Hi!Recently I have a problem that is a system folder pops up everytime during startup. And also I have a feeling that my computer is infected with malware.

Here is the HijackThis log..Pls help me..

Logfile of HijackThis v1.99.1
Scan saved at 11:06:01 PM, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Nakido\nakido.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\PROGRA~1\SPEEDB~1\proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.238.92.106:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=System
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB07218 - {3AF93A29-A296-4AB0-9011-D85A559203B3} - C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [razertra] C:\Program Files\Razer\razertra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; TurboUpload.com Toolbar v. 1.2; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; MEGAUPLOAD 1.0; .NET CLR 2.0.50727; MEGAUPLOAD 2.0; Alexa Toolbar)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/SU1.5/ocx/15030/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114309379109
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135323109546
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - avldr.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

It doesn't sound like this issue is malware/spyware but we'll have a look.


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

Here it is..the malwarebytes anti-malware log report..
Well,the system folder still pops up during startup..Other than that,the checkbox for the show hidden folder can now be checked..last time,it auto check back on the do not show hidden fil..possibly the registry value has been changed..Aniwae thanx for the reply to my thread =D

Malwarebytes' Anti-Malware 1.23
Database version: 1001
Windows 5.1.2600 Service Pack 2

11:38:26 PM 7/28/2008
mbam-log-7-28-2008 (23-38-25).txt

Scan type: Quick Scan
Objects scanned: 55817
Time elapsed: 13 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 27
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 8
Files Infected: 72

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\ADSTechnology\ADSTechnology.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\kavo0.dll (Spyware.OnlineGames) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{831cbac0-8283-4653-9d81-feb9f3f6e47c}

(Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{831cbac2-8283-4653-9d81-feb9f3f6e47c}

(Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{831cbac4-8283-4653-9d81-feb9f3f6e47c}

(Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brow

ser Helper Objects\{831cbac0-8283-4653-9d81-feb9f3f6e47c} (Trojan.BHO) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{831cbac3-8283-4653-9d81-feb9f3f6e47c}

(Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adstechnology.adstechnology (Trojan.BHO) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\adstechnology.adstechnology.1 (Trojan.BHO) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\activationmanager.activationmanager (Trojan.BHO) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\activationmanager.activationmanager.1 (Trojan.BHO) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{86a44ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO)

-> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86a4

4ef7-78fc-4e18-a564-b18f806f7f56} (Trojan.BHO) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca}

(Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe}

(Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1}

(Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\

c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined

and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a}

(Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution

Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) ->

Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{86a44ef9-78fc-4e18-a564-b18f806f7f56}

(Trojan.MultiDefender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\tbsb07218.ietoolbar (Adware.SoftMate) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\tbsb07218.ietoolbar.1 (Adware.SoftMate) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\tbsb07218.tbsb07218 (Adware.SoftMate) -> Quarantined and

deleted successfully.
HKEY_CLASSES_ROOT\tbsb07218.tbsb07218.3 (Adware.SoftMate) -> Quarantined and

deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ErrorDoctor (Rogue.ErrorDoctor) -> Quarantined

and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ActivationManager (Trojan.MultiDefender) ->

Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C

:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kava

(Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft

(Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Adva

nced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good:

(1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\ActivationManager (Trojan.MultiDefender) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\SoftwareDoctor (Rogue.Multiple) -> Quarantined and deleted

successfully.
C:\Program Files\SoftwareDoctor\ErrorDoctor (Rogue.Multiple) -> Quarantined and deleted

successfully.
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups (Rogue.Multiple) ->

Quarantined and deleted successfully.
C:\Program Files\ADSTechnology (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology (Trojan.BHO)

-> Quarantined and deleted successfully.
C:\WINDOWS\system32\219725 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\ADSTechnology\ADSTechnology.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) ->

Quarantined and deleted successfully.
C:\WINDOWS\MDM.EXE (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\n6j6pc0.com (Trojan.Vaklik) -> Quarantined and deleted successfully.
C:\l3v.exe (Trojan.Vaklik) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\f.dll (Spyware.OnlineGames) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tru91.tmp (Spyware.OnlineGames)

-> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tru93.tmp (Spyware.OnlineGames)

-> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tru94.tmp (Spyware.OnlineGames)

-> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\tru95.tmp (Spyware.OnlineGames)

-> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truC2.tmp (Trojan.Vaklik) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truC3.tmp (Trojan.Vaklik) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truC4.tmp (Trojan.Vaklik) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truC5.tmp (Trojan.Agent) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truC6.tmp (Trojan.Agent) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truCC.tmp (Trojan.Vaklik) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truCE.tmp (Trojan.Vaklik) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truD0.tmp (Trojan.Vaklik) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truD5.tmp (Trojan.Vaklik) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truD6.tmp (Trojan.Vaklik) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truD7.tmp (Trojan.Vaklik) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truD8.tmp (Trojan.Agent) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truD9.tmp (Trojan.Vaklik) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truDA.tmp (Trojan.Agent) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truDB.tmp (Trojan.Agent) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truDC.tmp (Trojan.Agent) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\truDD.tmp (Trojan.Agent) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\twye.dll (Trojan.Agent) ->

Quarantined and deleted successfully.
C:\Program Files\ActivationManager\Uninstall.exe (Trojan.MultiDefender) -> Quarantined

and deleted successfully.
C:\Program Files\Web Technologies\iebr.dll (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\iebt.dll (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\iebu.exe (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\myd.ico (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\mym.ico (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\myp.ico (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\myv.ico (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\ot.ico (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\ts.ico (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\wcm.exe (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\wcs.exe (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\Web Technologies\wcu.exe (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Program Files\SoftwareDoctor\ErrorDoctor\ignore.lst (Rogue.Multiple) -> Quarantined

and deleted successfully.
C:\Program Files\SoftwareDoctor\ErrorDoctor\Registry Backups\2006-10-08_19-15-12.reg

(Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\ADSTechnology\ADSTechnology.exe (Trojan.BHO) -> Quarantined and

deleted successfully.
C:\Program Files\ADSTechnology\Uninstall.exe (Trojan.BHO) -> Quarantined and deleted

successfully.
C:\Documents and Settings\All Users\Start

Menu\Programs\ADSTechnology\ADSTechnology.lnk (Trojan.BHO) -> Quarantined and

deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\Uninstall.lnk

(Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\219725\219725.dll (Trojan.BHO) -> Quarantined and deleted

successfully.
C:\WINDOWS\system32\kavo0.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\kavo1.dll (Spyware.OnlineGames) -> Quarantined and deleted

successfully.
C:\WINDOWS\system32\kavo.exe (Spyware.OnlineGames) -> Quarantined and deleted

successfully.
C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\1aq1obb.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\33gmhso.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ivcvknr.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\lgrncie.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\o6opnro.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ocbqsqj.bat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\imt8.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ipy.cmd (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cxbrk.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubpr01.exe (Trojan.Zlob) -> Quarantined and deleted

successfully.
C:\Documents and Settings\Owner\My Documents\My Music\My Music.url (Trojan.Zlob) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\My Pictures\My Pictures.url (Trojan.Zlob)

-> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\My Videos\My Video.url (Trojan.Zlob) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\My Documents.url (Trojan.Zlob) ->

Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined

and deleted successfully.

----------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:55:20 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Nakido\nakido.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sg.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\PROGRA~1\SPEEDB~1\proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.238.92.106:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F3 - REG:win.ini: load=System
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System,
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB07218 - {3AF93A29-A296-4AB0-9011-D85A559203B3} - C:\Program Files\TurboUpload\TurboUpload Toolbar\turboupload.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [razertra] C:\Program Files\Razer\razertra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; TurboUpload.com Toolbar v. 1.2; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; MEGAUPLOAD 1.0; .NET CLR 2.0.50727; MEGAUPLOAD 2.0; Alexa Toolbar)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/SU1.5/ocx/15030/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1114309379109
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135323109546
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - http://www.quikshield.com/qshsetup.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15102/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avldr - avldr.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

Open Notepad, click on Format and uncheck Word Wrap.

Next:

Download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, please delete it from your desktop and download this new version . It is important that it is saved directly to your desktop**
--------------------------------------------------------------------

• Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
• WARNING: IF you have not already done so Combofix will disconnect your machine from the Internet when it starts
• Please do not re-connect your machine back to the Internet until Combofix has completely finished.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Give it atleast 20-30 minutes to finish

ComboFix 08-07-28.6 - Owner 2008-07-30 0:56:32.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.160 [GMT 8:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1rfw8hjr.com
C:\DOCUME~1\Owner\LOCALS~1\Temp\2i9.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\scw.dll
C:\DOCUME~1\Owner\LOCALS~1\Temp\zb5ok.dll
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\2V6PCQSV\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\2V6PCQSV\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\ffojc.com
C:\g.exe
C:\hgu.bat
C:\k6wkwon2.exe
C:\m.exe
C:\p0sc9t.cmd
C:\WINDOWS\config\svchost.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\ckvo0.dll
C:\WINDOWS\system32\Config.ini
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini2
D:\hgu.bat

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.

2008-07-29 01:57 . 2008-06-30 20:13 99,442 --a------ C:\Sex.Is.Zero.2.2007.DVDRip.XviD.AC3.srt
2008-07-28 23:20 . 2008-07-28 23:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-28 23:20 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-28 23:20 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 00:23 . 2008-07-26 11:18 87,297 -r-hs---- C:\g2pfnid.com
2008-07-23 00:22 . 2008-07-23 18:45 118,757 -r-hs---- C:\6.bat
2008-07-21 23:35 . 2008-07-22 00:04 117,520 -r-hs---- C:\e9ehn1m8.com
2008-07-19 23:21 . 2008-07-21 05:45 133,157 -r-hs---- C:\jix9a.bat
2008-07-19 12:51 . 2008-07-21 17:44 118,782 -r-hs---- C:\ybj8df.exe
2008-07-18 07:53 . 2008-07-18 07:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-18 07:53 . 2008-07-18 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-17 10:03 . 2008-07-17 11:10 115,233 -r-hs---- C:\p83gjy.exe
2008-07-15 06:40 . 2008-07-17 10:02 133,840 -r-hs---- C:\31n3b2h.exe
2008-07-15 01:18 . 2008-07-15 01:19 <DIR> d-------- C:\RDOGS_FILES
2008-07-14 18:11 . 2008-07-15 07:09 118,512 -r-hs---- C:\fi.cmd
2008-07-11 00:23 . 2008-07-11 00:23 132,594 -r-hs---- C:\y.com
2008-07-11 00:23 . 2008-07-11 23:24 117,053 -r-hs---- C:\0gjn3yw.exe
2008-07-10 04:49 . 2008-07-10 04:49 77,312 -r-hs---- C:\WINDOWS\system32\ckvo2.dll
2008-07-08 18:37 . 2008-07-28 21:41 79,360 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-07 03:11 . 2008-07-07 03:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PE Explorer
2008-07-07 02:51 . 2008-07-07 23:27 <DIR> d-------- C:\Program Files\AVIConverter.biz
2008-07-07 02:30 . 2008-07-07 02:30 <DIR> d-------- C:\Program Files\Deskshare
2008-07-07 02:21 . 2008-07-07 02:30 <DIR> d-------- C:\Program Files\Fx Video Converter
2008-07-07 02:21 . 2003-05-21 23:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2008-07-07 02:21 . 2000-06-13 00:00 2,493 --a------ C:\WINDOWS\system32\COMCTL32.DEP
2008-07-07 02:06 . 2008-07-07 02:07 9,286,164 --a------ C:\ACAB_Now n Again.avi
2008-07-07 02:05 . 2008-07-07 02:21 <DIR> d-------- C:\Program Files\cheapestsoft
2008-07-07 02:04 . 2008-07-07 02:04 <DIR> d-------- C:\Program Files\Cucusoft
2008-07-07 02:04 . 2008-07-07 02:04 <DIR> d-------- C:\ConverterOutput
2008-07-07 02:04 . 2004-10-12 14:40 2,255,360 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-07-07 02:04 . 2004-10-12 14:46 1,761,280 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-07-07 02:04 . 2004-10-05 16:16 395,776 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-07-07 02:04 . 2004-10-12 14:42 262,144 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-07-07 02:04 . 2004-10-04 01:50 112,640 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-07-07 01:58 . 2003-10-17 00:00 3,423,744 --a------ C:\WINDOWS\system32\libfilefmt-1.1.0.dll
2008-07-07 01:58 . 2003-10-17 00:00 706,048 --a------ C:\WINDOWS\system32\libmcl-3.1.1.dll
2008-07-07 01:58 . 2003-10-17 00:00 20,480 --a------ C:\WINDOWS\system32\libavi-dd-1.2.0.dll
2008-06-29 20:07 . 2008-07-03 00:58 128,754 -r-hs---- C:\vmhr.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 16:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Orbit
2008-07-29 16:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\MegauploadToolbar
2008-07-29 16:24 --------- d-----w C:\Program Files\Nakido
2008-07-28 23:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-28 16:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-27 18:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\Any Video Converter Professional
2008-07-19 09:59 --------- d-----w C:\Program Files\Warcraft III
2008-07-18 17:09 --------- d-----w C:\Program Files\Gabest
2008-07-16 03:27 116,862 --sh--r C:\k.com
2008-07-15 10:25 --------- d-----w C:\Program Files\Common Files\Panda Software
2008-07-14 23:02 --------- d-----w C:\Program Files\Java
2008-06-28 13:02 124,698 --sh--r C:\hxt9.bat
2008-06-26 22:52 --------- d-----w C:\Program Files\Any Video Converter Professional
2008-06-25 10:25 124,804 --sh--r C:\leb.com
2008-06-24 09:49 125,264 --sh--r C:\br1e.com
2008-06-23 23:19 --------- d-----w C:\Program Files\New Folder (2)
2008-06-23 22:37 123,013 --sh--r C:\uwlmj.com
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 22:57 123,769 --sh--r C:\s2vgyp.exe
2008-06-19 09:08 124,324 --sh--r C:\n.com
2008-06-17 01:11 --------- d-----w C:\Program Files\Auto Shutdown
2008-06-15 08:42 127,490 --sh--r C:\pkxfkrki.bat
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-06 01:37 --------- d-----w C:\Program Files\Unlocker
2008-06-03 16:12 --------- d-----w C:\Program Files\Delta
2008-06-03 08:44 122,302 --sh--r C:\p1t.bat
2008-06-03 03:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\SmartFTP
2008-06-03 03:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-05-29 22:36 122,875 --sh--r C:\yp.bat
2008-05-29 16:17 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss
2008-05-29 14:53 --------- d-----w C:\Program Files\ImTOO
2008-05-28 10:53 121,077 --sh--r C:\sdc.bat
2008-05-19 10:02 117,805 --sh--r C:\lgnaqil.exe
2008-05-18 01:30 117,831 --sh--r C:\w2qagd.com
2008-05-14 02:55 117,926 --sh--r C:\w3dn9f.bat
2008-05-12 05:49 117,833 --sh--r C:\uqb0julr.bat
2008-05-10 03:44 117,386 --sh--r C:\ka1nk.bat
2008-05-07 12:09 119,068 --sh--r C:\qjatw9aj.exe
2008-05-06 09:50 119,007 --sh--r C:\qpe6.com
2008-05-04 02:41 119,274 --sh--r C:\x.bat
2007-03-31 04:38 12,585,829 ----a-w C:\Program Files\Muscle Museum (download).wmv
2007-03-31 04:37 10,802,949 ----a-w C:\Program Files\Hysteria (download).wmv
2007-03-30 08:45 14,708 ----a-w C:\Program Files\The.Fast.And.The.Furious-Tokyo.Drift[2006]DvDrip[Eng]_{_www.IPTorrents.com_}_^mininova.org^'.torrent
2007-03-03 12:12 8,192 -csha-w C:\Program Files\Thumbs.db
2006-10-05 15:49 7,357,020 ----a-w C:\Program Files\Nightmare of You - I Want To Be Buried In Your Backyard.mp3
2006-09-07 13:13 6,033,408 ----a-w C:\Program Files\Izwan_Pilus_-_06_Kembali_Senyum.mp3
2006-09-04 21:55 4,299,150 ----a-w C:\Program Files\OST_Heart_-_Irwansyah_&_Acha_Septriasa_-_My_Heart.mp3
2006-08-25 12:27 6,979,584 ----a-w C:\Program Files\02 - Oag - Sabtuday.mp3
2006-07-10 21:23 5,128,192 ----a-w C:\Program Files\Nitrus_-_Rasa.mp3
2006-05-08 18:26 5,167,733 ----a-w C:\Program Files\Fotograf - Dialam Fana Cintamu.mp3
2006-04-24 21:29 3,837,155 ----a-w C:\Program Files\Kanye West - Late Registration - Diamonds Are Forever.mp3
2006-04-24 04:03 10,392,764 ----a-w C:\Program Files\DJ Igal - Hip Hop Remixes 2005 Vol 7 - July 2005 Mixtape - Lil' Jon Feat. Pitbull, Elephant Man, Sean Paul - Culo (MegaMix).mp3
2006-01-22 16:47 2,349,056 ----a-w C:\Program Files\Kaer_-_Kini.mp3
2006-01-22 16:43 6,733,824 ----a-w C:\Program Files\Farah_-_Antara_Dua_-_01_-_Jalan_Terakhir.mp3
2005-12-11 17:28 3,048,680 ----a-w C:\Program Files\Daniel_(Malaysian_Idol)_-_Mimpi.mp3
2005-11-11 14:44 1,517 ----a-w C:\Program Files\TrustyFiles Downloads and Sharing.lnk
2005-10-26 01:15 8,192 ----a-w C:\Documents and Settings\Owner\w3l.exe
2005-07-07 18:17 2,782,195 ----a-w C:\Program Files\Weezer - Butterfly.mp3
2005-06-20 00:02 4,311,921 ----a-w C:\Program Files\Hazami - Kata.mp3
2005-06-11 12:32 5,737,914 ----a-w C:\Program Files\Malique_&_D'essentials_Ft[1]._Camelia_-_Sampai_Kapan.mp3
2005-05-29 12:29 3,405,731 ----a-w C:\Program Files\Fara, Nana, Nila, Linda (DJEra) - Bahu Ke Bahu.mp3
2005-04-23 14:41 1,073,152 ----a-w C:\Program Files\Krisya - Keluang Man.mp3
2005-03-26 01:15 4,040,022 ----a-w C:\Program Files\Bee Voice - Di Mana Cinta (Soundtrack Begitulah Cinta).mp3
2005-03-25 20:37 5,448,484 ----a-w C:\Program Files\Kelly Clarkson - Since You've Been Gone.mp3
2005-01-25 08:13 2,237,422 ----a-r C:\Program Files\Gerhana SkaCinta - Antara Anyir Dan Jakarta (Feat. Lady Arosa).mp3
2004-12-10 16:27 8,217,901 ----a-w C:\Program Files\Snow Patrol - Run.mp3
2004-11-22 00:00 4,012,953 ----a-w C:\Program Files\Innuendo - Gemawan.mp3
2004-11-02 03:56 3,333 ----a-w C:\Program Files\INSTALL.LOG
2004-07-28 12:39 2,658,432 ----a-w C:\Program Files\jamrud_surti_dan_tejo.mp3
2002-07-26 09:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2004-07-03 07:48 32 -csha-w C:\WINDOWS\{3D569514-6772-4728-8C2A-B376F2A686CA}.dat
2004-10-07 01:58 32 -csha-w C:\WINDOWS\{EC8309B8-A719-4EB2-9911-8985519E88C0}.dat
2007-03-13 07:08 74,240 --sha-w C:\WINDOWS\system32\Recycler.exe
2007-06-30 14:04 4,388,896 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-30 14:04 116,768 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( snapshot_2007-09-21_ 00242.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-17 11:25:21 549,888 ----a-w C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
+ 2007-05-16 15:32:55 86,528 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll
+ 2007-05-16 15:32:55 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
+ 2007-05-16 15:32:56 1,314,816 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll
+ 2007-05-16 15:32:56 510,976 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll
+ 2007-05-16 15:32:56 85,504 ----a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2007-07-18 10:33:06 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB933360\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933360\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933360\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933360\update\updspapi.dll
+ 2007-04-16 16:07:27 986,112 ----a-w C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
+ 2007-04-25 20:32:22 144,896 ----a-w C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
+ 2007-06-26 06:06:12 1,104,896 ----a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
+ 2007-04-23 10:14:23 364,160 ----a-w C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
+ 2007-07-12 23:28:55 765,952 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$