\WINDOWS\$hf_mig$\KB922819\SP2QFE\6to4svc.dll
+ 2006-08-16 10:13:39 225,664 ----a-w D:\WINDOWS\$hf_mig$\KB922819\SP2QFE\tcpip6.sys
+ 2005-10-12 23:16:49 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB922819\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB922819\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB922819\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB922819\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB922819\update\updspapi.dll
+ 2006-08-14 12:00:42 332,928 ----a-w D:\WINDOWS\$hf_mig$\KB923414\SP2QFE\srv.sys
+ 2005-10-12 23:16:49 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB923414\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB923414\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB923414\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB923414\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB923414\update\updspapi.dll
+ 2006-10-13 12:41:38 64,000 ----a-w D:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll
+ 2006-10-13 12:41:38 142,336 ----a-w D:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
+ 2006-10-13 10:39:12 163,456 ----a-w D:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys
+ 2006-10-13 12:41:38 65,536 ----a-w D:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll
+ 2005-10-12 23:16:49 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB923980\spmsg.dll
+ 2005-10-12 23:16:49 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB923980\spuninst.exe
+ 2005-10-12 23:16:49 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB923980\update\update.exe
+ 2005-10-12 23:16:56 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll
+ 2006-08-17 12:37:49 726,528 ----a-w D:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll
+ 2006-08-17 12:37:49 337,408 ----a-w D:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll
+ 2006-08-17 12:37:49 132,096 ----a-w D:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB924270\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB924270\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB924270\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB924270\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB924270\update\updspapi.dll
+ 2006-12-26 13:18:55 536,576 ----a-w D:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
+ 2006-12-26 13:18:55 180,224 ----a-w D:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
+ 2006-12-26 13:18:55 200,704 ----a-w D:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
+ 2006-12-26 13:18:55 102,400 ----a-w D:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
+ 2006-01-19 19:29:19 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB927779\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
+ 2006-12-19 18:47:14 333,824 ----a-w D:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB927802\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB927802\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB927802\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll
+ 2006-12-19 21:50:10 8,458,752 ----a-w D:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
+ 2006-12-19 21:50:10 135,168 ----a-w D:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
+ 2006-12-19 16:10:56 248,320 ----a-w D:\WINDOWS\$hf_mig$\KB928255\SP2QFE\xpsp3res.dll
+ 2006-01-19 19:29:19 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB928255\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
+ 2007-02-05 20:19:14 185,344 ----a-w D:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
+ 2006-01-19 19:29:19 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB931261\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
+ 2007-02-28 09:53:04 2,137,600 ----a-w D:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
+ 2007-02-28 09:15:56 2,059,392 ----a-w D:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
+ 2007-02-28 09:15:59 2,017,280 ----a-w D:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
+ 2007-02-28 09:55:14 2,182,144 ----a-w D:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB931784\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB931784\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB931784\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll
+ 2007-04-16 16:07:27 986,112 ----a-w D:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB935839\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
+ 2007-06-26 06:06:12 1,104,896 ----a-w D:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
+ 2007-04-23 10:14:23 364,160 ----a-w D:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
+ 2006-01-19 19:29:19 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB936357\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
+ 2007-07-06 09:52:38 72,960 ----a-w D:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqac.sys
+ 2007-07-06 13:08:11 138,240 ----a-w D:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqad.dll
+ 2007-07-06 13:08:11 47,104 ----a-w D:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqdscli.dll
+ 2007-07-06 13:08:11 16,896 ----a-w D:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqise.dll
+ 2007-07-06 13:08:11 660,992 ----a-w D:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqqm.dll
+ 2007-07-06 13:08:11 177,152 ----a-w D:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqrt.dll
+ 2007-07-06 13:08:11 95,744 ----a-w D:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqsec.dll
+ 2007-07-06 13:08:11 48,640 ----a-w D:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqupgrd.dll
+ 2007-07-06 13:08:11 471,552 ----a-w D:\WINDOWS\$hf_mig$\KB937894\SP2QFE\mqutil.dll
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB937894\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB937894\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB937894\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB937894\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB937894\update\updspapi.dll
+ 2007-06-26 15:16:01 851,968 ----a-w D:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB938127\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
+ 2007-06-13 11:26:03 1,033,216 ----a-w D:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:12:25 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w D:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 ----a-w D:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w D:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w D:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w D:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w D:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w D:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w D:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w D:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w D:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w D:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w D:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w D:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w D:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w D:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w D:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-07-05 04:53:13 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2008-07-05 16:13:00 2,048 --s-a-w D:\WINDOWS\bootstat.dat
+ 2006-02-15 00:22:26 142,464 ------w D:\WINDOWS\Driver Cache\i386\aec.sys
+ 2006-05-05 09:41:45 453,120 ------w D:\WINDOWS\Driver Cache\i386\mrxsmb.sys
- 2005-03-02 00:57:44 2,135,552 ------w D:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 09:08:48 2,136,064 ------w D:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
- 2005-03-02 00:34:40 2,056,832 ------w D:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 08:38:55 2,057,600 ------w D:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:34:42 2,015,232 ------w D:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 08:38:57 2,015,744 ------w D:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:59:53 2,179,328 ------w D:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2007-02-28 09:10:57 2,180,352 ------w D:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2004-08-04 05:26:50 1,032,192 ----a-w D:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w D:\WINDOWS\explorer.exe
- 2004-08-04 05:26:42 100,352 ----a-w D:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w D:\WINDOWS\system32\6to4svc.dll
- 2004-08-04 05:26:42 229,888 ----a-w D:\WINDOWS\system32\catsrv.dll
+ 2005-07-26 04:39:42 225,792 ----a-w D:\WINDOWS\system32\catsrv.dll
- 2004-08-04 05:26:42 628,224 ----a-w D:\WINDOWS\system32\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 ----a-w D:\WINDOWS\system32\catsrvut.dll
- 2004-08-04 05:26:42 2,067,968 ----a-w D:\WINDOWS\system32\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 ----a-w D:\WINDOWS\system32\cdosys.dll
- 2004-08-04 05:26:42 69,120 ----a-w D:\WINDOWS\system32\ciodm.dll
+ 2006-06-22 05:06:29 69,120 ----a-w D:\WINDOWS\system32\ciodm.dll
- 2004-08-04 05:26:42 110,080 ----a-w D:\WINDOWS\system32\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 ----a-w D:\WINDOWS\system32\clbcatex.dll
- 2004-08-04 05:26:42 501,248 ----a-w D:\WINDOWS\system32\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 ----a-w D:\WINDOWS\system32\clbcatq.dll
- 2004-08-04 05:26:42 62,464 ----a-w D:\WINDOWS\system32\colbact.dll
+ 2005-07-26 04:39:43 60,416 ----a-w D:\WINDOWS\system32\colbact.dll
- 2004-08-04 05:26:42 195,584 ----a-w D:\WINDOWS\system32\Com\comadmin.dll
+ 2005-07-26 04:39:44 195,072 ----a-w D:\WINDOWS\system32\Com\comadmin.dll
- 2004-08-07 00:45:36 82,432 ----a-w D:\WINDOWS\system32\comrepl.dll
+ 2005-07-26 04:39:44 97,792 ----a-w D:\WINDOWS\system32\comrepl.dll
- 2004-08-04 05:26:42 1,251,840 ----a-w D:\WINDOWS\system32\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 ----a-w D:\WINDOWS\system32\comsvcs.dll
- 2004-08-04 05:26:42 540,160 ----a-w D:\WINDOWS\system32\comuid.dll
+ 2005-07-26 04:39:45 540,160 ----a-w D:\WINDOWS\system32\comuid.dll
- 2004-08-04 05:26:42 100,352 -c--a-w D:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 -c--a-w D:\WINDOWS\system32\dllcache\6to4svc.dll
- 2004-08-03 17:09:38 142,464 -c--a-w D:\WINDOWS\system32\dllcache\aec.sys
+ 2006-02-15 00:22:26 142,464 -c--a-w D:\WINDOWS\system32\dllcache\aec.sys
- 2004-08-04 05:26:42 229,888 -c--a-w D:\WINDOWS\system32\dllcache\catsrv.dll
+ 2005-07-26 04:39:42 225,792 -c--a-w D:\WINDOWS\system32\dllcache\catsrv.dll
- 2004-08-04 05:26:42 628,224 -c--a-w D:\WINDOWS\system32\dllcache\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 -c--a-w D:\WINDOWS\system32\dllcache\catsrvut.dll
- 2004-08-04 05:26:42 2,067,968 -c--a-w D:\WINDOWS\system32\dllcache\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 -c--a-w D:\WINDOWS\system32\dllcache\cdosys.dll
- 2004-08-04 05:26:42 69,120 -c--a-w D:\WINDOWS\system32\dllcache\ciodm.dll
+ 2006-06-22 05:06:29 69,120 -c--a-w D:\WINDOWS\system32\dllcache\ciodm.dll
- 2004-08-04 05:26:42 110,080 -c--a-w D:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 -c--a-w D:\WINDOWS\system32\dllcache\clbcatex.dll
- 2004-08-04 05:26:42 501,248 -c--a-w D:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 -c--a-w D:\WINDOWS\system32\dllcache\clbcatq.dll
- 2004-08-04 05:26:42 62,464 -c--a-w D:\WINDOWS\system32\dllcache\colbact.dll
+ 2005-07-26 04:39:43 60,416 -c--a-w D:\WINDOWS\system32\dllcache\colbact.dll
- 2004-08-04 05:26:42 195,584 -c--a-w D:\WINDOWS\system32\dllcache\comadmin.dll
+ 2005-07-26 04:39:44 195,072 -c--a-w D:\WINDOWS\system32\dllcache\comadmin.dll
- 2004-08-07 00:45:36 82,432 -c--a-w D:\WINDOWS\system32\dllcache\comrepl.dll
+ 2005-07-26 04:39:44 97,792 -c--a-w D:\WINDOWS\system32\dllcache\comrepl.dll
- 2004-08-04 05:26:42 1,251,840 -c--a-w D:\WINDOWS\system32\dllcache\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 -c--a-w D:\WINDOWS\system32\dllcache\comsvcs.dll
- 2004-08-04 05:26:42 540,160 -c--a-w D:\WINDOWS\system32\dllcache\comuid.dll
+ 2005-07-26 04:39:45 540,160 -c--a-w D:\WINDOWS\system32\dllcache\comuid.dll
- 2004-08-04 05:26:44 243,200 -c--a-w D:\WINDOWS\system32\dllcache\es.dll
+ 2005-07-26 04:39:45 243,200 -c--a-w D:\WINDOWS\system32\dllcache\es.dll
- 2004-08-04 05:26:50 1,032,192 -c--a-w D:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 -c--a-w D:\WINDOWS\system32\dllcache\explorer.exe
- 2004-08-07 00:46:31 79,360 -c--a-w D:\WINDOWS\system32\dllcache\fontsub.dll
+ 2005-10-17 21:14:45 80,896 -c--a-w D:\WINDOWS\system32\dllcache\fontsub.dll
- 2004-08-04 05:26:44 294,400 -c--a-w D:\WINDOWS\system32\dllcache\kerberos.dll
+ 2005-06-15 17:49:30 295,936 -c--a-w D:\WINDOWS\system32\dllcache\kerberos.dll
- 2004-08-04 05:26:44 983,552 -c--a-w D:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:52:53 984,576 -c--a-w D:\WINDOWS\system32\dllcache\kernel32.dll
- 2004-08-07 00:47:07 924,432 -c--a-w D:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 -c--a-w D:\WINDOWS\system32\dllcache\mfc40u.dll
- 2004-08-04 05:26:44 1,024,000 -c--a-w D:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 -c--a-w D:\WINDOWS\system32\dllcache\mfc42u.dll
- 2004-08-04 05:26:52 7,680 -c--a-w D:\WINDOWS\system32\dllcache\migregdb.exe
+ 2005-07-25 23:46:57 7,680 -c--a-w D:\WINDOWS\system32\dllcache\migregdb.exe
- 2004-08-04 03:28:22 72,960 -c--a-w D:\WINDOWS\system32\dllcache\mqac.sys
+ 2007-07-06 10:05:47 72,960 -c--a-w D:\WINDOWS\system32\dllcache\mqac.sys
- 2004-08-04 05:26:44 138,240 -c--a-w D:\WINDOWS\system32\dllcache\mqad.dll
+ 2007-07-06 12:46:59 138,240 -c--a-w D:\WINDOWS\system32\dllcache\mqad.dll
- 2004-08-04 05:26:44 47,104 -c--a-w D:\WINDOWS\system32\dllcache\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 -c--a-w D:\WINDOWS\system32\dllcache\mqdscli.dll
- 2004-08-04 05:26:44 16,896 -c--a-w D:\WINDOWS\system32\dllcache\mqise.dll
+ 2007-07-06 12:46:59 16,896 -c--a-w D:\WINDOWS\system32\dllcache\mqise.dll
- 2004-08-04 05:26:44 660,992 -c--a-w D:\WINDOWS\system32\dllcache\mqqm.dll
+ 2007-07-06 12:46:59 660,992 -c--a-w D:\WINDOWS\system32\dllcache\mqqm.dll
- 2004-08-04 05:26:44 177,152 -c--a-w D:\WINDOWS\system32\dllcache\mqrt.dll
+ 2007-07-06 12:46:59 177,152 -c--a-w D:\WINDOWS\system32\dllcache\mqrt.dll
- 2004-08-04 05:26:44 95,744 -c--a-w D:\WINDOWS\system32\dllcache\mqsec.dll
+ 2007-07-06 12:46:59 95,744 -c--a-w D:\WINDOWS\system32\dllcache\mqsec.dll
- 2004-08-04 05:26:44 48,640 -c--a-w D:\WINDOWS\system32\dllcache\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 -c--a-w D:\WINDOWS\system32\dllcache\mqupgrd.dll
- 2004-08-04 05:26:44 471,552 -c--a-w D:\WINDOWS\system32\dllcache\mqutil.dll
+ 2007-07-06 12:46:59 471,552 -c--a-w D:\WINDOWS\system32\dllcache\mqutil.dll
+ 2006-05-05 09:41:45 453,120 -c----w D:\WINDOWS\system32\dllcache\mrxsmb.sys
- 2004-08-04 05:26:44 143,360 -c--a-w D:\WINDOWS\system32\dllcache\msadco.dll
+ 2006-03-23 05:44:21 143,360 -c--a-w D:\WINDOWS\system32\dllcache\msadco.dll
- 2004-08-04 05:26:44 536,576 -c--a-w D:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:07:23 536,576 -c--a-w D:\WINDOWS\system32\dllcache\msado15.dll
- 2004-08-04 05:26:44 180,224 -c--a-w D:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:07:23 180,224 -c--a-w D:\WINDOWS\system32\dllcache\msadomd.dll
- 2004-08-04 05:26:44 200,704 -c--a-w D:\WINDOWS\system32\dllcache\msadox.dll
+ 2006-12-26 13:07:23 200,704 -c--a-w D:\WINDOWS\system32\dllcache\msadox.dll
- 2004-08-04 05:26:44 102,400 -c--a-w D:\WINDOWS\system32\dllcache\msjro.dll
+ 2006-12-26 13:07:23 102,400 -c--a-w D:\WINDOWS\system32\dllcache\msjro.dll
- 2004-08-04 05:26:46 1,236,480 -c--a-w D:\WINDOWS\system32\dllcache\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 -c--a-w D:\WINDOWS\system32\dllcache\msxml3.dll
- 2004-08-04 05:26:46 332,288 -c--a-w D:\WINDOWS\system32\dllcache\netapi32.dll
+ 2006-08-17 12:28:27 332,288 -c--a-w D:\WINDOWS\system32\dllcache\netapi32.dll
+ 2007-02-28 09:08:48 2,136,064 -c----w D:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 -c----w D:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 -c----w D:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 -c----w D:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2004-08-07 00:47:32 58,880 -c--a-w D:\WINDOWS\system32\dllcache\nwapi32.dll
+ 2006-10-13 12:35:12 64,000 -c--a-w D:\WINDOWS\system32\dllcache\nwapi32.dll
- 2004-08-04 05:26:46 144,384 -c--a-w D:\WINDOWS\system32\dllcache\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 -c--a-w D:\WINDOWS\system32\dllcache\nwprovau.dll
- 2004-08-04 03:32:24 163,584 -c--a-w D:\WINDOWS\system32\dllcache\nwrdr.sys
+ 2006-10-13 10:23:15 163,584 -c--a-w D:\WINDOWS\system32\dllcache\nwrdr.sys
- 2004-08-04 05:26:46 64,000 -c--a-w D:\WINDOWS\system32\dllcache\nwwks.dll
+ 2006-10-13 12:35:12 65,536 -c--a-w D:\WINDOWS\system32\dllcache\nwwks.dll
- 2004-08-04 05:26:46 1,281,536 -c--a-w D:\WINDOWS\system32\dllcache\ole32.dll
+ 2005-07-26 04:39:48 1,285,120 -c--a-w D:\WINDOWS\system32\dllcache\ole32.dll
- 2004-08-04 05:26:46 553,472 -c--a-w D:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c--a-w D:\WINDOWS\system32\dllcache\oleaut32.dll
- 2004-08-07 00:47:36 68,608 -c--a-w D:\WINDOWS\system32\dllcache\olecli32.dll
+ 2005-07-26 04:39:48 74,752 -c--a-w D:\WINDOWS\system32\dllcache\olecli32.dll
- 2004-08-07 00:47:36 34,304 -c--a-w D:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2005-07-26 04:39:49 37,888 -c--a-w D:\WINDOWS\system32\dllcache\olecnv32.dll
- 2004-08-04 05:26:46 1,287,680 -c--a-w D:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c--a-w D:\WINDOWS\system32\dllcache\quartz.dll
- 2004-08-04 05:26:46 1,435,648 -c--a-w D:\WINDOWS\system32\dllcache\query.dll
+ 2006-06-22 05:06:30 1,435,648 -c--a-w D:\WINDOWS\system32\dllcache\query.dll
- 2004-08-04 05:26:46 8,192 -c--a-w D:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2006-06-26 17:37:10 8,192 -c--a-w D:\WINDOWS\system32\dllcache\rasadhlp.dll
- 2004-08-04 05:26:46 174,080 -c--a-w D:\WINDOWS\system32\dllcache\rasmans.dll
+ 2006-06-22 10:47:18 181,248 -c--a-w D:\WINDOWS\system32\dllcache\rasmans.dll
- 2004-08-04 03:50:08 176,512 -c--a-w D:\WINDOWS\system32\dllcache\rdbss.sys
+ 2006-05-05 09:47:57 174,592 -c--a-w D:\WINDOWS\system32\dllcache\rdbss.sys
- 2004-08-04 05:31:10 139,400 -c--a-w D:\WINDOWS\system32\dllcache\rdpwd.sys
+ 2005-06-10 04:09:46 139,528 -c--a-w D:\WINDOWS\system32\dllcache\rdpwd.sys
- 2004-08-04 05:26:46 395,776 -c--a-w D:\WINDOWS\system32\dllcache\rpcss.dll
+ 2005-07-26 04:39:49 397,824 -c--a-w D:\WINDOWS\system32\dllcache\rpcss.dll
- 2004-08-04 05:26:46 134,656 -c--a-w D:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 -c--a-w D:\WINDOWS\system32\dllcache\shsvcs.dll
- 2004-08-04 05:26:58 57,856 -c--a-w D:\WINDOWS\system32\dllcache\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 -c--a-w D:\WINDOWS\system32\dllcache\spoolsv.exe
- 2004-08-04 03:44:46 336,256 -c--a-w D:\WINDOWS\system32\dllcache\srv.sys
+ 2006-08-14 10:34:41 332,928 -c--a-w D:\WINDOWS\system32\dllcache\srv.sys
- 2004-08-04 05:26:48 210,432 -c--a-w D:\WINDOWS\system32\dllcache\t2embed.dll
+ 2005-10-17 21:14:46 118,272 -c--a-w D:\WINDOWS\system32\dllcache\t2embed.dll
- 2004-08-04 05:26:48 246,272 -c--a-w D:\WINDOWS\system32\dllcache\tapisrv.dll
+ 2005-07-08 16:27:56 249,344 -c--a-w D:\WINDOWS\system32\dllcache\tapisrv.dll
- 2004-08-04 03:44:42 359,040 -c--a-w D:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w D:\WINDOWS\system32\dllcache\tcpip.sys
- 2004-08-04 03:37:46 223,616 -c--a-w D:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 -c--a-w D:\WINDOWS\system32\dllcache\tcpip6.sys
- 2004-08-04 05:26:48 101,376 -c--a-w D:\WINDOWS\system32\dllcache\txflog.dll
+ 2005-07-26 04:39:49 101,376 -c--a-w D:\WINDOWS\system32\dllcache\txflog.dll
- 2004-08-04 03:28:34 209,408 -c--a-w D:\WINDOWS\system32\dllcache\update.sys
+ 2007-04-23 10:32:54 364,160 -c--a-w D:\WINDOWS\system32\dllcache\update.sys
- 2004-08-04 05:26:48 185,344 -c--a-w D:\WINDOWS\system32\dllcache\upnphost.dll
+ 2007-02-05 20:17:02 185,344 -c--a-w D:\WINDOWS\system32\dllcache\upnphost.dll
- 2004-08-04 05:26:48 848,384 -c--a-w D:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w D:\WINDOWS\system32\dllcache\vgx.dll
- 2004-08-04 05:26:48 67,584 -c--a-w D:\WINDOWS\system32\dllcache\webclnt.dll
+ 2006-01-04 03:35:05 68,096 -c--a-w D:\WINDOWS\system32\dllcache\webclnt.dll
- 2004-08-04 05:26:48 333,312 -c--a-w D:\WINDOWS\system32\dllcache\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 -c--a-w D:\WINDOWS\system32\dllcache\wiaservc.dll
- 2007-03-08 13:47:48 1,843,584 -c--a-w D:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 -c--a-w D:\WINDOWS\system32\dllcache\win32k.sys
- 2004-08-04 05:26:48 132,096 -c--a-w D:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2006-08-17 12:28:27 132,096 -c--a-w D:\WINDOWS\system32\dllcache\wkssvc.dll
- 2004-08-03 17:09:38 142,464 ----a-w D:\WINDOWS\system32\drivers\aec.sys
+ 2006-02-15 00:22:26 142,464 ----a-w D:\WINDOWS\system32\drivers\aec.sys
- 2004-08-04 03:28:22 72,960 ----a-w D:\WINDOWS\system32\drivers\mqac.sys
+ 2007-07-06 10:05:47 72,960 ----a-w D:\WINDOWS\system32\drivers\mqac.sys
- 2004-08-04 03:45:18 451,456 ----a-w D:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 ----a-w D:\WINDOWS\system32\drivers\mrxsmb.sys
- 2004-08-04 03:32:24 163,584 ----a-w D:\WINDOWS\system32\drivers\nwrdr.sys
+ 2006-10-13 10:23:15 163,584 ----a-w D:\WINDOWS\system32\drivers\nwrdr.sys
- 2004-08-04 03:50:08 176,512 ----a-w D:\WINDOWS\system32\drivers\rdbss.sys
+ 2006-05-05 09:47:57 174,592 ----a-w D:\WINDOWS\system32\drivers\rdbss.sys
- 2004-08-04 05:31:10 139,400 ----a-w D:\WINDOWS\system32\drivers\rdpwd.sys
+ 2005-06-10 04:09:46 139,528 ----a-w D:\WINDOWS\system32\drivers\rdpwd.sys
- 2004-08-04 03:44:46 336,256 ----a-w D:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 10:34:41 332,928 ----a-w D:\WINDOWS\system32\drivers\srv.sys
- 2004-08-04 03:44:42 359,040 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys
- 2004-08-04 03:37:46 223,616 ----a-w D:\WINDOWS\system32\drivers\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 ----a-w D:\WINDOWS\system32\drivers\tcpip6.sys
- 2004-08-04 03:28:34 209,408 ----a-w D:\WINDOWS\system32\drivers\update.sys
+ 2007-04-23 10:32:54 364,160 ----a-w D:\WINDOWS\system32\drivers\update.sys
- 2004-08-04 05:26:44 243,200 ----a-w D:\WINDOWS\system32\es.dll
+ 2005-07-26 04:39:45 243,200 ----a-w D:\WINDOWS\system32\es.dll
- 2008-07-05 04:15:15 110,992 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-05 05:51:37 110,992 ----a-w D:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-07 00:46:31 79,360 ----a-w D:\WINDOWS\system32\fontsub.dll
+ 2005-10-17 21:14:45 80,896 ----a-w D:\WINDOWS\system32\fontsub.dll
- 2004-08-04 05:26:44 345,088 ----a-w D:\WINDOWS\system32\hypertrm.dll
+ 2004-11-17 17:41:24 347,136 ----a-w D:\WINDOWS\system32\hypertrm.dll
- 2004-08-04 05:26:44 294,400 ----a-w D:\WINDOWS\system32\kerberos.dll
+ 2005-06-15 17:49:30 295,936 ----a-w D:\WINDOWS\system32\kerberos.dll
- 2004-08-04 05:26:44 983,552 ----a-w D:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:52:53 984,576 ----a-w D:\WINDOWS\system32\kernel32.dll
- 2004-08-07 00:47:07 924,432 ----a-w D:\WINDOWS\system32\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 ----a-w D:\WINDOWS\system32\mfc40u.dll
- 2004-08-04 05:26:44 1,024,000 ----a-w D:\WINDOWS\system32\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 ----a-w D:\WINDOWS\system32\mfc42u.dll
- 2004-08-04 05:26:44 138,240 ----a-w D:\WINDOWS\system32\mqad.dll
+ 2007-07-06 12:46:59 138,240 ----a-w D:\WINDOWS\system32\mqad.dll
- 2004-08-04 05:26:44 47,104 ----a-w D:\WINDOWS\system32\mqdscli.dll
+ 2007-07-06 12:46:59 47,104 ----a-w D:\WINDOWS\system32\mqdscli.dll
- 2004-08-04 05:26:44 16,896 ----a-w D:\WINDOWS\system32\mqise.dll
+ 2007-07-06 12:46:59 16,896 ----a-w D:\WINDOWS\system32\mqise.dll
- 2004-08-04 05:26:44 660,992 ----a-w D:\WINDOWS\system32\mqqm.dll
+ 2007-07-06 12:46:59 660,992 ----a-w D:\WINDOWS\system32\mqqm.dll
- 2004-08-04 05:26:44 177,152 ----a-w D:\WINDOWS\system32\mqrt.dll
+ 2007-07-06 12:46:59 177,152 ----a-w D:\WINDOWS\system32\mqrt.dll
- 2004-08-04 05:26:44 95,744 ----a-w D:\WINDOWS\system32\mqsec.dll
+ 2007-07-06 12:46:59 95,744 ----a-w D:\WINDOWS\system32\mqsec.dll
- 2004-08-04 05:26:44 48,640 ----a-w D:\WINDOWS\system32\mqupgrd.dll
+ 2007-07-06 12:46:59 48,640 ----a-w D:\WINDOWS\system32\mqupgrd.dll
- 2004-08-04 05:26:44 471,552 ----a-w D:\WINDOWS\system32\mqutil.dll
+ 2007-07-06 12:46:59 471,552 ----a-w D:\WINDOWS\system32\mqutil.dll
- 2004-08-04 05:26:46 1,236,480 ------w D:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w D:\WINDOWS\system32\msxml3.dll
- 2004-08-04 05:26:46 332,288 ----a-w D:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:28:27 332,288 ----a-w D:\WINDOWS\system32\netapi32.dll
- 2005-03-02 00:34:42 2,015,232 ----a-w D:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 ----a-w D:\WINDOWS\system32\ntkrnlpa.exe
- 2005-03-02 00:57:44 2,135,552 ----a-w D:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 09:08:48 2,136,064 ----a-w D:\WINDOWS\system32\ntoskrnl.exe
- 2004-08-07 00:47:32 58,880 ----a-w D:\WINDOWS\system32\nwapi32.dll
+ 2006-10-13 12:35:12 64,000 ----a-w D:\WINDOWS\system32\nwapi32.dll
- 2004-08-04 05:26:46 144,384 ----a-w D:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 ----a-w D:\WINDOWS\system32\nwprovau.dll
- 2004-08-04 05:26:46 64,000 ----a-w D:\WINDOWS\system32\nwwks.dll
+ 2006-10-13 12:35:12 65,536 ----a-w D:\WINDOWS\system32\nwwks.dll
- 2004-08-04 05:26:46 1,281,536 ----a-w D:\WINDOWS\system32\ole32.dll
+ 2005-07-26 04:39:48 1,285,120 ----a-w D:\WINDOWS\system32\ole32.dll
- 2004-08-04 05:26:46 553,472 ----a-w D:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w D:\WINDOWS\system32\oleaut32.dll
- 2004-08-07 00:47:36 68,608 ----a-w D:\WINDOWS\system32\olecli32.dll
+ 2005-07-26 04:39:48 74,752 ----a-w D:\WINDOWS\system32\olecli32.dll
- 2004-08-07 00:47:36 34,304 ----a-w D:\WINDOWS\system32\olecnv32.dll
+ 2005-07-26 04:39:49 37,888 ----a-w D:\WINDOWS\system32\olecnv32.dll
- 2004-08-04 05:26:46 1,435,648 ----a-w D:\WINDOWS\system32\query.dll
+ 2006-06-22 05:06:30 1,435,648 ----a-w D:\WINDOWS\system32\query.dll
- 2004-08-04 05:26:46 8,192 ----a-w D:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:37:10 8,192 ----a-w D:\WINDOWS\system32\rasadhlp.dll
- 2004-08-04 05:26:46 174,080 ----a-w D:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:47:18 181,248 ----a-w D:\WINDOWS\system32\rasmans.dll
- 2004-08-04 05:26:46 395,776 ----a-w D:\WINDOWS\system32\rpcss.dll
+ 2005-07-26 04:39:49 397,824 ----a-w D:\WINDOWS\system32\rpcss.dll
- 2004-08-04 05:26:46 134,656 ----a-w D:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 ----a-w D:\WINDOWS\system32\shsvcs.dll
- 2004-08-04 05:26:58 57,856 ----a-w D:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w D:\WINDOWS\system32\spoolsv.exe
- 2004-08-04 05:26:48 210,432 ----a-w D:\WINDOWS\system32\t2embed.dll
+ 2005-10-17 21:14:46 118,272 ----a-w D:\WINDOWS\system32\t2embed.dll
- 2004-08-04 05:26:48 246,272 ----a-w D:\WINDOWS\system32\tapisrv.dll
+ 2005-07-08 16:27:56 249,344 ----a-w D:\WINDOWS\system32\tapisrv.dll
- 2004-08-04 05:26:48 101,376 ----a-w D:\WINDOWS\system32\txflog.dll
+ 2005-07-26 04:39:49 101,376 ----a-w D:\WINDOWS\system32\txflog.dll
- 2004-08-04 05:26:48 185,344 ----a-w D:\WINDOWS\system32\upnphost.dll
+ 2007-02-05 20:17:02 185,344 ----a-w D:\WINDOWS\system32\upnphost.dll
- 2004-08-04 05:26:48 67,584 ----a-w D:\WINDOWS\system32\webclnt.dll
+ 2006-01-04 03:35:05 68,096 ----a-w D:\WINDOWS\system32\webclnt.dll
- 2004-08-04 05:26:48 333,312 ----a-w D:\WINDOWS\system32\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 ----a-w D:\WINDOWS\system32\wiaservc.dll
- 2007-03-08 13:47:48 1,843,584 ----a-w D:\WINDOWS\system32\win32k.sys
+ 2008-03-19 09:47:00 1,845,248 ----a-w D:\WINDOWS\system32\win32k.sys
- 2004-08-04 05:26:48 132,096 ----a-w D:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:28:27 132,096 ----a-w D:\WINDOWS\system32\wkssvc.dll
+ 2008-07-05 16:13:07 16,384 ------w D:\WINDOWS\Temp\Perflib_Perfdata_538.dat
+ 2007-01-19 20:15:24 74,802 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2007-01-19 20:15:24 995,383 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2007-01-19 20:15:24 1,011,774 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2007-01-19 20:15:24 401,462 ----a-w D:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"filehippo.com"="D:\Program Files\filehippo.com\UpdateChecker.exe" [2008-04-30 18:20 136704]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-01 19:30 68856]
"Yahoo! Pager"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="D:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16:24 16116224 D:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 D:\WINDOWS\system32\nwiz.exe]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dih44.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Valve\\Condition Zero\\czero.exe"=
"D:\\Program Files\\Aspyr\\Top Spin 2\\Data\\Top Spin 2.exe"=
"D:\\Program Files\\LimeWire\\LimeWire.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 04:50]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 04:46]
R2 NMSAccessU;NMSAccessU;D:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 15:34]
S3 cpuz129;cpuz129;D:\DOCUME~1\XYZ\LOCALS~1\Temp\cpuz_x32.sys []

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1EC04D97-5F10-DD1B-0306-020403060503}]
D:\WINDOWS\system32\SecSystem.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-05 04:30:01 D:\WINDOWS\Tasks\At11.job"
- D:\WINDOWS\system32\0alaS41F.exe
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{A260787B-911C-49A1-AE73-EC76A3CEC27E} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 22:17:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-05 22:18:45
ComboFix-quarantined-files.txt 2008-07-05 16:48:34
ComboFix2.txt 2008-07-05 04:56:56

Pre-Run: 1,059,135,488 bytes free
Post-Run: 1,045,372,928 bytes free

809 --- E O F --- 2008-07-05 05:43:20


Hijackthis log -


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:08 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
D:\Program Files\filehippo.com\UpdateChecker.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [filehippo.com] "D:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - D:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4709 bytes
sidk
Regular Member
 
Posts: 44
Joined: July 3rd, 2008, 2:07 am

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby askey127 » July 5th, 2008, 1:22 pm

sidk,
Please don't download anything or do any removals except what I ask of you.
Did you edit the contant of the previous log or did you re-install PunkBuster?
In either case it wasn't what I asked or wanted.
----------------------------------------------------------------------------------
Run MalwareBytes' Anti-Malware
Please download the Installer and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found here if you need it : Start, All Programs, Malwarebytes' Anti-Malware, Logs
    The logs are named by date stamp

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby sidk » July 6th, 2008, 1:58 am

I did not reinstall anything nor did i remove anything frm hijack this log xept for wot u told me.Punkbuster comes with a game and i can uninstall dat without removing d game,however i will not use it till dis is complete.
sidk
Regular Member
 
Posts: 44
Joined: July 3rd, 2008, 2:07 am

Re: Virus,Virus everywhere,avast,avg all hav failed!!!

Unread postby sidk » July 6th, 2008, 2:05 am

Database version: 926
Windows 5.1.2600 Service Pack 2

11:34:29 AM 7/6/2008
mbam-log-7-6-2008 (11-34-29).txt

Scan type: Quick Scan
Objects scanned: 39077
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
sidk
Regular Member
 
Posts: 44
Joined: July 3rd, 2008, 2:07 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware