PDA

View Full Version : i cant start spybot s&d or anything else



rainshield
2008-11-01, 01:01
Hi, today i was accidently downloaded and installed adwarealert. After that there's alot of pops up come up, so i try to run spybot S&D but it doesnt start up on both normal or safemode, either i cant run hjackthis too, i try to download some malware remover but none of those programs can start up. Everytime i try to run any program it always show up the error :"16 bit ms-dos subsystem, the NTVDM CPU has encountered an illegal instruction CS:0543 IP:a31aOP:f28fef8ff9 Choose 'close' to terminate the application". i have no idea how to fix it now, i'll be appreciated with any helps here. Thanks

katana
2008-11-01, 13:45
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------




Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.

rainshield
2008-11-02, 03:14
1st of all, thanks for the helping katana, here's the report from it:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-01 20:08:12
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 13 GB (38%) free of 34 GB
Total RAM: 1015 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:20 PM, on 11/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\hphmon05.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn8\yt.dll
O2 - BHO: (no name) - {199f7219-281e-44d9-99eb-83e6febb0ddd} - (no file)
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {3803463F-8961-4B32-B904-BE3DD440108A} - (no file)
O2 - BHO: (no name) - {3FAECE6F-50DF-012D-8A48-5CC07026D6C9} - (no file)
O2 - BHO: (no name) - {4BCA41D6-331E-4BE1-BC76-8324139B7B51} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {53F933B8-E2CE-43A8-AC86-4FB1C4F4BCB9} - (no file)
O2 - BHO: (no name) - {5606a88c-3e11-456b-ae5a-c3f84669fe83} - (no file)
O2 - BHO: (no name) - {648D6416-DDA1-4A1A-AB38-A5840045B8DD} - (no file)
O2 - BHO: (no name) - {6B221E01-F517-4959-8C41-81948E7F2F17} - (no file)
O2 - BHO: (no name) - {7C5D3A32-B9EC-4AAA-B0B2-FDB51BAEF699} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9CF1B841-60AD-4133-A48B-A169E4D6CD6F} - (no file)
O2 - BHO: (no name) - {9E91EF7B-6846-45C3-A8AB-67CF7C900783} - (no file)
O2 - BHO: (no name) - {B8ED0C5B-6745-48F6-912F-89E261C09FB9} - (no file)
O2 - BHO: (no name) - {BD3731B6-C62E-446F-8D03-235B55DD24D0} - (no file)
O2 - BHO: (no name) - {CF88E393-625C-4BC4-AA09-D6DF9B2FAEE6} - (no file)
O2 - BHO: (no name) - {d35830bf-164c-415b-b7f8-7ff495fe850e} - (no file)
O2 - BHO: (no name) - {DAC648E5-0B3A-4CED-9396-7404A9378AA0} - (no file)
O2 - BHO: (no name) - {db4c955d-da75-4083-a1c3-56d8c5588ada} - (no file)
O2 - BHO: (no name) - {ffb5caf7-151f-4a97-8c98-71cb8538a13d} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn8\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer]
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2]
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe (User 'Default user')
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197326184125
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197329200375
O20 - AppInit_DLLs: orncez.dll
O20 - Winlogon Notify: qoMfFvWN - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 11221 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\hqnmcmfm.job
C:\WINDOWS\tasks\iuhbjwzo.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\upjvotcn.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn8\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{199f7219-281e-44d9-99eb-83e6febb0ddd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3803463F-8961-4B32-B904-BE3DD440108A}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FAECE6F-50DF-012D-8A48-5CC07026D6C9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4BCA41D6-331E-4BE1-BC76-8324139B7B51}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53F933B8-E2CE-43A8-AC86-4FB1C4F4BCB9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5606a88c-3e11-456b-ae5a-c3f84669fe83}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{648D6416-DDA1-4A1A-AB38-A5840045B8DD}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B221E01-F517-4959-8C41-81948E7F2F17}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C5D3A32-B9EC-4AAA-B0B2-FDB51BAEF699}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CF1B841-60AD-4133-A48B-A169E4D6CD6F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E91EF7B-6846-45C3-A8AB-67CF7C900783}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B8ED0C5B-6745-48F6-912F-89E261C09FB9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD3731B6-C62E-446F-8D03-235B55DD24D0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF88E393-625C-4BC4-AA09-D6DF9B2FAEE6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d35830bf-164c-415b-b7f8-7ff495fe850e}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DAC648E5-0B3A-4CED-9396-7404A9378AA0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{db4c955d-da75-4083-a1c3-56d8c5588ada}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffb5caf7-151f-4a97-8c98-71cb8538a13d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton AntiVirus\NavShExt.dll [2003-08-17 103592]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn8\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2004-01-26 32881]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"HPHUPD05"=c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe [2003-08-21 49152]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe [2003-08-21 483328]
"KBD"=C:\HP\KBD\KBD.EXE [2008-05-13 2093568]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-01-26 151597]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2008-05-29 179712]
"VTTimer"= []
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-06-27 29344]
"LTMSG"=LTMSG.exe 7 []
"PS2"= []
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-12 172032]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"= []
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe /VeohHide []
"SUPERAntiSpyware"=C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="orncez.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMfFvWN]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Avant Browser\avant.exe"="C:\Program Files\Avant Browser\avant.exe:*:Enabled:Avant Browser"
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe"="C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Disabled:BackWeb-1940576"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"
"C:\Program Files\Steam\steamapps\1life1love4ever\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\1life1love4ever\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Downloads\Silkroad_Full-Client_Downloader.exe"="C:\Downloads\Silkroad_Full-Client_Downloader.exe:*:Enabled:Full-Client Downloader"
"C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"F:\game\Steam\steamapps\1life1love4ever\counter-strike\hl.exe"="F:\game\Steam\steamapps\1life1love4ever\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-11-01 20:08:12 ----D---- C:\rsit
2008-10-31 22:22:05 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-31 22:21:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-31 22:21:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 18:04:11 ----SH---- C:\WINDOWS\system32\aanxtbko.ini
2008-10-29 18:01:08 ----SH---- C:\WINDOWS\system32\xmenjukq.ini
2008-10-29 17:49:30 ----D---- C:\WINDOWS\system32\EV19
2008-10-29 17:49:22 ----A---- C:\WINDOWS\system32\prun.exe
2008-10-29 17:13:23 ----HD---- C:\WINDOWS\PIF

======List of files/folders modified in the last 1 months======

2008-11-01 19:57:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 19:44:30 ----D---- C:\WINDOWS\TEMP
2008-11-01 19:43:33 ----SHD---- C:\WINDOWS\Installer
2008-11-01 19:43:19 ----D---- C:\WINDOWS
2008-11-01 19:41:54 ----D---- C:\WINDOWS\system32\drivers
2008-11-01 19:41:20 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-01 18:47:24 ----SHD---- C:\Config.Msi
2008-11-01 17:53:20 ----RD---- C:\Program Files
2008-11-01 01:05:36 ----D---- C:\WINDOWS\system32
2008-11-01 01:04:35 ----D---- C:\WINDOWS\system32\olixds01
2008-11-01 01:04:35 ----D---- C:\WINDOWS\system32\IDME
2008-10-31 18:23:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-31 18:11:53 ----D---- C:\Downloads
2008-10-31 18:01:17 ----A---- C:\WINDOWS\system32\efebc4f8-.txt
2008-10-31 16:00:23 ----SD---- C:\WINDOWS\Tasks
2008-10-31 13:40:12 ----AC---- C:\WINDOWS\wininit.ini
2008-10-31 13:40:07 ----D---- C:\Program Files\Common Files
2008-10-31 03:40:16 ----D---- C:\Program Files\Mozilla Firefox
2008-10-30 18:31:51 ----D---- C:\WINDOWS\Prefetch
2008-10-30 18:31:31 ----D---- C:\WINDOWS\system32\?ymbols
2008-10-29 20:29:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-29 20:28:58 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-29 17:49:59 ----D---- C:\temp
2008-10-15 16:30:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-15 16:30:24 ----HD---- C:\WINDOWS\inf
2008-10-15 16:21:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-15 15:58:16 ----D---- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-10-15 00:47:38 ----D---- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-10-03 09:14:30 ----D---- C:\Program Files\Spybot - Search & Destroy

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 SAVRT;SAVRT; \??\c:\Program Files\Norton AntiVirus\SAVRT.SYS []
R1 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-12-05 11392]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-01-21 267384]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-08-15 12032]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-01 652497]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2004-01-26 28256]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040129.004\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040129.004\NavEx15.Sys []
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-29 23808]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
S1 SASDIFSV;SASDIFSV; \??\C:\PROGRA~1\SUPERA~1\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-11-20 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-11-20 99002]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-12-12 391424]
S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
S3 FragFX;FragFX NT service; C:\WINDOWS\System32\Drivers\FragFX.sys [2008-01-03 29824]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SIS162u;%sis162.Service.DispName%; C:\WINDOWS\System32\DRIVERS\sis162u.sys [2004-05-27 154112]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-12-06 429440]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-01-21 26424]
S3 TnIDriver;TnIDriver; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\tni19.tmp []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-10-16 117760]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2003-08-15 255136]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2003-08-15 234656]
R2 navapsvc;Norton AntiVirus Auto Protect Service; c:\Program Files\Norton AntiVirus\navapsvc.exe [2003-08-17 158376]
R2 SAVScan;SAVScan; c:\Program Files\Norton AntiVirus\SAVScan.exe [2003-08-10 193816]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2003-08-15 87200]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-03 267776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-01-21 206552]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------

rainshield
2008-11-02, 03:17
info.txt logfile of random's system information tool 1.04 2008-11-01 20:08:28

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.56 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Advertisement Service-->C:\WINDOWS\system32\prun.exe Uninstall
AdwareAlert-->MsiExec.exe /X{3D3E16B8-170A-4516-83F2-0F989B8CC5DD}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avant Browser (remove only)-->"C:\Program Files\Avant Browser\uninst.exe"
Blackhawk Striker from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F07504C6-20C5-4BFE-83A0-523FB2455E72\Uninstall.exe"
Blasterball 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Bounce Symphony from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
CC_ccStart-->MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compaq Connections-->C:\WINDOWS\BWUnin-6.2.3.66L.exe -AppId 1940576
Compaq Instant Support-->C:\PROGRA~1\COMPAQ~2\UNWISE.EXE C:\PROGRA~1\COMPAQ~2\INSTALL.LOG
Counter-Strike-->"C:\PROGRA~1\Steam\steam.exe" steam://uninstall/10
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Excavation from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C679AA5F-C2C8-4EA8-9CD1-504A39AEC264\Uninstall.exe"
Five Card Frenzy from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\2FDCC229-354D-4279-ABEF-CE17E355BFFA\Uninstall.exe"
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
HijackThis 2.0.2-->"C:\PROGRA~1\TRENDM~1\HIJACK~1\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
hp deskjet 3600-->msiexec /x{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo & Imaging 3.5 - HP Devices-->C:\Program Files\HP\Digital Imaging\{15B9DC72-73F9-4d99-9E28-848D66DA8D99}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Software Update-->MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Online Scanner-->C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KBD-->C:\HP\KBD\KBD.EXE uninstalled
K-Lite Codec Pack 2.88 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LaserJet 1018-->C:\Program Files\Zenographics\{7FAA09AA-BFFA-42E4-97D2-3079766D2454}\setup.exe -u "HPLJInstaller.dll=Hplj1018.inf"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matroska Pack - Lazy Man's MKV 0.9.9-->"C:\Program Files\LD-Anime\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
MUSICMATCH® Jukebox-->C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Norton AntiVirus 2004 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus 2004-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
NVIDIA GART Driver-->C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
Orbital from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\26DC0ED6-93A7-43C1-8DC5-EC16079580F9\Uninstall.exe"
Otto from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8A225900-C06D-41DD-B66C-43840D472758\Uninstall.exe"
Overball from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\FA7F5211-C629-4711-BD82-7DFFB08CB518\Uninstall.exe"
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Polar Bowler from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
RealOne Player-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealPlayer|6.0
RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Slyder from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E\Uninstall.exe"
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpamSubtract-->C:\PROGRA~1\INTERM~1\SPAMSU~1\UNWISE.EXE /U C:\PROGRA~1\INTERM~1\SPAMSU~1\INSTALL.LOG
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SymNet-->MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{C35BF80A-6284-485E-AE18-023AA8C43185}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Zone Deluxe Games-->MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}

=====HijackThis Backups=====

O4 - HKCU\..\Run: [Notn] "C:\WINDOWS\System32\SCURIT~1\wuaclt.exe" -vt yazb
O2 - BHO: (no name) - {95CB3857-A0E7-F21B-EE5B-FD8A45862C97} - C:\WINDOWS\System32\cnsi.dll (file missing)
O4 - HKCU\..\Run: [Omht] C:\WINDOWS\??stem32\?poolsv.exe
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')

======Hosts File======

127.0.0.1 localhost

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

katana
2008-11-02, 14:03
Information

I see that MalwareBytes is installed, did that not run properly ?
----------------------------------------------------------- -----------------------------------------------------------

Step 1


Backup the Registry

Download ERUNT (http://www.softpedia.com/get/Tweak/Registry-Tweak/Erunt-g.shtml) to your desktop
Double-click on the file to install the program
Untick the NTREGOPT desktop shortcut option
Click No when you get the option to run Erunt at Windows startup.
During the installation, tick Launch Erunt
Accept the defaults for running a backup
Erunt will then backup your registry

----------------------------------------------------------- -----------------------------------------------------------
Step 2


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See HERE (http://www.bleepingcomputer.com/forums/topic114351.html) for help

Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

----------------------------------------------------------- -----------------------------------------------------------


Logs/Information to Post in Reply
Please post the following logs/Information in your reply

ComboFix Log

rainshield
2008-11-03, 07:27
thanks katana for helping, yes i installed malwarebytes other days, and i did run it to clear some malware. btw, i did follow all your step, but on step 2 after installed the combofix, i run it, there's loading bar on my screen, but nothing happened, i turned off every anti-virus or anti-spybot, anti-malware, but still cant get the combofix to load up. How i can fix this ?

katana
2008-11-03, 12:38
Please post the log from the MalwareBytes run. It should be here ..
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Delete the copy of ComboFix that you have and download the updated one and then try running it again.

rainshield
2008-11-03, 17:17
thanks for the reply, here is the walmarebyte log:
Malwarebytes' Anti-Malware 1.30
Database version: 1354
Windows 5.1.2600 Service Pack 2

11/1/2008 5:52:29 PM
mbam-log-2008-11-01 (17-52-29).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 151832
Time elapsed: 41 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 31

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9e91ef7b-6846-45c3-a8ab-67cf7c900783} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e91ef7b-6846-45c3-a8ab-67cf7c900783} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\g]eeV\mWhjlnspB (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\ (Broken.OpenCommand) -> Bad: (C:\WINDOWS\svchost.com "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118414.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118416.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118418.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118420.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118422.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118423.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118424.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118425.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118426.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118427.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118428.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118429.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118430.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118431.dll (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118432.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118433.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118434.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118435.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118436.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118437.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118438.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118439.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118440.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118441.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118442.exe (Adware.Trafficsol) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118443.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118444.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118462.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118468.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP465\A0118470.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

rainshield
2008-11-03, 17:51
and here is the combofix log, sorry i have to spit it in many posts bcuz it's too long.
ComboFix 08-11-02.04 - Owner 2008-11-03 1:46:13.10 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Owner\My Documents\ASKS~1
C:\Documents and Settings\Owner\My Documents\ICROSO~1.NET
C:\Documents and Settings\Owner\My Documents\ICROSO~1.NET\t?skmgr.exe
C:\Documents and Settings\Owner\My Documents\MBOLS~1
C:\Program Files\Common Files\ppatch~1
C:\WINDOWS\directx.sys
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
C:\WINDOWS\IA
C:\WINDOWS\netdx.dat
C:\WINDOWS\svchost.com
C:\WINDOWS\system32\aadenwhc.ini
C:\WINDOWS\system32\aanxtbko.ini
C:\WINDOWS\system32\akjjhqhu.ini
C:\WINDOWS\system32\biddttkt.ini
C:\WINDOWS\system32\cfbsfohn.ini
C:\WINDOWS\system32\cqxtebrq.ini
C:\WINDOWS\system32\DKknmnnn.ini
C:\WINDOWS\system32\DKknmnnn.ini2
C:\WINDOWS\system32\ehdlgsis.ini
C:\WINDOWS\system32\ekrogbqk.ini
C:\WINDOWS\system32\fiyppunx.ini
C:\WINDOWS\system32\fwojiwxv.ini
C:\WINDOWS\system32\gvkngbxe.ini
C:\WINDOWS\system32\hghypcac.ini
C:\WINDOWS\system32\hkhhunre.ini
C:\WINDOWS\system32\hmhobldo.ini
C:\WINDOWS\system32\hqkvymfx.ini
C:\WINDOWS\system32\hxirhplu.ini
C:\WINDOWS\system32\hylafnwx.ini
C:\WINDOWS\system32\icroso~1.net
C:\WINDOWS\system32\icvepaao.ini
C:\WINDOWS\system32\igsmdhpn.ini
C:\WINDOWS\system32\imdejsvk.ini2
C:\WINDOWS\system32\imdejsvk.tmp
C:\WINDOWS\system32\irymvqeo.ini
C:\WINDOWS\system32\jlfkidxk.ini
C:\WINDOWS\system32\jovsyjvh.ini
C:\WINDOWS\system32\kdywkoen.ini
C:\WINDOWS\system32\kiipxbsj.ini
C:\WINDOWS\system32\kvbpduiu.ini
C:\WINDOWS\system32\lahhvcat.ini
C:\WINDOWS\system32\mmoedlxu.ini
C:\WINDOWS\system32\mrollcbf.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mvugyopj.ini
C:\WINDOWS\system32\npemydcn.ini
C:\WINDOWS\system32\nqsdvphd.ini
C:\WINDOWS\system32\nvdntquu.ini
C:\WINDOWS\system32\ofkwqfbj.ini
C:\WINDOWS\system32\ofniqtgv.ini
C:\WINDOWS\system32\oojdrnko.ini
C:\WINDOWS\system32\oUFLknnn.ini
C:\WINDOWS\system32\oUFLknnn.ini2
C:\WINDOWS\system32\oxymncyi.ini
C:\WINDOWS\system32\peijagrx.ini
C:\WINDOWS\system32\phanwixv.ini
C:\WINDOWS\system32\plccgffl.ini
C:\WINDOWS\system32\qevqbamx.ini
C:\WINDOWS\system32\qgimrdho.ini
C:\WINDOWS\system32\qnmemxbs.ini
C:\WINDOWS\system32\qowtngbp.ini
C:\WINDOWS\system32\raqkhhkq.ini
C:\WINDOWS\system32\rkccqfxw.ini
C:\WINDOWS\system32\uBdccccf.ini
C:\WINDOWS\system32\uBdccccf.ini2
C:\WINDOWS\system32\ueqepwsk.ini
C:\WINDOWS\system32\uomkvfrt.ini
C:\WINDOWS\system32\vbflgppg.ini
C:\WINDOWS\system32\vfcmfdqi.ini
C:\WINDOWS\system32\vthhhpek.ini
C:\WINDOWS\system32\vvauqdea.ini
C:\WINDOWS\system32\vwkyoggn.ini
C:\WINDOWS\system32\xmenjukq.ini
C:\WINDOWS\system32\xuirgwdx.ini
C:\WINDOWS\system32\yhsentak.ini
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\ymbols~1\?ymbols\
C:\WINDOWS\system32\ymbols~1\services.exe
C:\WINDOWS\Tasks\hqnmcmfm.job
C:\WINDOWS\Tasks\iuhbjwzo.job
C:\WINDOWS\Tasks\upjvotcn.job

----- BITS: Possible infected sites -----

hxxp://kakoitodomen.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TnIDriver


((((((((((((((((((((((((( Files Created from 2008-10-03 to 2008-11-03 )))))))))))))))))))))))))))))))
.

2008-11-02 22:57 . 2008-11-02 22:57 <DIR> d-------- C:\Program Files\ERUNT
2008-11-01 20:08 . 2008-11-01 20:08 <DIR> d-------- C:\rsit
2008-10-31 22:22 . 2008-10-31 22:22 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-10-31 22:21 . 2008-10-31 22:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-31 22:21 . 2008-10-31 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-31 22:21 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-31 22:21 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-30 18:42 . 2008-10-30 18:42 4,286 --a------ C:\WINDOWS\system32\Jamster.ico
2008-10-29 17:49 . 2008-11-01 01:04 <DIR> d-------- C:\WINDOWS\system32\EV19
2008-10-29 17:49 . 2008-10-29 17:49 34,304 --a------ C:\WINDOWS\system32\prun.exe
2008-10-29 17:13 . 2008-10-29 17:13 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-15 16:21 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-15 16:21 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-10-15 16:18 . 2008-01-03 21:28 29,824 --a------ C:\WINDOWS\system32\drivers\FragFX.sys
2008-10-15 00:47 . 2008-10-15 00:47 262,144 --a------ C:\ntuser.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 10:52 --------- d-----w C:\Program Files\Avant Browser
2008-11-02 10:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-30 04:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-30 04:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-10-15 23:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-10-15 08:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-10-03 17:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-30 22:09 --------- d-----w C:\Program Files\Starcraft
2008-09-03 06:26 --------- d--h--w C:\Program Files\Zenographics
2008-09-03 06:26 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-19 06:35 115,712 ----a-w C:\WINDOWS\system32\wsxinxak.dll
2008-08-19 06:35 115,712 ----a-w C:\WINDOWS\system32\knsasu.dll
2008-08-19 06:26 89,600 ----a-w C:\WINDOWS\system32\dhxdqkjj.dll
2008-08-16 01:35 100,096 ----a-w C:\WINDOWS\system32\saapslaw.dll
2008-08-15 01:34 89,088 ----a-w C:\WINDOWS\system32\gayywavw.dll
2008-08-14 01:35 89,600 ----a-w C:\WINDOWS\system32\avyfiywp.dll
2008-08-13 01:33 89,088 ----a-w C:\WINDOWS\system32\khyvmkan.dll
2008-08-12 01:31 89,088 ----a-w C:\WINDOWS\system32\ufavrghg.dll
2007-09-02 10:50 304,453 ----a-w C:\Documents and Settings\Owner\mcc.exe
2007-09-02 06:01 160,768 ----a-w C:\Documents and Settings\Owner\gotgo.exe

rainshield
2008-11-03, 18:03
+ 2004-09-29 22:31:17 134,912 -c--a-w C:\WINDOWS\$hf_mig$\KB886185\SP2QFE\ipnat.sys
+ 2004-10-14 18:34:51 7,168 -c--a-w C:\WINDOWS\$hf_mig$\KB886185\spmsg.dll
+ 2004-10-14 18:36:16 169,984 -c--a-w C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe
+ 2004-10-14 18:36:15 21,504 -c--a-w C:\WINDOWS\$hf_mig$\KB886185\update\spcustom.dll
+ 2004-10-14 18:34:52 654,848 -c--a-w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
+ 2004-10-13 16:21:24 1,694,208 -c--a-w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
+ 2004-10-14 19:34:52 7,168 -c--a-w C:\WINDOWS\$hf_mig$\KB887472\spmsg.dll
+ 2004-10-14 19:36:18 169,984 -c--a-w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
+ 2004-10-14 19:36:16 21,504 -c--a-w C:\WINDOWS\$hf_mig$\KB887472\update\spcustom.dll
+ 2004-10-14 19:34:54 654,848 -c--a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
+ 2006-02-15 00:30:07 142,464 -c--a-w C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB900485\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB900485\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB900485\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB900485\update\updspapi.dll
+ 2005-08-30 04:13:42 1,287,680 -c--a-w C:\WINDOWS\$hf_mig$\KB904706\SP2QFE\quartz.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB904706\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB904706\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB904706\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB904706\update\updspapi.dll
+ 2006-03-24 04:47:44 49,152 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\SP2QFE\wdigest.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB904942\update\updspapi.dll
+ 2006-07-14 15:52:22 121,856 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\SP2QFE\xmllite.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\update\update.exe
+ 2005-10-12 23:12:33 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB915865\update\updspapi.dll
+ 2006-03-17 01:08:10 262,656 -c--a-w C:\WINDOWS\$hf_mig$\KB916595\SP2QFE\http.sys
+ 2005-10-12 23:16:49 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB916595\spmsg.dll
+ 2005-10-12 23:16:49 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB916595\spuninst.exe
+ 2005-10-12 23:16:49 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB916595\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB916595\update\update.exe
+ 2005-10-12 23:16:56 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB916595\update\updspapi.dll
+ 2006-11-27 15:17:10 539,136 -c--a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\msftedit.dll
+ 2006-11-27 15:17:10 433,664 -c--a-w C:\WINDOWS\$hf_mig$\KB918118\SP2QFE\riched20.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB918118\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB918118\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB918118\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB918118\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB918118\update\updspapi.dll
+ 2006-10-12 13:54:18 42,496 -c--a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdp2.dll
+ 2006-10-12 13:54:18 57,344 -c--a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentdpv.dll
+ 2006-10-12 11:54:07 256,512 -c--a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe
+ 2006-10-16 10:29:15 248,320 -c--a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:16:49 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB920213\spmsg.dll
+ 2005-10-12 23:16:49 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB920213\spuninst.exe
+ 2005-10-12 23:16:49 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB920213\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB920213\update\update.exe
+ 2005-10-12 23:16:56 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB920213\update\updspapi.dll
+ 2006-06-14 08:50:19 172,416 -c--a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\kmixer.sys
+ 2006-06-14 08:50:19 6,272 -c--a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\splitter.sys
+ 2006-06-14 09:17:04 82,944 -c--a-w C:\WINDOWS\$hf_mig$\KB920872\SP2QFE\wdmaud.sys
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB920872\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB920872\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB920872\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB920872\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB920872\update\updspapi.dll
+ 2007-05-17 11:25:21 549,888 -c--a-w C:\WINDOWS\$hf_mig$\KB921503\SP2QFE\oleaut32.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB921503\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB921503\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB921503\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB921503\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB921503\update\updspapi.dll
+ 2006-08-21 12:26:44 16,896 -c--a-w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltlib.dll
+ 2006-08-21 09:43:32 23,040 -c--a-w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmc.exe
+ 2006-08-21 09:43:32 128,768 -c--a-w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmgr.sys
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB922582\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB922582\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB922582\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB922582\update\update.exe
+ 2005-10-12 23:12:33 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB922582\update\updspapi.dll
+ 2006-10-13 12:41:38 64,000 -c--a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwapi32.dll
+ 2006-10-13 12:41:38 142,336 -c--a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
+ 2006-10-13 10:39:12 163,456 -c--a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwrdr.sys
+ 2006-10-13 12:41:38 65,536 -c--a-w C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwwks.dll
+ 2005-10-12 23:16:49 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB923980\spmsg.dll
+ 2005-10-12 23:16:49 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB923980\spuninst.exe
+ 2005-10-12 23:16:49 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB923980\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB923980\update\update.exe
+ 2005-10-12 23:16:56 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB923980\update\updspapi.dll
+ 2006-08-17 12:37:49 726,528 -c--a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\lsasrv.dll
+ 2006-08-17 12:37:49 337,408 -c--a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\netapi32.dll
+ 2006-08-17 12:37:49 132,096 -c--a-w C:\WINDOWS\$hf_mig$\KB924270\SP2QFE\wkssvc.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB924270\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB924270\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB924270\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB924270\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB924270\update\updspapi.dll
+ 2007-03-08 15:48:36 282,112 -c--a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\gdi32.dll
+ 2007-03-08 15:48:36 40,960 -c--a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\mf3216.dll
+ 2007-03-08 15:48:36 578,048 -c--a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
+ 2007-03-08 13:49:49 1,843,968 -c--a-w C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
+ 2006-01-19 19:29:19 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB925902\spmsg.dll
+ 2006-01-19 19:29:19 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB925902\spuninst.exe
+ 2006-01-19 19:29:19 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB925902\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB925902\update\update.exe
+ 2006-01-19 19:29:19 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB925902\update\updspapi.dll
+ 2006-10-19 13:59:58 713,216 -c--a-w C:\WINDOWS\$hf_mig$\KB926255\SP2QFE\sxs.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB926255\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB926255\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB926255\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB926255\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB926255\update\updspapi.dll
+ 2006-10-16 17:14:17 122,880 -c--a-w C:\WINDOWS\$hf_mig$\KB926436\SP2QFE\oledlg.dll
+ 2005-10-12 23:16:49 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB926436\spmsg.dll
+ 2005-10-12 23:16:49 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB926436\spuninst.exe
+ 2005-10-12 23:16:49 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB926436\update\spcustom.dll
+ 2005-10-12 23:16:51 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB926436\update\update.exe
+ 2005-10-12 23:16:56 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB926436\update\updspapi.dll
+ 2006-12-26 13:18:55 536,576 -c--a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msado15.dll
+ 2006-12-26 13:18:55 180,224 -c--a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadomd.dll
+ 2006-12-26 13:18:55 200,704 -c--a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msadox.dll
+ 2006-12-26 13:18:55 102,400 -c--a-w C:\WINDOWS\$hf_mig$\KB927779\SP2QFE\msjro.dll
+ 2006-01-19 19:29:19 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB927779\spmsg.dll
+ 2006-01-19 19:29:19 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB927779\spuninst.exe
+ 2006-01-19 19:29:19 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB927779\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB927779\update\update.exe
+ 2006-01-19 19:29:19 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB927779\update\updspapi.dll
+ 2006-12-19 18:47:14 333,824 -c--a-w C:\WINDOWS\$hf_mig$\KB927802\SP2QFE\wiaservc.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB927802\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB927802\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB927802\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB927802\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB927802\update\updspapi.dll
+ 2007-04-18 16:14:43 2,854,400 -c--a-w C:\WINDOWS\$hf_mig$\KB927891\SP2QFE\msi31.dll
+ 2006-01-19 19:29:19 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB927891\spmsg.dll
+ 2006-01-19 19:29:19 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB927891\spuninst.exe
+ 2006-01-19 19:29:19 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB927891\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB927891\update\update.exe
+ 2006-01-19 19:29:19 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB927891\update\updspapi.dll
+ 2006-12-19 21:50:10 8,458,752 -c--a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shell32.dll
+ 2006-12-19 21:50:10 135,168 -c--a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
+ 2006-12-19 16:10:56 248,320 -c--a-w C:\WINDOWS\$hf_mig$\KB928255\SP2QFE\xpsp3res.dll
+ 2006-01-19 19:29:19 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB928255\spmsg.dll
+ 2006-01-19 19:29:19 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB928255\spuninst.exe
+ 2006-01-19 19:29:19 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB928255\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB928255\update\update.exe
+ 2006-01-19 19:29:19 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB928255\update\updspapi.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB928843\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB928843\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB928843\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB928843\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB928843\update\updspapi.dll
+ 2007-05-16 15:32:55 86,528 -c--a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\directdb.dll
+ 2007-05-16 15:32:55 683,520 -c--a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\inetcomm.dll
+ 2007-05-16 15:32:56 1,314,816 -c--a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\msoe.dll
+ 2007-05-16 15:32:56 510,976 -c--a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wab32.dll
+ 2007-05-16 15:32:56 85,504 -c--a-w C:\WINDOWS\$hf_mig$\KB929123\SP2QFE\wabimp.dll
+ 2006-01-19 19:29:19 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB929123\spmsg.dll
+ 2006-01-19 19:29:19 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB929123\spuninst.exe
+ 2006-01-19 19:29:19 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB929123\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB929123\update\update.exe
+ 2006-01-19 19:29:19 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB929123\update\updspapi.dll
+ 2007-03-17 13:45:03 292,864 -c--a-w C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB930178\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB930178\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB930178\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB930178\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB930178\update\updspapi.dll
+ 2007-02-09 11:23:36 574,976 -c--a-w C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB930916\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB930916\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB930916\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB930916\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB930916\update\updspapi.dll
+ 2007-02-05 20:19:14 185,344 -c--a-w C:\WINDOWS\$hf_mig$\KB931261\SP2QFE\upnphost.dll
+ 2006-01-19 19:29:19 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB931261\spmsg.dll
+ 2006-01-19 19:29:19 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB931261\spuninst.exe
+ 2006-01-19 19:29:19 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB931261\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB931261\update\update.exe
+ 2006-01-19 19:29:19 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB931261\update\updspapi.dll
+ 2007-02-28 09:53:04 2,137,600 -c--a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
+ 2007-02-28 09:15:56 2,059,392 -c--a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
+ 2007-02-28 09:15:59 2,017,280 -c--a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
+ 2007-02-28 09:55:14 2,182,144 -c--a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB931784\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB931784\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB931784\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB931784\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB931784\update\updspapi.dll
+ 2007-03-09 13:58:57 57,344 -c--a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\agentdpv.dll
+ 2007-03-09 11:28:00 248,320 -c--a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\xpsp3res.dll
+ 2006-01-19 19:29:19 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB932168\spmsg.dll
+ 2006-01-19 19:29:19 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe
+ 2006-01-19 19:29:19 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB932168\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
+ 2006-01-19 19:29:19 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB932168\update\updspapi.dll
+ 2008-02-26 11:48:44 297,984 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
+ 2007-07-09 13:16:16 582,656 -c--a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 -c--a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-04-16 16:07:27 986,112 -c--a-w C:\WINDOWS\$hf_mig$\KB935839\SP2QFE\kernel32.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB935839\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB935839\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB935839\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB935839\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB935839\update\updspapi.dll
+ 2007-04-25 20:32:22 144,896 -c--a-w C:\WINDOWS\$hf_mig$\KB935840\SP2QFE\schannel.dll
+ 2006-01-19 19:29:19 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB935840\spmsg.dll
+ 2006-01-19 19:29:19 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB935840\spuninst.exe
+ 2006-01-19 19:29:19 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB935840\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB935840\update\update.exe
+ 2006-01-19 19:29:19 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB935840\update\updspapi.dll
+ 2007-06-26 06:06:12 1,104,896 -c--a-w C:\WINDOWS\$hf_mig$\KB936021\SP2QFE\msxml3.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB936021\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB936021\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB936021\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB936021\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB936021\update\updspapi.dll
+ 2007-04-23 10:14:23 364,160 -c--a-w C:\WINDOWS\$hf_mig$\KB936357\SP2QFE\update.sys
+ 2006-01-19 19:29:19 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB936357\spmsg.dll
+ 2006-01-19 19:29:19 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB936357\spuninst.exe
+ 2006-01-19 19:29:19 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB936357\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB936357\update\update.exe
+ 2006-01-19 19:29:19 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB936357\update\updspapi.dll
+ 2007-07-12 23:28:55 765,952 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\SP2QFE\vgx.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB938127-IE7\update\updspapi.dll
+ 2007-06-26 15:16:01 851,968 -c--a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
+ 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB938828\spmsg.dll
+ 2005-10-12 23:12:26 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB938828\spuninst.exe
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB938828\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB938828\update\update.exe
+ 2005-10-12 23:12:34 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB938828\update\updspapi.dll
+ 2007-06-19 13:37:21 282,112 -c--a-w C:\WINDOWS\$hf_mig$\KB938829\SP2QFE\gdi32.dll
+ 2006-01-19 19:29:19 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB938829\spmsg.dll
+ 2006-01-19 19:29:19 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB938829\spuninst.exe
+ 2006-01-19 19:29:19 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB938829\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB938829\update\update.exe
+ 2006-01-19 19:29:19 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB938829\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 -c--a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2008-03-19 09:40:27 1,845,888 -c--a-w C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB941693\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB941693\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB941693\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB941693\update\updspapi.dll
+ 2007-10-10 23:47:27 124,928 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\advpack.dll
+ 2007-10-10 23:47:27 214,528 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\dxtrans.dll
+ 2007-10-10 23:47:27 132,608 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\extmgr.dll
+ 2007-10-10 23:47:27 63,488 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\icardie.dll
+ 2007-10-10 08:16:47 70,656 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ie4uinit.exe
+ 2007-10-10 23:47:27 153,088 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakeng.dll
+ 2007-10-10 23:47:27 230,400 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieaksie.dll
+ 2007-10-10 05:47:20 161,792 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dat
+ 2007-10-10 23:47:27 383,488 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieapfltr.dll
+ 2007-10-10 23:47:27 388,096 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iedkcs32.dll
+ 2007-10-10 23:47:27 6,067,200 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieframe.dll
+ 2007-10-10 23:47:27 44,544 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iernonce.dll
+ 2007-10-10 23:47:27 267,776 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iertutil.dll
+ 2007-10-10 08:16:47 13,824 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\ieudinit.exe
+ 2007-10-10 08:16:56 625,664 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
+ 2007-10-10 23:47:28 27,648 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\jsproxy.dll
+ 2007-10-10 23:47:28 459,264 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeeds.dll
+ 2007-10-10 23:47:28 52,224 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msfeedsbs.dll
+ 2007-10-30 23:48:49 3,593,216 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
+ 2007-10-10 23:47:28 478,208 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mshtmled.dll
+ 2007-10-10 23:47:28 193,024 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\msrating.dll
+ 2007-10-10 23:47:28 671,232 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\mstime.dll
+ 2007-10-10 23:47:28 102,912 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\occache.dll
+ 2007-10-10 23:47:28 105,984 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\url.dll
+ 2007-10-10 23:47:29 1,162,240 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\urlmon.dll
+ 2007-10-10 23:47:29 233,472 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\webcheck.dll
+ 2007-10-10 23:47:29 825,344 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\update.exe
+ 2007-06-30 20:22:56 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB942615-IE7\update\updspapi.dll
+ 2007-10-11 05:57:29 1,024,000 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\browseui.dll
+ 2007-10-11 05:57:29 151,040 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\cdfview.dll
+ 2007-10-11 05:57:30 1,054,208 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\danim.dll
+ 2007-10-11 05:57:30 357,888 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtmsft.dll
+ 2007-10-11 05:57:30 205,824 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\dxtrans.dll
+ 2007-10-11 05:57:30 55,808 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\extmgr.dll
+ 2007-10-10 10:48:23 18,432 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iedw.exe
+ 2007-10-11 05:57:31 251,904 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\iepeers.dll
+ 2007-10-11 05:57:31 96,256 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\inseng.dll
+ 2007-10-11 05:57:31 16,384 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\jsproxy.dll
+ 2007-10-30 09:55:21 3,065,856 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtml.dll
+ 2007-10-11 05:57:36 449,024 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mshtmled.dll
+ 2007-10-11 05:57:36 146,432 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\msrating.dll
+ 2007-10-11 05:57:37 532,480 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\mstime.dll
+ 2007-10-11 05:57:37 39,424 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\pngfilt.dll
+ 2007-10-11 05:57:39 1,498,112 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shdocvw.dll
+ 2007-10-11 05:57:40 474,112 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\shlwapi.dll
+ 2007-10-11 05:57:40 617,984 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\urlmon.dll
+ 2007-10-11 05:57:41 666,112 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
+ 2007-10-10 10:34:35 350,720 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB942615\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 -c--a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-07 02:01:07 124,928 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\advpack.dll
+ 2007-12-19 22:57:52 347,136 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\dxtmsft.dll
+ 2007-12-07 02:01:07 214,528 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\dxtrans.dll
+ 2007-12-07 02:01:07 133,120 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\extmgr.dll
+ 2007-12-07 02:01:07 63,488 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\icardie.dll
+ 2007-12-06 08:34:28 70,656 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
+ 2007-12-07 02:01:08 153,088 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieakeng.dll
+ 2007-12-07 02:01:08 230,400 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieaksie.dll
+ 2007-12-06 05:00:02 161,792 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dat
+ 2007-12-07 02:01:08 383,488 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieapfltr.dll
+ 2007-12-07 02:01:08 388,096 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iedkcs32.dll
+ 2007-12-07 02:01:10 6,067,200 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieframe.dll
+ 2007-12-07 02:01:10 44,544 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iernonce.dll
+ 2007-12-07 02:01:11 267,776 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iertutil.dll
+ 2007-12-06 08:34:29 13,824 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
+ 2007-12-06 08:34:45 625,664 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
+ 2007-12-07 02:01:11 27,648 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\jsproxy.dll
+ 2007-12-07 02:01:11 459,264 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msfeeds.dll
+ 2007-12-07 02:01:11 52,224 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msfeedsbs.dll
+ 2007-12-07 02:01:12 3,593,216 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
+ 2007-12-07 02:01:12 478,208 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mshtmled.dll
+ 2007-12-07 02:01:13 193,024 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\msrating.dll
+ 2007-12-07 02:01:13 671,232 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\mstime.dll
+ 2007-12-07 02:01:13 102,912 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\occache.dll
+ 2008-01-11 05:57:26 44,544 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\pngfilt.dll
+ 2007-12-07 02:01:13 105,984 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\url.dll
+ 2007-12-07 02:01:13 1,162,752 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\urlmon.dll
+ 2007-12-07 02:01:13 233,472 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\webcheck.dll
+ 2007-12-07 02:01:13 825,344 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2008-02-20 05:19:35 147,968 -c--a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsapi.dll
+ 2008-02-20 18:49:36 45,568 -c--a-w C:\WINDOWS\$hf_mig$\KB945553\SP2QFE\dnsrslvr.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB945553\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB945553\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB945553\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB945553\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 -c--a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2008-03-01 13:03:00 124,928 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll
+ 2008-03-01 13:03:00 347,136 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll
+ 2008-03-01 13:03:00 214,528 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll
+ 2008-03-01 13:03:00 132,608 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll
+ 2008-03-01 13:03:00 63,488 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll
+ 2008-02-22 09:39:56 70,656 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
+ 2008-03-01 13:03:00 153,088 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll
+ 2008-03-01 13:03:00 230,400 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll
+ 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dat
+ 2008-03-01 13:03:00 383,488 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll
+ 2008-03-01 13:03:00 388,608 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll
+ 2008-03-01 13:03:01 6,067,712 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll
+ 2008-03-01 13:03:01 44,544 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll
+ 2008-03-01 13:03:01 267,776 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll
+ 2008-02-22 09:39:56 13,824 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
+ 2008-02-22 09:40:22 625,664 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
+ 2008-03-01 13:03:01 27,648 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll
+ 2008-03-01 13:03:01 459,264 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll
+ 2008-03-01 13:03:01 52,224 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll
+ 2008-03-01 13:03:01 3,593,216 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
+ 2008-03-01 13:03:01 478,208 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll
+ 2008-03-01 13:03:01 193,024 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll
+ 2008-03-01 13:03:01 671,232 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll
+ 2008-03-01 13:03:01 102,912 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll
+ 2008-03-01 13:03:01 44,544 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll
+ 2008-03-01 13:03:02 105,984 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\url.dll
+ 2008-03-01 13:03:02 1,162,752 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll
+ 2008-03-01 13:03:02 233,472 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll
+ 2008-03-01 13:03:02 827,392 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\update\updspapi.dll
+ 2008-02-20 06:52:43 282,624 -c--a-w C:\WINDOWS\$hf_mig$\KB948590\SP2QFE\gdi32.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB948590\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB948590\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB948590\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB948590\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB948590\update\updspapi.dll
+ 2007-03-06 01:22:33 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB948881\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB948881\spuninst.exe
+ 2007-03-06 01:22:31 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB948881\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB948881\update\update.exe
+ 2007-03-06 01:23:47 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB948881\update\updspapi.dll
+ 2008-01-23 04:56:21 554,008 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11 518,944 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11 326,432 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll

rainshield
2008-11-03, 18:33
+ 2007-12-10 12:41:11 1,516,568 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11 355,112 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13 151,583 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12 60,192 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12 248,608 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12 219,936 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12 355,104 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13 432,928 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13 322,336 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13 559,904 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13 264,992 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13 838,432 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14 621,344 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14 355,104 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41 213,216 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51 371,424 -c--a-w C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-23 03:35:35 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\advpack.dll
+ 2008-04-23 03:35:35 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtmsft.dll
+ 2008-04-23 03:35:35 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\dxtrans.dll
+ 2008-04-23 03:35:35 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\extmgr.dll
+ 2008-04-23 03:35:35 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\icardie.dll
+ 2008-04-22 08:02:19 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe
+ 2008-04-23 03:35:35 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakeng.dll
+ 2008-04-23 03:35:35 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieaksie.dll
+ 2008-04-20 05:07:38 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dat
+ 2008-04-23 03:35:35 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieapfltr.dll
+ 2008-04-23 03:35:35 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iedkcs32.dll
+ 2008-04-23 03:35:36 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieframe.dll
+ 2008-04-23 03:35:36 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iernonce.dll
+ 2008-04-23 03:35:36 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iertutil.dll
+ 2008-04-22 08:02:19 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe
+ 2008-04-22 08:02:46 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
+ 2008-04-23 03:35:36 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\jsproxy.dll
+ 2008-04-23 03:35:36 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeeds.dll
+ 2008-04-23 03:35:36 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msfeedsbs.dll
+ 2008-04-23 03:35:36 3,593,728 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
+ 2008-04-23 03:35:36 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mshtmled.dll
+ 2008-04-23 03:35:36 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\msrating.dll
+ 2008-04-23 03:35:36 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\mstime.dll
+ 2008-04-23 03:35:36 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\occache.dll
+ 2008-04-23 03:35:36 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\pngfilt.dll
+ 2008-04-23 03:35:36 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\url.dll
+ 2008-04-23 03:35:36 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\urlmon.dll
+ 2008-04-23 03:35:36 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\webcheck.dll
+ 2008-04-23 03:35:36 827,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\update\updspapi.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950760\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950760\update\updspapi.dll
+ 2008-05-08 12:14:51 203,008 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP2QFE\rmcast.sys
+ 2008-05-08 14:02:52 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3GDR\rmcast.sys
+ 2008-05-08 13:58:17 203,136 ----a-w C:\WINDOWS\$hf_mig$\KB950762\SP3QFE\rmcast.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950762\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950762\update\updspapi.dll
+ 2008-06-13 09:52:16 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-13 11:05:51 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-13 11:27:43 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2008-04-14 11:00:16 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP2QFE\bthport.sys
+ 2008-04-14 12:30:49 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3GDR\bthport.sys
+ 2008-04-14 12:36:35 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376\SP3QFE\bthport.sys
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951376\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\spcustom.dll
+ 2007-11-30 11:18:51 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\update.exe
+ 2007-11-30 11:18:51 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951376\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2003-01-14 07:53:24 50,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\1394bus.sys
+ 2006-08-16 12:14:23 95,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll
+ 2002-11-21 01:50:50 179,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe
+ 2003-02-20 05:15:36 1,821,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll
+ 2003-08-16 02:43:38 406,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll
+ 2003-08-16 02:54:28 125,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclua.dll
+ 2003-08-16 02:54:36 107,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclui.dll
+ 2003-08-16 02:55:08 179,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
+ 2003-08-16 02:55:06 219,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll
+ 2003-08-16 02:54:30 181,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\activeds.dll
+ 2003-08-16 04:25:50 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe
+ 2003-08-16 04:25:44 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\actxprxy.dll
+ 2003-08-16 04:25:46 255,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\acverfyr.dll
+ 2003-08-16 04:25:50 107,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll
+ 2002-05-15 03:08:54 20,540 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.dll
+ 2002-05-15 03:08:54 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.exe
+ 2003-08-16 04:26:04 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\admparse.dll
+ 2003-08-16 07:41:00 162,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldp.dll
+ 2003-08-16 07:40:44 139,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldpc.dll
+ 2003-08-16 07:40:36 62,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsmsext.dll
+ 2003-08-16 07:41:00 239,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsnt.dll
+ 2003-08-16 07:40:54 558,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\advapi32.dll
+ 2003-08-16 07:40:58 91,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\advpack.dll
+ 2002-08-29 06:16:38 142,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\aec.sys
+ 2003-08-16 07:40:56 131,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\afd.sys
+ 2003-08-16 07:40:50 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentanm.dll
+ 2003-08-16 08:27:10 204,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentctl.dll
+ 2003-08-16 08:27:16 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdp2.dll
+ 2003-08-16 08:27:04 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentmpx.dll
+ 2003-08-16 08:27:06 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentpsh.dll
+ 2003-08-16 08:27:04 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsr.dll
+ 2003-08-16 08:27:24 235,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe
+ 2001-08-18 04:58:00 25,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
+ 2003-08-16 01:52:20 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agtintl.dll
+ 2003-08-16 01:53:10 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\ahui.exe
+ 2003-08-16 01:54:06 41,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\alg.exe
+ 2003-08-16 01:54:06 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\alrsvc.dll
+ 2003-08-16 09:37:54 32,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk6.sys
+ 2003-08-16 09:37:54 32,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk7.sys
+ 2002-12-12 15:14:32 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\amstream.dll
+ 2003-08-16 01:56:20 115,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\apphelp.dll
+ 2003-08-16 09:37:54 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\arp1394.sys
+ 2002-12-12 06:16:58 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\asferror.dll
+ 2003-08-16 02:03:08 14,366 -c----w C:\WINDOWS\$NtServicePackUninstall$\asfsipc.dll
+ 2003-08-16 02:03:02 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\asycfilt.dll
+ 2003-08-16 02:03:00 13,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys
+ 2003-08-16 02:03:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\at.exe
+ 2002-10-24 22:59:48 87,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
+ 2003-08-16 02:07:30 74,810 -c----w C:\WINDOWS\$NtServicePackUninstall$\atl.dll
+ 2003-08-16 02:11:10 10,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe
+ 2003-08-16 02:11:28 57,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmarpc.sys
+ 2003-08-16 02:11:16 272,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmfd.dll
+ 2003-08-16 02:11:10 53,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlane.sys
+ 2003-08-16 02:11:10 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlib.dll
+ 2003-08-16 02:11:08 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll
+ 2002-05-15 03:08:54 20,540 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.dll
+ 2002-05-15 03:08:54 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.exe
+ 2005-03-02 18:20:03 53,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\authz.dll
+ 2003-08-16 09:27:44 565,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
+ 2003-08-16 02:27:42 578,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\autoconv.exe
+ 2003-08-16 09:28:00 558,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\autofmt.exe
+ 2003-08-16 02:27:04 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\autolfn.exe
+ 2003-08-16 02:27:06 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\avifil32.dll
+ 2003-08-16 02:54:22 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\basesrv.dll
+ 2003-08-16 02:54:28 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\batmeter.dll
+ 2003-08-16 02:54:22 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\batt.dll
+ 2003-02-18 01:16:26 11,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\bdasup.sys
+ 2003-08-16 04:25:38 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\bidispl.dll
+ 2004-07-01 22:08:18 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx2.dll
+ 2004-07-01 22:08:18 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx3.dll
+ 2002-12-12 09:09:20 232,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\blackbox.dll
+ 2003-08-16 08:27:30 68,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\bridge.sys
+ 2003-08-16 09:15:34 62,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\browselc.dll
+ 2003-08-16 09:15:36 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\browser.dll
+ 2006-09-04 06:23:53 1,027,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\browseui.dll
+ 2003-08-16 09:16:02 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\browsewm.dll
+ 2003-08-16 08:52:26 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabinet.dll
+ 2003-08-16 01:51:58 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabview.dll
+ 2004-03-30 01:48:36 364,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\callcont.dll
+ 2003-08-16 01:54:22 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\camocx.dll
+ 2005-07-26 04:30:34 220,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll
+ 2003-08-16 01:54:04 85,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvps.dll
+ 2005-07-26 04:30:38 581,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll
+ 2003-02-18 01:16:26 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys
+ 2003-08-16 01:56:22 59,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys
+ 2004-12-08 02:43:02 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfview.dll
+ 2005-09-10 02:04:32 2,025,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdosys.dll
+ 2003-08-16 01:56:18 47,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
+ 2003-08-16 01:56:40 186,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\certcli.dll
+ 2003-08-16 01:58:20 436,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\certmgr.dll
+ 2002-11-27 10:03:32 159,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\cewmdm.dll
+ 2003-08-16 02:00:20 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgbkend.dll
+ 2003-08-16 02:00:24 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgmgr32.dll
+ 2002-05-15 03:08:54 188,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe
+ 2003-08-16 02:07:52 1,267,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\cimwin32.dll
+ 2006-06-22 05:19:48 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\ciodm.dll
+ 2003-08-16 02:07:28 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe
+ 2003-08-16 02:11:08 46,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
+ 2005-07-26 04:30:38 110,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll
+ 2005-07-26 04:30:41 497,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll
+ 2003-08-16 02:11:08 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
+ 2003-08-16 02:11:26 127,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.dll
+ 2003-08-16 02:11:08 45,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe
+ 2003-08-16 02:26:58 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe
+ 2003-08-16 02:26:54 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
+ 2003-08-16 02:27:12 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\clusapi.dll
+ 2003-08-16 02:27:10 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmcfg32.dll
+ 2003-08-16 02:26:56 375,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
+ 2003-08-16 02:26:56 324,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdial32.dll
+ 2003-08-16 02:27:10 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe
+ 2003-08-16 02:44:02 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe
+ 2003-08-16 02:42:52 174,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmprops.dll
+ 2003-08-16 02:42:42 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe
+ 2003-08-16 02:42:38 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmutil.dll
+ 2003-08-16 10:22:58 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\cnbjmon.dll
+ 2005-07-26 04:30:41 62,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\colbact.dll
+ 2005-07-26 04:30:42 187,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll
+ 2006-08-25 15:53:55 561,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll
+ 2003-08-16 02:54:22 258,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\comdlg32.dll
+ 2003-08-16 04:24:06 238,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\compatui.dll
+ 2003-08-16 04:24:04 222,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\compstui.dll
+ 2003-08-16 07:40:24 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe
+ 2003-08-16 07:40:54 792,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\comres.dll
+ 2005-07-26 04:30:49 1,179,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll
+ 2005-07-26 04:31:11 499,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\comuid.dll
+ 2003-08-16 07:40:48 995,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\conf.exe
+ 2003-08-16 07:40:18 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\confmrsl.dll
+ 2003-08-16 08:27:10 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\conime.exe
+ 2003-08-16 09:15:20 14,877 -c----w C:\WINDOWS\$NtServicePackUninstall$\corpol.dll
+ 2003-08-16 03:57:56 57,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\cplexe.exe
+ 2003-08-16 01:51:58 158,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\credui.dll
+ 2003-08-16 09:37:54 31,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\crusoe.sys
+ 2002-09-24 05:10:26 544,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll
+ 2003-08-16 01:51:56 70,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdlg.dll
+ 2003-08-16 01:51:58 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdll.dll
+ 2003-08-16 01:54:20 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptext.dll
+ 2003-08-16 01:54:02 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptnet.dll
+ 2003-03-26 07:40:14 53,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
+ 2003-07-25 07:40:22 477,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptui.dll
+ 2004-10-28 01:29:54 92,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscdll.dll
+ 2003-08-16 01:54:00 102,450 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscript.exe
+ 2003-08-16 01:54:18 307,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscui.dll
+ 2003-08-16 01:54:00 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrsrv.dll
+ 2003-08-16 01:54:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
+ 2003-08-16 01:54:00 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
+ 2002-07-07 09:01:46 114,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\custsat.dll
+ 2002-12-12 15:14:32 1,177,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8.dll
+ 2002-12-12 15:14:32 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll
+ 2003-05-31 00:00:02 1,634,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll
+ 2003-05-31 00:00:02 797,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3dim700.dll
+ 2003-08-16 02:55:34 557,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\dao360.dll
+ 2003-08-16 02:53:46 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\dataclen.dll
+ 2003-08-16 02:53:46 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\davclnt.dll
+ 2003-08-16 09:54:52 489,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbghelp.dll
+ 2003-08-16 02:53:44 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbmsrpcn.dll
+ 2003-10-28 11:12:42 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll
+ 2003-08-16 02:53:42 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnmpntw.dll
+ 2003-08-16 04:23:34 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2003-08-16 04:23:34 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcap32.dll
+ 2003-08-16 04:23:52 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\dciman32.dll
+ 2003-08-16 04:23:30 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe
+ 2002-12-12 15:14:32 284,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll
+ 2002-12-12 15:14:32 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddrawex.dll
+ 2003-08-16 04:23:46 70,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\defrag.exe
+ 2003-05-31 00:00:02 132,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\devenum.dll
+ 2003-08-16 07:40:08 263,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\devmgr.dll
+ 2003-08-16 07:40:04 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe
+ 2003-08-16 08:26:50 99,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe
+ 2003-08-16 08:27:00 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgsnap.dll
+ 2003-08-16 08:27:00 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgui.dll
+ 2003-08-16 08:27:00 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfsshlex.dll
+ 2003-08-16 08:27:00 103,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\dgnet.dll
+ 2006-05-19 12:15:32 103,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2003-08-16 09:15:16 522,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\dialer.exe
+ 2003-08-16 09:15:34 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\diantz.exe
+ 2003-08-16 09:15:30 55,296 -c----w C:\WINDOWS\$NtServicePackUninstall$\digest.dll
+ 2003-08-16 01:50:22 151,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\dinput.dll
+ 2003-08-16 01:50:28 168,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dinput8.dll
+ 2006-02-27 21:31:38 75,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\directdb.dll
+ 2003-08-16 01:50:02 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\disk.sys
+ 2003-08-16 01:51:56 13,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskdump.sys
+ 2003-08-16 01:51:58 145,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe
+ 2003-08-16 01:54:02 294,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe
+ 2003-08-16 01:53:58 4,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe
+ 2003-08-16 01:54:04 204,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe
+ 2002-12-12 15:14:32 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmband.dll
+ 2003-08-16 01:54:02 780,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmboot.sys
+ 2002-12-12 15:14:32 58,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmcompos.dll
+ 2003-08-16 01:53:58 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmdskmgr.dll
+ 2002-12-12 15:14:32 171,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmime.dll
+ 2003-08-16 01:53:58 146,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmio.sys
+ 2002-12-12 15:14:32 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmloader.dll
+ 2003-08-16 01:56:14 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe
+ 2002-12-12 15:14:32 76,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmscript.dll
+ 2003-08-16 01:56:12 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmserver.dll
+ 2002-12-12 15:14:32 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmstyle.dll
+ 2002-12-12 15:14:32 100,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmsynth.dll
+ 2002-12-12 15:14:32 116,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmusic.dll
+ 2001-08-17 20:59:58 50,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmusic.sys
+ 2003-08-16 10:22:58 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmutil.dll
+ 2006-06-26 17:47:50 140,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll
+ 2003-08-16 01:56:10 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
+ 2003-08-16 01:56:10 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\docprop2.dll
+ 2003-08-16 01:58:08 53,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\dosx.exe
+ 2003-08-16 01:58:06 115,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpcdll.dll
+ 2002-12-12 15:14:32 28,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe
+ 2002-12-12 15:14:32 217,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplayx.dll
+ 2002-12-12 15:14:32 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpmodemx.dll
+ 2002-12-12 15:14:32 3,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnaddr.dll
+ 2002-12-12 15:14:32 723,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnet.dll
+ 2003-03-25 00:00:02 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnhpast.dll
+ 2003-03-25 00:00:02 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnhupnp.dll
+ 2002-12-12 15:14:32 3,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnlobby.dll
+ 2002-12-12 15:14:32 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe
+ 2002-12-12 15:14:32 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvacm.dll
+ 2002-12-12 15:14:32 381,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvoice.dll
+ 2002-12-12 15:14:32 80,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe
+ 2002-12-12 15:14:32 112,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvvox.dll
+ 2002-12-12 15:14:32 76,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpwsockx.dll
+ 2002-12-12 09:50:18 301,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmclien.dll
+ 2002-08-29 09:32:34 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmk.sys
+ 2002-08-29 08:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2002-12-12 08:34:42 82,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmstor.dll
+ 2002-12-12 09:09:22 678,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmv2clt.dll
+ 2003-08-16 02:02:54 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\drprov.dll
+ 2003-08-16 02:04:52 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ds32gt.dll
+ 2002-12-12 15:14:32 186,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsdmo.dll
+ 2002-12-12 15:14:32 491,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsdmoprp.dll
+ 2003-08-16 02:04:58 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\dskquota.dll
+ 2002-12-12 15:14:32 355,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsound.dll
+ 2002-12-12 15:14:32 1,294,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsound3d.dll
+ 2003-08-16 02:07:22 135,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsprop.dll
+ 2003-08-16 02:07:20 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsprpres.dll
+ 2003-08-16 02:07:22 227,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsquery.dll
+ 2003-08-16 02:07:20 47,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\dssec.dll
+ 2003-08-16 02:07:46 124,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\dssenh.dll
+ 2003-08-16 02:07:22 106,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsuiext.dll
+ 2002-12-12 15:14:32 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dswave.dll
+ 2003-08-16 02:11:02 9,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe
+ 2003-08-16 02:11:36 263,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\duser.dll
+ 2003-08-16 02:11:02 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe
+ 2003-08-16 02:11:06 180,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe
+ 2002-12-12 15:14:32 602,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\dx7vb.dll
+ 2003-05-31 00:00:02 1,189,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\dx8vb.dll
+ 2003-05-31 00:00:02 937,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe
+ 2003-05-31 00:00:02 1,675,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiagn.dll
+ 2003-08-16 02:26:10 68,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxg.sys
+ 2003-08-16 02:26:24 498,205 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxmasf.dll
+ 2003-08-16 02:27:12 802,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxmrtp.dll
+ 2006-06-09 22:35:50 351,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxtmsft.dll
+ 2006-06-09 22:35:30 192,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxtrans.dll
+ 2003-08-16 02:53:42 165,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\els.dll
+ 2002-12-12 15:14:32 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\encapi.dll
+ 2002-11-26 21:15:52 166,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\encdec.dll
+ 2003-08-16 02:53:36 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\ersvc.dll
+ 2005-07-26 04:31:12 227,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\es.dll
+ 2005-10-20 22:33:08 991,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\esent.dll
+ 2003-08-16 04:23:36 235,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\esscli.dll
+ 2003-08-16 04:23:08 178,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe
+ 2003-08-16 07:40:02 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
+ 2003-08-16 07:39:58 96,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntagnt.dll
+ 2003-08-16 07:39:52 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe
+ 2003-08-16 07:39:50 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntrprv.dll
+ 2003-08-16 07:40:20 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntwin.exe
+ 2003-08-16 08:26:42 1,004,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
+ 2003-08-16 08:26:36 380,445 -c----w C:\WINDOWS\$NtServicePackUninstall$\expsrv.dll
+ 2003-08-16 08:26:18 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe
+ 2003-08-16 09:15:36 145,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys
+ 2003-08-16 09:15:46 565,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\fastprox.dll
+ 2003-08-16 09:15:02 66,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\faultrep.dll
+ 2003-08-16 09:15:24 26,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\fdc.sys
+ 2003-08-16 09:15:18 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\feclient.dll
+ 2003-08-16 01:50:00 323,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\filemgmt.dll
+ 2003-08-16 01:50:20 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\findstr.exe
+ 2004-08-20 22:01:15 82,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll
+ 2003-08-16 01:52:14 19,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\flpydisk.sys
+ 2003-08-16 01:52:28 361,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontext.dll
+ 2003-08-16 01:53:56 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontview.exe
+ 2003-08-16 01:53:54 32,828 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp40ext.dll
+ 2002-05-15 03:08:54 184,435 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4amsft.dll
+ 2002-05-15 03:08:54 82,035 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4anscp.dll
+ 2002-05-15 03:08:54 147,513 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4apws.dll
+ 2002-05-15 03:08:54 127,034 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4areg.dll
+ 2002-05-15 03:08:54 102,509 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4atxt.dll
+ 2002-05-15 03:08:54 618,605 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4autl.dll
+ 2002-05-15 03:08:54 41,020 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4avnb.dll
+ 2002-05-15 03:08:54 32,826 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4avss.dll
+ 2002-05-15 03:08:54 49,212 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4awebs.dll
+ 2002-05-15 03:08:54 872,557 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4awel.dll
+ 2002-05-15 03:08:54 14,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe
+ 2002-05-15 03:08:54 109,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe
+ 2002-05-15 03:08:54 24,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe
+ 2002-05-15 03:08:54 20,541 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpadmdll.dll
+ 2002-05-15 03:08:54 188,494 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpcount.exe
+ 2002-05-15 03:08:54 94,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpencode.dll
+ 2002-05-15 03:08:54 20,541 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpexedll.dll
+ 2002-05-15 03:08:54 598,071 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpmmc.dll
+ 2002-05-15 03:08:56 208,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpmmcsat.dll
+ 2002-05-15 03:08:54 20,538 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe
+ 2003-08-16 01:54:00 8,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\framebuf.dll
+ 2003-08-16 01:54:02 174,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\framedyn.dll
+ 2003-08-16 01:56:08 40,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
+ 2003-08-16 01:58:26 443,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsapi.dll
+ 2003-08-16 01:58:04 130,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe
+ 2003-08-16 01:58:06 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscom.dll
+ 2003-08-16 01:58:22 271,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscomex.dll
+ 2003-08-16 01:58:04 216,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe
+ 2003-08-16 01:58:02 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsdrv.dll
+ 2003-08-16 01:58:02 53,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsevent.dll
+ 2003-08-16 01:58:02 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsext32.dll
+ 2003-08-16 02:00:06 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsmon.dll
+ 2003-08-16 02:00:30 122,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsocm.dll
+ 2003-08-16 02:00:04 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsperf.dll
+ 2003-08-16 02:00:04 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsres.dll
+ 2003-08-16 02:00:28 559,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsst.dll
+ 2003-08-16 02:00:34 250,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe
+ 2003-08-16 02:00:34 236,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxst30.dll
+ 2003-08-16 02:00:18 391,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxstiff.dll
+ 2003-08-16 02:00:08 149,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsui.dll
+ 2003-08-16 02:00:12 185,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxswzrd.dll
+ 2003-08-16 02:00:26 395,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsxp32.dll
+ 2006-01-02 22:38:03 260,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll
+ 2003-08-16 02:04:52 116,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\glu32.dll
+ 2003-08-16 02:07:18 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpkrsrc.dll
+ 2003-08-16 02:11:00 37,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe
+ 2003-08-16 02:10:56 114,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\guitrn.dll
+ 2003-08-16 02:10:56 100,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\guitrn_a.dll
+ 2003-08-16 02:10:56 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\h323cc.dll
+ 2004-03-30 01:48:36 593,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll
+ 2003-08-16 09:37:54 127,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\hal.dll
+ 2002-08-29 10:40:56 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\hccoin.dll
+ 2004-03-30 01:34:15 741,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe
+ 2003-08-16 02:53:38 703,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe
+ 2005-05-25 22:44:31 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\hh.exe
+ 2005-05-27 01:59:52 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll
+ 2003-08-16 10:22:58 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\hid.dll
+ 2003-08-16 04:22:52 34,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidclass.sys
+ 2003-08-16 04:22:52 23,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidparse.sys
+ 2003-08-16 07:40:04 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\hmmapi.dll
+ 2003-08-16 07:40:10 240,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll
+ 2003-08-16 07:39:52 315,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\hnetwiz.dll
+ 2003-08-16 08:26:10 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\hostmib.dll
+ 2003-08-16 08:26:36 137,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\hotplug.dll
+ 2003-08-16 01:49:58 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe
+ 2003-08-16 01:49:58 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\htui.dll
+ 2004-11-17 17:57:01 493,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\hypertrm.dll
+ 2002-08-29 09:06:38 51,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys
+ 2003-08-16 01:53:56 116,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\iasrad.dll
+ 2003-08-16 01:56:32 9,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\icaapi.dll
+ 2003-08-16 01:56:30 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\iccvid.dll
+ 2005-06-29 01:54:58 237,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\icm32.dll
+ 2003-08-16 01:56:10 3,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\icmp.dll
+ 2003-08-16 01:56:04 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\iconlib.dll
+ 2003-08-16 01:58:02 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn.dll
+ 2003-08-16 01:58:02 208,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe
+ 2003-08-16 01:58:02 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe
+ 2003-08-16 01:58:02 69,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwdial.dll
+ 2003-08-16 01:58:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwdl.dll
+ 2003-08-16 01:58:04 155,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwhelp.dll
+ 2003-08-16 01:58:04 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwphbk.dll
+ 2003-08-16 01:58:06 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe

katana
2008-11-03, 19:43
Step 1

XXXX
Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


http://forums.spybot.info/showthread.php?p=249201#post249201
Comment:: Files from Katana
Collect::[4]
C:\WINDOWS\system32\avyfiywp.dll
C:\WINDOWS\system32\ufavrghg.dll
C:\WINDOWS\system32\saapslaw.dll
C:\WINDOWS\system32\wsxinxak.dll
C:\WINDOWS\system32\prun.exe
C:\Documents and Settings\Owner\mcc.exe
C:\Documents and Settings\Owner\gotgo.exe

DirLook::
C:\WINDOWS\system32\EV19
File::
C:\WINDOWS\system32\knsasu.dll
C:\WINDOWS\system32\dhxdqkjj.dll
C:\WINDOWS\system32\gayywavw.dll
C:\WINDOWS\system32\khyvmkan.dll

Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
A window will open asking you to ensure you are connected to the internet, this is so a file can be submitted for analysis.
Click OK and follow the instructions to submit the file.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

----------------------------------------------------------- -----------------------------------------------------------
Step 2

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

ComboFix Log
Kaspersky Log
How are things running now ?

rainshield
2008-11-03, 21:44
+ 2003-08-16 02:00:22 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwutil.dll
+ 2003-08-16 02:00:26 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\idq.dll
+ 2003-08-16 02:00:04 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe
+ 2003-08-16 02:00:26 126,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\ieakeng.dll
+ 2003-08-16 02:00:30 204,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\ieaksie.dll
+ 2003-08-16 02:00:14 294,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\iedkcs32.dll
+ 2006-02-24 23:24:42 236,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\iepeers.dll
+ 2003-08-16 02:03:38 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\iernonce.dll
+ 2003-08-16 02:02:56 59,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\iesetup.dll
+ 2003-08-16 02:06:40 91,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
+ 2003-08-16 02:04:52 99,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe
+ 2003-08-16 02:05:14 125,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\ifmon.dll
+ 2003-08-16 02:04:48 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\igmpagnt.dll
+ 2003-08-16 02:04:54 468,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\iis.dll
+ 2003-08-16 02:04:48 73,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\ils.dll
+ 2003-08-16 09:05:02 126,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\imagehlp.dll
+ 2003-08-16 02:04:48 123,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.exe
+ 2003-08-16 02:04:48 39,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.sys
+ 2003-08-16 07:25:50 99,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\imekrcic.dll
+ 2003-08-16 07:26:30 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\imekrmbx.dll
+ 2003-08-16 02:04:46 36,922 -c----w C:\WINDOWS\$NtServicePackUninstall$\imeshare.dll
+ 2003-08-16 02:04:46 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\imgutil.dll
+ 2003-08-16 08:18:04 360,494 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpcic.dll
+ 2003-08-16 08:17:58 716,857 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpcus.dll
+ 2003-08-16 08:17:58 81,977 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpdct.dll
+ 2003-08-16 08:17:58 307,258 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpdct.exe
+ 2003-08-16 08:17:26 155,706 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpdsvr.exe
+ 2003-08-16 08:17:58 196,666 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpinst.exe
+ 2003-08-16 08:57:58 208,953 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe
+ 2003-08-16 08:58:00 233,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjprw.exe
+ 2003-08-16 08:58:10 262,201 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjputy.exe
+ 2003-08-16 02:23:58 274,490 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjputyc.dll
+ 2003-08-16 02:07:16 103,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
+ 2003-08-16 02:07:48 266,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetcfg.dll
+ 2006-02-27 21:31:54 596,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetcomm.dll
+ 2006-08-16 12:14:23 31,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetmib1.dll
+ 2003-08-16 02:07:14 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetpp.dll
+ 2003-08-16 02:07:30 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetppui.dll
+ 2006-02-27 21:31:50 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetres.dll
+ 2003-08-16 02:10:54 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe
+ 2003-08-16 02:10:54 144,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\initpki.dll
+ 2003-08-16 02:10:56 114,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\input.dll
+ 2004-08-26 18:53:48 69,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\inseng.dll
+ 2003-08-16 02:24:42 4,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\intelide.sys
+ 2003-08-16 02:23:54 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe
+ 2006-08-16 12:14:23 83,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\iphlpapi.dll
+ 2003-08-16 02:23:34 19,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipinip.sys
+ 2003-08-16 02:42:30 79,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipnat.sys
+ 2004-03-30 01:48:36 439,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
+ 2003-08-16 02:42:00 318,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\ippromon.dll
+ 2003-08-16 02:53:16 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\iprip.dll
+ 2006-05-13 10:13:31 74,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
+ 2006-05-14 09:13:41 334,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipsecsnp.dll
+ 2006-05-14 09:13:41 159,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipsecsvc.dll
+ 2006-05-14 09:13:41 364,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipsmsnap.dll
+ 2006-08-16 09:28:55 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipv6.exe
+ 2006-08-16 12:14:23 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipv6mon.dll
+ 2003-08-16 07:40:02 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipxroute.exe
+ 2002-11-15 03:58:02 120,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir41_qc.dll
+ 2002-11-15 03:58:02 338,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir41_qcx.dll
+ 2002-11-15 03:58:02 755,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir50_32.dll
+ 2002-11-15 03:58:04 200,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir50_qc.dll
+ 2002-11-15 03:58:04 183,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir50_qcx.dll
+ 2003-08-16 07:39:40 10,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\irenum.sys
+ 2003-08-16 08:26:26 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\isign32.dll
+ 2003-08-16 09:14:46 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\isrdbg32.dll
+ 2005-05-27 01:59:52 143,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\itircl.dll
+ 2005-05-27 01:59:52 128,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\itss.dll
+ 2003-08-16 09:14:46 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\iuctl.dll
+ 2003-08-26 01:06:50 182,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\iuengine.dll
+ 2003-08-16 09:15:02 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\ixsso.dll
+ 2003-08-16 10:22:58 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\iyuv_32.dll
+ 2006-04-28 18:58:48 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\jsproxy.dll
+ 2002-08-29 08:27:02 23,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys
+ 2003-08-16 02:07:08 7,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\kd1394.dll
+ 2005-06-15 17:50:24 285,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\kerberos.dll
+ 2006-07-05 10:46:36 928,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
+ 2003-08-16 02:10:50 146,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\keymgr.dll
+ 2002-08-29 08:32:30 159,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\kmixer.sys
+ 2003-08-16 02:10:54 92,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\krnl386.exe
+ 2003-08-16 02:10:54 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\krnlprov.dll
+ 2002-12-12 15:14:32 130,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\ks.sys
+ 2003-08-16 09:24:06 79,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\ksecdd.sys
+ 2002-12-12 15:14:32 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\ksuser.dll
+ 2002-12-12 06:16:58 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\laprxy.dll
+ 2003-08-16 04:22:30 367,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\licdll.dll
+ 2003-08-16 04:22:52 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\licmgr10.dll
+ 2003-08-16 04:21:54 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\licwmi.dll
+ 2005-09-01 01:49:29 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll
+ 2003-08-16 04:22:06 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\lmhsvc.dll
+ 2003-08-16 04:22:44 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\lmmib2.dll
+ 2003-08-16 04:22:14 381,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\lmrt.dll
+ 2003-08-16 07:39:28 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\loadperf.dll
+ 2003-08-16 07:39:36 202,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\localsec.dll
+ 2003-08-16 07:39:38 295,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\localspl.dll
+ 2003-08-16 07:39:26 10,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\localui.dll
+ 2002-12-04 08:50:10 68,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\locator.exe
+ 2003-08-16 07:39:36 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\log.dll
+ 2002-12-12 06:04:20 81,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\logagent.exe
+ 2003-08-16 08:26:02 219,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\logon.scr
+ 2003-08-16 08:26:02 504,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\logonui.exe
+ 2003-08-16 08:25:56 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\lpdsvc.dll
+ 2003-08-16 08:25:54 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\lpk.dll
+ 2003-08-16 08:26:14 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\lprhelp.dll
+ 2003-08-16 08:25:54 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\lprmon.dll
+ 2004-10-28 01:29:54 681,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll
+ 2003-08-16 08:25:50 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
+ 2002-11-21 01:50:52 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\magnify.exe
+ 2003-08-16 01:49:52 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\makecab.exe
+ 2003-08-16 01:51:46 12,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\mcastmib.dll
+ 2003-08-16 01:52:04 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\mciavi32.dll
+ 2002-12-12 15:14:32 34,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\mciqtz32.dll
+ 2003-08-16 01:53:48 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\mciseq.dll
+ 2003-08-16 01:53:46 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\mciwave.dll
+ 2003-08-16 02:04:44 108,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\mdminst.dll
+ 2003-08-16 10:22:58 62,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\mf.sys
+ 2004-03-30 01:48:36 36,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\mf3216.dll
+ 2003-08-16 07:39:42 995,383 -c----w C:\WINDOWS\$NtServicePackUninstall$\mfc42.dll
+ 2003-08-16 07:40:08 995,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\mfc42u.dll
+ 2003-08-16 08:25:54 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\mfcsubs.dll
+ 2003-08-16 08:25:48 12,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\mgmtapi.dll
+ 2003-08-16 09:14:24 17,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\midimap.dll
+ 2003-08-16 09:14:32 179,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\migism.dll
+ 2003-08-16 09:14:30 170,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\migism_a.dll
+ 2003-08-16 09:14:28 56,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\miglibnt.dll
+ 2003-08-16 09:14:32 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\migload.exe
+ 2002-12-12 06:08:46 782,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\migrate.exe
+ 2005-07-22 23:03:37 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\migregdb.exe
+ 2002-11-21 02:22:36 230,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe
+ 2003-08-16 01:49:52 226,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz_a.exe
+ 2003-08-16 01:52:08 577,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\mlang.dll
+ 2003-08-16 01:51:54 774,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmc.exe
+ 2003-08-16 01:51:42 66,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmcbase.dll
+ 2003-08-16 01:52:24 1,128,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmcndmgr.dll
+ 2003-08-16 01:51:42 46,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmcshext.dll
+ 2003-08-16 01:53:44 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmfutil.dll
+ 2003-08-16 01:54:10 68,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmsystem.dll
+ 2003-08-16 01:54:02 32,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\mnmdd.dll
+ 2003-08-16 01:53:42 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe
+ 2003-08-16 01:54:02 196,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\mobsync.dll
+ 2003-08-16 01:54:02 135,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe
+ 2003-08-16 10:22:58 28,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\modem.sys
+ 2003-08-16 01:56:24 145,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\modemui.dll
+ 2003-08-16 01:56:00 15,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\mofcomp.exe
+ 2003-08-16 01:56:16 104,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\mofd.dll
+ 2003-08-16 01:58:20 210,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\moricons.dll
+ 2003-08-16 09:37:54 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\mouclass.sys
+ 2003-08-16 01:57:58 37,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys
+ 2002-12-21 04:06:00 3,366,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe
+ 2002-12-12 10:12:02 316,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\mp43dmod.dll
+ 2002-12-12 06:16:58 384,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\mp4sdmod.dll
+ 2003-02-18 01:16:26 15,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\mpe.sys
+ 2002-12-12 08:34:40 241,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\mpg4dmod.dll
+ 2003-08-16 02:02:16 116,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplay32.exe
+ 2003-08-16 02:01:52 4,639 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe
+ 2003-08-16 02:04:48 55,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\mpr.dll
+ 2003-08-16 02:04:42 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\mprapi.dll
+ 2002-12-12 06:16:58 352,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\mpvis.dll
+ 2005-04-26 01:58:03 173,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\mrxdav.sys
+ 2006-05-05 09:31:04 433,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
+ 2003-08-16 08:25:46 67,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\msacm32.dll
+ 2003-08-16 08:25:50 307,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadce.dll
+ 2003-08-16 08:25:44 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadcer.dll
+ 2003-08-16 08:25:46 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadcf.dll
+ 2003-08-16 08:25:42 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadcfr.dll
+ 2006-03-23 06:05:25 135,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadco.dll
+ 2003-08-16 08:25:38 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadcor.dll
+ 2003-08-16 08:26:02 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadcs.dll
+ 2003-08-16 08:26:04 147,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadds.dll
+ 2003-08-16 08:26:02 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\msaddsr.dll
+ 2003-08-16 09:14:24 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\msader15.dll
+ 2003-08-16 09:15:08 487,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\msado15.dll
+ 2003-08-16 09:14:26 159,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadomd.dll
+ 2003-08-16 09:14:16 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\msador15.dll
+ 2003-08-16 09:14:30 180,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadox.dll
+ 2003-08-16 09:14:16 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadrh15.dll
+ 2003-08-16 09:14:12 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\msafd.dll
+ 2003-08-16 09:14:12 80,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\msapsspc.dll
+ 2004-03-30 01:48:36 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll
+ 2003-08-16 01:49:48 203,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\mscandui.dll
+ 2005-06-29 01:54:58 68,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\mscms.dll
+ 2003-08-16 01:49:46 65,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\msconf.dll
+ 2003-08-16 01:49:46 145,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\msconfig.exe
+ 2003-08-16 01:49:44 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\mscpx32r.dll
+ 2003-08-16 01:50:06 36,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\mscpxl32.dll
+ 2003-08-16 01:50:06 266,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\msctf.dll
+ 2003-08-16 01:49:44 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\msctfp.dll
+ 2003-08-16 01:51:40 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdadc.dll
+ 2003-08-16 01:51:40 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdaenum.dll
+ 2003-08-16 01:51:40 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdaer.dll
+ 2003-08-16 01:52:08 221,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdaora.dll
+ 2003-08-16 01:51:40 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdaorar.dll
+ 2003-08-16 01:51:58 73,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdaosp.dll
+ 2003-08-16 01:51:38 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdaprsr.dll
+ 2003-08-16 01:51:44 180,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdaprst.dll
+ 2003-08-16 01:52:02 188,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdaps.dll
+ 2003-08-16 01:51:40 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdarem.dll
+ 2003-08-16 01:51:36 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdaremr.dll
+ 2003-10-28 11:09:50 126,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdart.dll
+ 2003-08-16 01:51:36 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdasc.dll
+ 2003-08-16 01:51:40 303,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdasql.dll
+ 2003-08-16 01:51:34 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdasqlr.dll
+ 2003-08-16 01:53:40 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdatl3.dll
+ 2003-08-16 01:53:40 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdatt.dll
+ 2003-08-16 01:54:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdaurl.dll
+ 2003-08-16 01:53:40 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdfmap.dll
+ 2002-12-12 15:14:32 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdmo.dll
+ 2003-08-16 01:53:38 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdtc.exe
+ 2003-08-16 01:54:02 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdtclog.dll
+ 2006-03-01 19:44:39 368,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdtcprx.dll
+ 2006-03-01 19:44:39 974,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdtctm.dll
+ 2006-03-01 19:44:39 150,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdtcuiu.dll
+ 2003-02-18 01:21:50 52,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdv.sys
+ 2003-08-16 01:55:54 4,126 -c----w C:\WINDOWS\$NtServicePackUninstall$\msdxmlc.dll
+ 2003-08-16 01:55:56 512,031 -c----w C:\WINDOWS\$NtServicePackUninstall$\msexch40.dll
+ 2003-08-16 01:56:08 319,519 -c----w C:\WINDOWS\$NtServicePackUninstall$\msexcl40.dll
+ 2003-08-16 01:59:54 18,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\msfs.sys
+ 2003-08-16 02:00:38 504,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\msftedit.dll
+ 2004-03-30 01:48:36 971,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\msgina.dll
+ 2003-08-16 01:59:52 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\msgpc.sys
+ 2003-08-16 02:00:38 3,346,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\msgr3en.dll
+ 2003-08-16 02:00:06 57,374 -c----w C:\WINDOWS\$NtServicePackUninstall$\msgrocm.dll
+ 2002-08-21 04:39:42 109,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\msgsc.dll
+ 2002-08-21 06:08:36 221,215 -c----w C:\WINDOWS\$NtServicePackUninstall$\msgslang.dll
+ 2003-10-22 06:06:41 32,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\msgsvc.dll
+ 2003-08-16 01:59:52 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh261.drv
+ 2003-08-16 09:37:54 286,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\msh263.drv
+ 2003-08-16 02:01:52 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\mshta.exe
+ 2006-06-30 18:28:26 2,703,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\mshtml.dll
+ 2003-08-16 02:02:12 440,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\mshtmled.dll
+ 2003-08-16 02:01:52 56,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\mshtmler.dll
+ 2006-02-27 21:29:32 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\msident.dll
+ 2003-08-16 02:01:50 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\msidle.dll
+ 2005-08-05 17:23:27 230,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\msieftp.dll
+ 2003-08-16 02:04:46 4,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\msimg32.dll
+ 2006-02-27 21:32:04 56,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\msimn.exe
+ 2003-08-16 02:04:56 143,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\msimtf.dll
+ 2003-08-16 02:04:42 348,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\msinfo.dll
+ 2003-08-16 02:07:00 34,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\msiregmv.exe
+ 2003-08-16 02:08:02 1,503,262 -c----w C:\WINDOWS\$NtServicePackUninstall$\msjet40.dll
+ 2003-08-16 02:07:30 348,195 -c----w C:\WINDOWS\$NtServicePackUninstall$\msjetol1.dll
+ 2003-08-16 09:07:30 348,195 -c----w C:\WINDOWS\$NtServicePackUninstall$\msjetoledb40.dll
+ 2003-08-16 02:07:00 151,626 -c----w C:\WINDOWS\$NtServicePackUninstall$\msjint40.dll
+ 2003-08-16 02:07:00 90,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\msjro.dll
+ 2003-08-16 02:06:58 53,322 -c----w C:\WINDOWS\$NtServicePackUninstall$\msjter40.dll
+ 2003-08-16 02:07:04 241,695 -c----w C:\WINDOWS\$NtServicePackUninstall$\msjtes40.dll
+ 2002-12-12 15:14:32 7,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\mskssrv.sys
+ 2003-08-16 02:07:18 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\mslbui.dll
+ 2003-08-16 02:10:44 213,023 -c----w C:\WINDOWS\$NtServicePackUninstall$\msltus40.dll
+ 2003-08-16 02:10:42 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\mslwvtts.dll
+ 2002-08-21 06:08:38 1,511,453 -c----w C:\WINDOWS\$NtServicePackUninstall$\msmsgs.exe
+ 2002-12-12 09:09:22 253,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\msnetobj.dll
+ 2003-08-16 02:53:02 319,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\msnsspc.dll
+ 2003-08-16 02:52:50 112,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\msobcomm.dll
+ 2003-08-16 02:52:42 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\msobdl.dll

rainshield
2008-11-04, 02:40
i think my pc is infected so badly. I try to follow your step, but when i drag the CFScripts file in combofix, it say the application is not found, then when i click on combofix, it doesnt work anymore, and it look like things get exactly the way it started, after i think the combofix even effect to my pc, now i cant open any programs, everytime i click anything, it only come up with "open with" menu. i try to scan with skarperskyscan but my java is not up to date, so i downloaded 1.5 version, but the IE so extremely slow now, and it keep on getting stalled...the pc is way so slow. Is there anyway to fix it, please help me with this

katana
2008-11-04, 10:45
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below
Please visit this webpage for instructions on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

ComboFix.exe 1 (http://subs.geekstogo.com/ComboFix.exe)
ComboFix.exe 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.


Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



KillAll::
Files::
C:\WINDOWS\system32\avyfiywp.dll
C:\WINDOWS\system32\ufavrghg.dll
C:\WINDOWS\system32\saapslaw.dll
C:\WINDOWS\system32\wsxinxak.dll
C:\WINDOWS\system32\prun.exe
C:\Documents and Settings\Owner\mcc.exe
C:\Documents and Settings\Owner\gotgo.exe

DirLook::
C:\WINDOWS\system32\EV19
File::
C:\WINDOWS\system32\knsasu.dll
C:\WINDOWS\system32\dhxdqkjj.dll
C:\WINDOWS\system32\gayywavw.dll
C:\WINDOWS\system32\khyvmkan.dll
Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

rainshield
2008-11-04, 19:04
after i reinstalled the combofix, but look like it doesnt load up, when i drag and drop the CFScript file in, it say "application is not found", then i try to open the combofix itself, but it only pop up with "open with" program window. So i restart my pc and change it to "SAFE MODE" and finally able to do it, here the log :
ComboFix 08-11-03.06 - Owner 2008-11-04 8:43:31.11 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.800 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
c:\windows\system32\dhxdqkjj.dll
c:\windows\system32\gayywavw.dll
c:\windows\system32\khyvmkan.dll
c:\windows\system32\knsasu.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\gotgo.exe
c:\documents and settings\Owner\mcc.exe
c:\windows\system32\avyfiywp.dll
c:\windows\system32\dhxdqkjj.dll
c:\windows\system32\gayywavw.dll
c:\windows\system32\khyvmkan.dll
c:\windows\system32\knsasu.dll
c:\windows\system32\prun.exe
c:\windows\system32\saapslaw.dll
c:\windows\system32\ufavrghg.dll
c:\windows\system32\wsxinxak.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-04 to 2008-11-04 )))))))))))))))))))))))))))))))
.

2008-11-03 23:09 . 2008-11-03 23:39 1,374 --a------ c:\windows\imsins.BAK
2008-11-03 15:48 . 2008-11-03 15:46 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-03 15:48 . 2008-11-03 15:46 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-03 07:11 . 2008-11-04 08:24 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-03 06:55 . 2008-08-14 01:51 138,368 -----c--- c:\windows\system32\dllcache\afd.sys
2008-11-02 22:57 . 2008-11-02 22:57 <DIR> d-------- c:\program files\ERUNT
2008-11-01 20:08 . 2008-11-01 20:08 <DIR> d-------- C:\rsit
2008-10-31 22:22 . 2008-10-31 22:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-10-31 22:21 . 2008-10-31 22:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-10-31 22:21 . 2008-10-31 22:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-31 22:21 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-31 22:21 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-30 18:42 . 2008-10-30 18:42 4,286 --a------ c:\windows\system32\Jamster.ico
2008-10-29 17:49 . 2008-11-01 01:04 <DIR> d-------- c:\windows\system32\EV19
2008-10-29 17:13 . 2008-10-29 17:13 <DIR> d--h----- c:\windows\PIF
2008-10-15 16:21 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2008-10-15 16:21 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-10-15 16:18 . 2008-01-03 21:28 29,824 --a------ c:\windows\system32\drivers\FragFX.sys
2008-10-15 00:47 . 2008-10-15 00:47 262,144 --a------ C:\ntuser.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-03 23:45 --------- d-----w c:\program files\Java
2008-11-02 10:52 --------- d-----w c:\program files\Avant Browser
2008-11-02 10:45 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-30 04:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-30 04:28 --------- d-----w c:\program files\SUPERAntiSpyware
2008-10-15 23:58 --------- d-----w c:\documents and settings\Owner\Application Data\Yahoo!
2008-10-15 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2008-10-03 17:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-09-30 22:09 --------- d-----w c:\program files\Starcraft
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:00 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\system32\EV19 ----



((((((((((((((((((((((((((((( snapshot_2008-11-03_ 5.08.16.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ------w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ------w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ------w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ------w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-04-23 04:16:28 124,928 -c----w c:\windows\ie7updates\KB956390-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w c:\windows\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w c:\windows\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w c:\windows\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w c:\windows\ie7updates\KB956390-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w c:\windows\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w c:\windows\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w c:\windows\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w c:\windows\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w c:\windows\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w c:\windows\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w c:\windows\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w c:\windows\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w c:\windows\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w c:\windows\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w c:\windows\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w c:\windows\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w c:\windows\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-04-24 06:16:30 3,591,680 -c----w c:\windows\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w c:\windows\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w c:\windows\ie7updates\KB956390-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w c:\windows\ie7updates\KB956390-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w c:\windows\ie7updates\KB956390-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w c:\windows\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w c:\windows\ie7updates\KB956390-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w c:\windows\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-04-23 04:16:29 233,472 -c----w c:\windows\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w c:\windows\ie7updates\KB956390-IE7\wininet.dll
+ 2007-05-31 21:35:22 6,420,320 ----a-r c:\windows\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE
- 2008-06-11 07:09:45 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-11-04 07:42:14 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-06-11 07:09:45 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-11-04 07:42:13 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-06-11 07:09:45 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-11-04 07:42:14 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-06-11 07:09:46 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-11-04 07:42:14 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-06-11 07:09:46 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-11-04 07:42:14 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-06-11 07:09:46 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-11-04 07:42:14 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-06-11 07:09:45 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-11-04 07:42:14 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-06-11 07:09:46 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-11-04 07:42:14 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-06-11 07:09:45 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-11-04 07:42:13 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-06-11 07:09:44 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-11-04 07:42:13 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-04-23 04:16:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-04-23 04:16:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-04-23 04:16:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 -c----w c:\windows\system32\dllcache\es.dll
- 2008-04-23 04:16:28 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2008-04-23 04:16:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-04-22 07:39:58 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-04-20 05:07:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-04-23 04:16:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:28 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-08-26 07:24:29 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-04-22 07:39:58 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-04-22 07:40:18 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2007-08-21 06:15:44 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c----w c:\windows\system32\dllcache\inetcomm.dll
- 2008-04-23 04:16:28 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 07:56:42 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-05-01 14:30:33 331,776 -c--a-w c:\windows\system32\dllcache\msadce.dll
+ 2008-06-24 16:23:05 74,240 -c----w c:\windows\system32\dllcache\mscms.dll
- 2008-04-23 04:16:28 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-24 06:16:30 3,591,680 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-04-23 04:16:28 478,208 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-08-26 07:24:30 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2006-08-17 12:28:27 332,288 -c----w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c----w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 09:08:48 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-04-23 04:16:28 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41 332,928 -c----w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c----w c:\windows\system32\dllcache\srv.sys
- 2008-04-23 04:16:28 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-04-23 04:16:29 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-03-19 09:47:00 1,845,248 -c----w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 -c----w c:\windows\system32\dllcache\win32k.sys
- 2008-04-23 04:16:29 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 06:14:14 138,496 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-04-23 04:16:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w c:\windows\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w c:\windows\system32\es.dll
- 2008-04-23 04:16:28 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-08-26 07:24:28 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-04-09 07:47:50 162,728 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-11-04 08:50:10 162,728 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-23 04:16:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-08-25 08:37:59 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ------w c:\windows\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w c:\windows\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w c:\windows\system32\inetcomm.dll
- 2004-01-26 10:24:04 24,681 -c--a-w c:\windows\system32\java.exe
+ 2008-11-03 23:46:13 144,792 ----a-w c:\windows\system32\java.exe
- 2004-01-26 10:24:04 28,779 -c--a-w c:\windows\system32\javaw.exe
+ 2008-11-03 23:46:13 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2008-11-03 23:46:13 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-04-23 04:16:28 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2005-06-29 01:46:00 74,240 ----a-w c:\windows\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w c:\windows\system32\mscms.dll
- 2008-04-23 04:16:28 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-04-24 06:16:30 3,591,680 ----a-w c:\windows\system32\mshtml.dll
+ 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-08-26 07:24:30 671,232 ------w c:\windows\system32\mstime.dll
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2008-04-23 04:16:28 102,912 ------w c:\windows\system32\occache.dll
+ 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2007-11-13 11:31:11 60,416 -c----w c:\windows\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-04-23 04:16:28 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
- 2008-04-23 04:16:29 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2006-10-19 05:47:20 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2008-06-25 02:12:58 295,936 ------w c:\windows\system32\wmpeffects.dll
+ 2008-04-15 17:54:19 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [BU]
"SUPERAntiSpyware"="c:\progra~1\SUPERA~1\SUPERA~1.EXE" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-03 136600]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2008-05-13 2093568]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-01-26 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2008-05-29 179712]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-27 29344]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-12 172032]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"LTMSG"="LTMSG.exe" [2008-03-19 c:\windows\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]
"VTTimer"="" [BU]
"PS2"="" [BU]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2004-01-27 557056]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2004-01-27 557056]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2004-01-27 557056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-01-26 16384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-01-19 409088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMfFvWN]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=orncez.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Avant Browser\\avant.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
"f:\\game\\Steam\\steamapps\\1life1love4ever\\counter-strike\\hl.exe"=

S2 JavaQuickStarterService;Java Quick Starter;c:\program files\Java\jre6\bin\jqs.exe [2008-11-03 152984]
S3 FragFX;FragFX NT service;c:\windows\system32\Drivers\FragFX.sys [2008-01-03 29824]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-04 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-19 00:17]
.
- - - - ORPHANS REMOVED - - - -

BHO-{199f7219-281e-44d9-99eb-83e6febb0ddd} - (no file)
BHO-{3803463F-8961-4B32-B904-BE3DD440108A} - (no file)
BHO-{3FAECE6F-50DF-012D-8A48-5CC07026D6C9} - (no file)
BHO-{4BCA41D6-331E-4BE1-BC76-8324139B7B51} - (no file)
BHO-{53F933B8-E2CE-43A8-AC86-4FB1C4F4BCB9} - (no file)
BHO-{5606a88c-3e11-456b-ae5a-c3f84669fe83} - (no file)
BHO-{648D6416-DDA1-4A1A-AB38-A5840045B8DD} - (no file)
BHO-{7C5D3A32-B9EC-4AAA-B0B2-FDB51BAEF699} - (no file)
BHO-{9CF1B841-60AD-4133-A48B-A169E4D6CD6F} - (no file)
BHO-{B8ED0C5B-6745-48F6-912F-89E261C09FB9} - (no file)
BHO-{BD3731B6-C62E-446F-8D03-235B55DD24D0} - (no file)
BHO-{CF88E393-625C-4BC4-AA09-D6DF9B2FAEE6} - (no file)
BHO-{d35830bf-164c-415b-b7f8-7ff495fe850e} - (no file)
BHO-{DAC648E5-0B3A-4CED-9396-7404A9378AA0} - (no file)
BHO-{db4c955d-da75-4083-a1c3-56d8c5588ada} - (no file)
BHO-{ffb5caf7-151f-4a97-8c98-71cb8538a13d} - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 08:47:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-11-04 8:51:50
ComboFix-quarantined-files.txt 2008-11-04 16:50:48
ComboFix2.txt 2008-11-03 14:16:06
ComboFix3.txt 2007-12-10 21:55:46

Pre-Run: 14,323,392,512 bytes free
Post-Run: 14,317,535,232 bytes free

387 --- E O F --- 2008-11-04 07:42:20




p/s: i just wondering, why it's only work on safe mode, not normal window, and the biggiest problem on my pc is i still cant open any other program yet.

katana
2008-11-04, 19:21
we need to get an online scan to find out what is going on.

Please try Kaspersky again if not in IE then try it in Firefox

rainshield
2008-11-05, 03:37
is it ok if i scan it on "safe mode" window? bcuz my IE or firefox got errors and stalled everytime i try the scan. here is the kaspersky log i scanned from "safe mode" window:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, November 4, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, November 04, 2008 19:09:24
Records in database: 1369646
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 112641
Threat name: 148
Infected objects: 749
Suspicious objects: 0
Duration of the scan: 02:13:28


File name / Threat name / Threats count
C:\cmdcons\autochk.exe Infected: Virus.Win32.Neshta.a 1
C:\cmdcons\autofmt.exe Infected: Virus.Win32.Neshta.a 1
C:\cmdcons\system32\smss.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent\Cdacache\C035477C-FD53-405C-A0B2-CA237A502FBF\Racing.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent\Cdacache\C035477C-FD53-405C-A0B2-CA237A502FBF\start.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent\Cdacache\C035477C-FD53-405C-A0B2-CA237A502FBF\_C035477C-FD53-405C-A0B2-CA237A502FBF.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Administrator\My Documents\87098.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Administrator\My Documents\My Received Files\WPEXP.rar Infected: HackTool.Win32.Sniffer.WpePro.a 1
C:\Documents and Settings\Administrator\My Documents\My Received Files\WPEXP.rar Infected: HackTool.Win32.Sniffer.WpePro.w 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\AIMinst.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\AIMLang.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\alsetup.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ampx.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\inst.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\instopts.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\migrator.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\muinst.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ocpinst.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\setup.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\tbsetup.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\toolbar.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\vwpt.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\AIMinst.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\AIMLang.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\alsetup.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\aoldlmgr.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\aolsetup.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\bsetutil.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\migrator.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\ocpinst.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\setup.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\tbsetup.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\toolbar.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\unagi3.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4268.0.4\vwpt.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2717_symnet$20consumer_5.4.4_english\DlayUpdt.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2717_symnet$20consumer_5.4.4_english\Message.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2717_symnet$20consumer_5.4.4_english\setup.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem4641_symnet_4.7.2_english\Message.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem4641_symnet_4.7.2_english\setup.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Default User\Local Settings\Application Data\Wildtangent\Cdacache\C035477C-FD53-405C-A0B2-CA237A502FBF\Racing.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Default User\Local Settings\Application Data\Wildtangent\Cdacache\C035477C-FD53-405C-A0B2-CA237A502FBF\start.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Default User\Local Settings\Application Data\Wildtangent\Cdacache\C035477C-FD53-405C-A0B2-CA237A502FBF\_C035477C-FD53-405C-A0B2-CA237A502FBF.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Default User\My Documents\87098.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Default User\My Documents\My Received Files\WPEXP.rar Infected: HackTool.Win32.Sniffer.WpePro.a 1
C:\Documents and Settings\Default User\My Documents\My Received Files\WPEXP.rar Infected: HackTool.Win32.Sniffer.WpePro.w 1
C:\Documents and Settings\Owner\Application Data\Real\Update\GOOGLE_DESKTOP\gdssetup.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Application Data\Real\Update\GOOGLE_TOOLBAR\googletoolbarinstaller.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Desktop\ccsetup211.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Desktop\erunt-setup.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Desktop\FindAWF.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Desktop\HiJackThis\HijackThis.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Desktop\hjsplit\hjsplit.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Desktop\nrx50\NeoRAGEx 5.0.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Desktop\OTMoveIt.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Desktop\RSIT.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Desktop\SDFix.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Desktop\SSEv4.1\SSEv4.1.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Desktop\Super Simple ESP v3.7\SSEv3.7.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\C035477C-FD53-405C-A0B2-CA237A502FBF\Racing.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\C035477C-FD53-405C-A0B2-CA237A502FBF\start.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\C035477C-FD53-405C-A0B2-CA237A502FBF\_C035477C-FD53-405C-A0B2-CA237A502FBF.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\My Documents\87098.exe Infected: Virus.Win32.Neshta.a 1
C:\Documents and Settings\Owner\My Documents\My Received Files\Release.rar Infected: Trojan.Win32.Inject.ae 1
C:\Documents and Settings\Owner\My Documents\My Received Files\WPEXP.rar Infected: HackTool.Win32.Sniffer.WpePro.a 1
C:\Documents and Settings\Owner\My Documents\My Received Files\WPEXP.rar Infected: HackTool.Win32.Sniffer.WpePro.w 1
C:\Documents and Settings\Owner\My Documents\ventrilo_3.0.0_Windows_i386\Ventrilo.exe Infected: Virus.Win32.Neshta.a 1
C:\Downloads\absetup.exe Infected: Virus.Win32.Neshta.a 1
C:\Downloads\Firefox Setup 3.0.3.exe Infected: Virus.Win32.Neshta.a 1
C:\Downloads\HJTInstall.exe Infected: Virus.Win32.Neshta.a 1
C:\Downloads\mbam-setup.exe Infected: Virus.Win32.Neshta.a 1
C:\Downloads\msgr9us.exe Infected: Virus.Win32.Neshta.a 1
C:\Downloads\setupxv.exe Infected: Virus.Win32.Neshta.a 1
C:\Downloads\SUPERAntiSpyware\msiexec.exe Infected: Virus.Win32.Neshta.a 1
C:\Downloads\SUPERAntiSpyware.exe Infected: Virus.Win32.Neshta.a 1
C:\Downloads\yahoo_firefox_setup-3.0.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\AddDevicePath.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\AUTOMOD.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\automod32.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\autorun.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\blocks\BBoot\HP_EndBuild_for_BBoot_ALL_WW_0000-16.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\blocks\BBoot\Power_Options_System_Standby_Off_ALL_WW_0000-01.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\blocks\EJECT.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\blocks\FINIS.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\blocks\GREPINATOR.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\blocks\ISRUNNING.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\EJECT.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\IniMerge.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\MsgBoxPlus.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\restore.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\UINI.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\COMMANDS.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\DISTILL.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\DM.exe Infected: Virus.Win32.Neshta.a 1

rainshield
2008-11-05, 03:38
C:\hp\bin\firewallnorton\CDSTART.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\MSI\WIN9X\INSTMSI.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\MSI\WINNT\INSTMSI.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\NPF\ALERULES.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\NPF.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\SUPPORT\DCOM98\DCOM98.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\SUPPORT\LIVEREG\LRSETUP.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\SUPPORT\LUPDATE\LUSETUP.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\FullScreen.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\HPBI.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\hpdmi.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\HPLocale.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\HtmlMsg.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\IniMerge.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\IsRunning.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\iTunes\NewShortcut4_8C3BCD70236347B8A53EEE8A82FD5C78.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\KillIt.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\omnipass\Setup.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\omnipass\weblink\Setup.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\OSType.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\ProcessLogger.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\Progress.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\PwrMgt.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\Python-2.2.1.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\RefCount.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\replace.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\RPCOPY.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\SETLEVEL.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\SetRes.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\TransientMessage.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\TrialHTML\Office 2003 Edition 60 Day Trial.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\UIni.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\USBPwrMGMT.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\win32all-146.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\audio_realtek\Alcxmntr.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\keyboard\PS2.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\modem_Agere_Sequoia\agrsmdel.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\modem_Agere_Sequoia\AGRSMMsg.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\CopyInf.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\hpbvspst.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\hpzglu08.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\install.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\instmsia.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\instmsiw.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\browser.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\setup.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\util\common\hpfpdi08.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\util\common\hpzghl08.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\util\common\hpzpin08.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\video_Intel\hkcmd.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\video_Intel\igfxcfg.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\video_Intel\igfxdiag.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\video_Intel\igfxext.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\video_Intel\igfxtray.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\EasyHomeNet\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\MicrosoftNetworkGuide\netguide.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\MicrosoftNetworkGuide\run.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\shortcut.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\Splash\Entertainment\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\Splash\HotDeals\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\Splash\Security\showdetto.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\Splash\Security\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\warranty\EN\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\warranty\EN_CA\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\warranty\EN_US\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\warranty\runner.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\IAccess\IAccess.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\KBD\KBUPDATE.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\KBD\STATIC\Common\hpkey.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\OrgTut\OrgTut.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42NA1MCA\LaunchMsn.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ARA.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-CHS.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-CHT.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-DAN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-DEU.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ENU.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ESN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-FIN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-FRA.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ITA.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-JPN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-KOR.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-NLD.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-NOR.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-PTG.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-SVE.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-TRK.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1CDC\files\ALL\CD Creator.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Arabic\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Dan\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Eng\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Fin\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Fr\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Ger\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\It\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Jpn\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Kor\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\NL\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Nor\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Port\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\SC\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Sp\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\SW\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\TC\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Turk\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\CHS\WindowsXP-KB821431-x86-CHS.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\CHT\WindowsXP-KB821431-x86-CHT.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\CSY\WindowsXP-KB821431-x86-CSY.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\DAN\WindowsXP-KB821431-x86-DAN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\DEU\WindowsXP-KB821431-x86-DEU.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\ELL\WindowsXP-KB821431-x86-ELL.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\ENU\WindowsXP-KB821431-x86-ENU.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\ESN\WindowsXP-KB821431-x86-ESN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\FIN\WindowsXP-KB821431-x86-FIN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\FRA\WindowsXP-KB821431-x86-FRA.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\HEB\WindowsXP-KB821431-x86-HEB.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\HUN\ARA\WindowsXP-KB821431-x86-ARA.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\HUN\WindowsXP-KB821431-x86-HUN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\ITA\WindowsXP-KB821431-x86-ITA.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\JPN\WindowsXP-KB821431-x86-JPN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\KOR\WindowsXP-KB821431-x86-KOR.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\NLD\WindowsXP-KB821431-x86-NLD.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\NOR\WindowsXP-KB821431-x86-NOR.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\PLK\WindowsXP-KB821431-x86-PLK.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\PTB\WindowsXP-KB821431-x86-PTB.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\PTG\WindowsXP-KB821431-x86-PTG.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\RUS\WindowsXP-KB821431-x86-RUS.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\SVE\WindowsXP-KB821431-x86-SVE.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\TRK\WindowsXP-KB821431-x86-TRK.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App00153.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App00292.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App00491.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App02995.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App04827.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App05447.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App05705.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App09961.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App16827.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App17421.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App18716.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App19169.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App19718.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App19895.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App23281.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App24464.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App26962.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App29358.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App99993.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\xApp14604.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW3SEQ\Agere_Cheetah_Modem_6386-01.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW3SEQ\Agere_Sequoia_Modem_6960-01.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\recovery\wizard\SWR_Wizard.exe Infected: Virus.Win32.Neshta.a

rainshield
2008-11-05, 03:38
C:\hp\region\wallpaper\wp.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\support\HPSysInfo.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\vinetlink\autorun.exe Infected: Virus.Win32.Neshta.a 1
C:\My Shared Folder\klite27rc1.exe Infected: Virus.Win32.Neshta.a 1
C:\NVIDIA\Win2KXP\71.89\nvudisp.exe Infected: Virus.Win32.Neshta.a 1
C:\NVIDIA\Win2KXP\71.89\setup.exe Infected: Virus.Win32.Neshta.a 1
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe Infected: Trojan-Downloader.Win32.Agent.awf 1
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe Infected: Trojan-Downloader.Win32.Agent.awf 1
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Program Files\Norton AntiVirus\Quarantine\003A49A9 Infected: not-a-virus:AdWare.Win32.BetterInternet.b 1
C:\Program Files\Norton AntiVirus\Quarantine\00717F33 Infected: Trojan-Downloader.Win32.Small.cxx 1
C:\Program Files\Norton AntiVirus\Quarantine\00A03FB1 Infected: Trojan-Downloader.Win32.Intexp.d 1
C:\Program Files\Norton AntiVirus\Quarantine\00C63E9D Infected: Email-Worm.Win32.Delf.i 1
C:\Program Files\Norton AntiVirus\Quarantine\045640FA Infected: Trojan-Downloader.Win32.Dyfuca.gen 1
C:\Program Files\Norton AntiVirus\Quarantine\062439CD Infected: Trojan.Win32.EliteBar.d 1
C:\Program Files\Norton AntiVirus\Quarantine\070C5A6F Infected: Trojan-GameThief.Win32.Nilage.pa 1
C:\Program Files\Norton AntiVirus\Quarantine\070F046C Infected: Trojan-Downloader.Win32.Small.ctk 1
C:\Program Files\Norton AntiVirus\Quarantine\0A092DBF Infected: Trojan-Downloader.Win32.Small.cxx 1
C:\Program Files\Norton AntiVirus\Quarantine\0AC13353 Infected: Trojan-Downloader.Win32.IstBar.ij 1
C:\Program Files\Norton AntiVirus\Quarantine\0B640FA0 Infected: Trojan-Downloader.Win32.Dyfuca.eg 1
C:\Program Files\Norton AntiVirus\Quarantine\0BB44433 Infected: Trojan-Downloader.Win32.Small.cux 1
C:\Program Files\Norton AntiVirus\Quarantine\0BCA05A8 Infected: Trojan-Downloader.Win32.Dyfuca.du 1
C:\Program Files\Norton AntiVirus\Quarantine\0C3B469B Infected: Trojan-Downloader.Win32.Small.cxx 1
C:\Program Files\Norton AntiVirus\Quarantine\0D450303 Infected: Trojan-Downloader.Win32.VB.hj 1
C:\Program Files\Norton AntiVirus\Quarantine\0D482D00 Infected: Trojan-Spy.Win32.Small.fe 1
C:\Program Files\Norton AntiVirus\Quarantine\0D4C56FC Infected: Trojan-Spy.Win32.Agent.hq 1
C:\Program Files\Norton AntiVirus\Quarantine\0D4F00F9 Infected: Trojan-Spy.Win32.Delf.ig 1
C:\Program Files\Norton AntiVirus\Quarantine\0D522AF5 Infected: Trojan-Spy.Win32.Small.fe 1
C:\Program Files\Norton AntiVirus\Quarantine\0D5654F1 Infected: HackTool.Win32.Sniffer.WpePro.a 1
C:\Program Files\Norton AntiVirus\Quarantine\0D597EEE Infected: HackTool.Win32.Sniffer.WpePro.w 1
C:\Program Files\Norton AntiVirus\Quarantine\0D5C28EA Infected: Trojan-Clicker.Win32.Small.cc 1
C:\Program Files\Norton AntiVirus\Quarantine\0D6950DC Infected: Trojan-Downloader.Win32.PurityScan.cq 1
C:\Program Files\Norton AntiVirus\Quarantine\0D6C7AD8 Infected: Trojan-Downloader.Win32.Small.cxx 1
C:\Program Files\Norton AntiVirus\Quarantine\0D7024D5 Infected: Trojan-Downloader.Win32.TSUpdate.o 1
C:\Program Files\Norton AntiVirus\Quarantine\0D7024D5 Infected: not-a-virus:AdWare.Win32.Mostofate.u 1
C:\Program Files\Norton AntiVirus\Quarantine\0D7678CD Infected: not-a-virus:AdWare.Win32.MediaMotor.p 1
C:\Program Files\Norton AntiVirus\Quarantine\0D7D4CC6 Infected: Trojan-Downloader.Win32.Qoologic.bj 1
C:\Program Files\Norton AntiVirus\Quarantine\0D8076C3 Infected: not-a-virus:AdWare.Win32.CommAd.a 2
C:\Program Files\Norton AntiVirus\Quarantine\0D8076C3 Infected: not-a-virus:Monitor.Win32.NetMon.a 1
C:\Program Files\Norton AntiVirus\Quarantine\0D874ABB Infected: not-a-virus:AdWare.Win32.ImiBar.h 1
C:\Program Files\Norton AntiVirus\Quarantine\0D8A554A Infected: Trojan-Downloader.Win32.Small.cke 1
C:\Program Files\Norton AntiVirus\Quarantine\0D8A74B8 Infected: not-a-virus:AdWare.Win32.MediaMotor.i 1
C:\Program Files\Norton AntiVirus\Quarantine\0D8D1EB4 Infected: Backdoor.Win32.Agent.bpk 1
C:\Program Files\Norton AntiVirus\Quarantine\0D8D7F47 Infected: Trojan-Downloader.Win32.Small.cke 1
C:\Program Files\Norton AntiVirus\Quarantine\0D9048B1 Infected: not-a-virus:AdWare.Win32.BetterInternet.s 1
C:\Program Files\Norton AntiVirus\Quarantine\0D9472AD Infected: Trojan-Downloader.Win32.Adload.a 1
C:\Program Files\Norton AntiVirus\Quarantine\0D971CA9 Infected: Trojan.Win32.Dialer.ay 1
C:\Program Files\Norton AntiVirus\Quarantine\0D9A46A6 Infected: not-a-virus:AdWare.Win32.Maxifiles.u 1
C:\Program Files\Norton AntiVirus\Quarantine\0D9D70A2 Infected: Trojan-Downloader.Win32.Adload.jm 1
C:\Program Files\Norton AntiVirus\Quarantine\0DA11A9F Infected: Trojan-Downloader.Win32.Adload.jm 1
C:\Program Files\Norton AntiVirus\Quarantine\0DA4449B Infected: not-a-virus:AdWare.Win32.WinAD.bj 1
C:\Program Files\Norton AntiVirus\Quarantine\0DA76E97 Infected: not-a-virus:AdWare.Win32.PurityScan.u 1
C:\Program Files\Norton AntiVirus\Quarantine\0DAA1894 Infected: Trojan-Downloader.Win32.VB.hw 1
C:\Program Files\Norton AntiVirus\Quarantine\0DAE4290 Infected: Trojan-Downloader.Win32.Dyfuca.ey 1
C:\Program Files\Norton AntiVirus\Quarantine\0DB16C8D Infected: Trojan-Downloader.Win32.IstBar.ij 1
C:\Program Files\Norton AntiVirus\Quarantine\0DB41689 Infected: not-a-virus:AdWare.Win32.MediaMotor.l 1
C:\Program Files\Norton AntiVirus\Quarantine\0DB84086 Infected: Trojan-Dropper.Win32.VB.nn 1
C:\Program Files\Norton AntiVirus\Quarantine\0DBE147E Infected: Trojan-Downloader.Win32.TSUpdate.r 1
C:\Program Files\Norton AntiVirus\Quarantine\0DC13E7B Infected: Trojan-Downloader.Win32.TSUpdate.f 1
C:\Program Files\Norton AntiVirus\Quarantine\0DC56877 Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d 1
C:\Program Files\Norton AntiVirus\Quarantine\0DC81274 Infected: Trojan-Downloader.Win32.IstBar.jm 1
C:\Program Files\Norton AntiVirus\Quarantine\0DCB3C70 Infected: Trojan-Dropper.Win32.Small.qn 1
C:\Program Files\Norton AntiVirus\Quarantine\0DCE666C Infected: Trojan-Downloader.Win32.Small.ckh 1
C:\Program Files\Norton AntiVirus\Quarantine\0DD21069 Infected: not-a-virus:AdWare.Win32.CASClient.d 1
C:\Program Files\Norton AntiVirus\Quarantine\0DD53A65 Infected: Trojan.Win32.Crypt.t 1
C:\Program Files\Norton AntiVirus\Quarantine\0DD86462 Infected: Trojan-Downloader.Win32.TSUpdate.n 1
C:\Program Files\Norton AntiVirus\Quarantine\0DD86462 Infected: Trojan-Downloader.Win32.TSUpdate.p 1
C:\Program Files\Norton AntiVirus\Quarantine\0DD86462 Infected: Trojan-Downloader.Win32.TSUpdate.l 1
C:\Program Files\Norton AntiVirus\Quarantine\0DD86462 Infected: Trojan-Downloader.Win32.TSUpdate.f 1
C:\Program Files\Norton AntiVirus\Quarantine\0DDF385A Infected: Packed.Win32.NSAnti.r 1
C:\Program Files\Norton AntiVirus\Quarantine\0DE26257 Infected: Trojan-Downloader.Win32.Small.cxx 1
C:\Program Files\Norton AntiVirus\Quarantine\0DE50C53 Infected: Trojan-Downloader.Win32.Dyfuca.dt 1
C:\Program Files\Norton AntiVirus\Quarantine\0DE83650 Infected: Trojan-Downloader.Win32.VB.kq 1
C:\Program Files\Norton AntiVirus\Quarantine\0DEC604C Infected: Trojan-Downloader.Win32.IstBar.gen 1
C:\Program Files\Norton AntiVirus\Quarantine\0DEF0A48 Infected: Trojan-Downloader.Win32.IstBar.gen 1
C:\Program Files\Norton AntiVirus\Quarantine\0DF6774A Infected: Trojan-Downloader.Win32.Small.skn 1
C:\Program Files\Norton AntiVirus\Quarantine\0EB2232B Infected: not-a-virus:AdWare.Win32.WinAD.bl 1
C:\Program Files\Norton AntiVirus\Quarantine\0F2636A8 Infected: Trojan-Downloader.Win32.Adload.jm 1
C:\Program Files\Norton AntiVirus\Quarantine\1020291E Infected: not-a-virus:AdWare.Win32.CASClient.a 1
C:\Program Files\Norton AntiVirus\Quarantine\121948F7 Infected: Email-Worm.Win32.Delf.i 1
C:\Program Files\Norton AntiVirus\Quarantine\138F3EAA Infected: not-a-virus:AdWare.Win32.CASClient.i 1
C:\Program Files\Norton AntiVirus\Quarantine\14573FCF Infected: Trojan-PSW.Win32.Sinowal.ad 1
C:\Program Files\Norton AntiVirus\Quarantine\14AA665E Infected: Trojan.Win32.ExitWin.z 1
C:\Program Files\Norton AntiVirus\Quarantine\15D27527 Infected: Trojan.Win32.Dialer.ay 1
C:\Program Files\Norton AntiVirus\Quarantine\15DB4702 Infected: Trojan-Downloader.Win32.Small.atl 1
C:\Program Files\Norton AntiVirus\Quarantine\163712E1 Infected: Trojan-Downloader.Win32.Adload.jm 1
C:\Program Files\Norton AntiVirus\Quarantine\175A41A7 Infected: not-a-virus:AdWare.Win32.BookedSpace.g 1
C:\Program Files\Norton AntiVirus\Quarantine\17C137AE Infected: Trojan-Downloader.Win32.Adload.jm 1
C:\Program Files\Norton AntiVirus\Quarantine\18272DB6 Infected: Trojan-Downloader.Win32.Small.cxx 1
C:\Program Files\Norton AntiVirus\Quarantine\188D23BD Infected: Trojan-Spy.Win32.Small.fe 1
C:\Program Files\Norton AntiVirus\Quarantine\1CDD760A Infected: Trojan-GameThief.Win32.Nilage.pa 1
C:\Program Files\Norton AntiVirus\Quarantine\1CE93B3A Infected: Trojan-GameThief.Win32.Nilage.pa 1
C:\Program Files\Norton AntiVirus\Quarantine\1CF34722 Infected: not-a-virus:AdWare.Win32.BookedSpace.g 1
C:\Program Files\Norton AntiVirus\Quarantine\1D7F343E Infected: Trojan-Downloader.Win32.Tibs.cn 1
C:\Program Files\Norton AntiVirus\Quarantine\1DAA04F5 Infected: Trojan-Downloader.Win32.Agent.anh 1
C:\Program Files\Norton AntiVirus\Quarantine\1E091C47 Infected: Trojan-Downloader.Win32.Adload.jm 1
C:\Program Files\Norton AntiVirus\Quarantine\203C147C Infected: Trojan-Spy.Win32.SCKeyLog.au 1
C:\Program Files\Norton AntiVirus\Quarantine\22837636 Infected: Trojan-Proxy.Win32.Agent.ji 1
C:\Program Files\Norton AntiVirus\Quarantine\2285079E Infected: not-a-virus:Downloader.Win32.WinFixer.l 1
C:\Program Files\Norton AntiVirus\Quarantine\22A31A13 Infected: Trojan-Downloader.Win32.Small.yj 1
C:\Program Files\Norton AntiVirus\Quarantine\22A7440F Infected: Trojan-Dropper.Win32.Agent.mu 1
C:\Program Files\Norton AntiVirus\Quarantine\22FA4549 Infected: Trojan-Downloader.Win32.Small.skn 1
C:\Program Files\Norton AntiVirus\Quarantine\235173AD Infected: Trojan.Win32.Dialer.ay 1
C:\Program Files\Norton AntiVirus\Quarantine\23547550 Infected: Backdoor.Win32.Dumador.ft 1
C:\Program Files\Norton AntiVirus\Quarantine\23571F4D Infected: Trojan-Dropper.Win32.Agent.mu 1
C:\Program Files\Norton AntiVirus\Quarantine\235A4949 Infected: Trojan.Win32.EliteBar.c 1
C:\Program Files\Norton AntiVirus\Quarantine\235D7346 Infected: Trojan-PSW.Win32.Sinowal.ad 1
C:\Program Files\Norton AntiVirus\Quarantine\23B769B4 Infected: Trojan.Win32.Crypt.t 1
C:\Program Files\Norton AntiVirus\Quarantine\23C10C95 Infected: Trojan.Win32.Opnis.n 1
C:\Program Files\Norton AntiVirus\Quarantine\23DA2EBD Infected: Trojan-Dropper.Win32.Agent.mu 1
C:\Program Files\Norton AntiVirus\Quarantine\2413191E Infected: Packed.Win32.NSAnti.r 1
C:\Program Files\Norton AntiVirus\Quarantine\247C6068 Infected: Trojan.Win32.EliteBar.d 1
C:\Program Files\Norton AntiVirus\Quarantine\24FC5B28 Infected: Trojan-Downloader.Win32.Small.cgy 1
C:\Program Files\Norton AntiVirus\Quarantine\275574E8 Infected: Email-Worm.Win32.Delf.i 1
C:\Program Files\Norton AntiVirus\Quarantine\27581EE4 Infected: Trojan-Downloader.Win32.Small.cgy 1
C:\Program Files\Norton AntiVirus\Quarantine\275C48E1 Infected: Trojan-Proxy.Win32.Small.em 1
C:\Program Files\Norton AntiVirus\Quarantine\277A1824 Infected: Trojan-Downloader.Win32.Small.cyb 1
C:\Program Files\Norton AntiVirus\Quarantine\28EB6CB2 Infected: Email-Worm.Win32.Locksky.ag 1
C:\Program Files\Norton AntiVirus\Quarantine\2930737A Infected: Trojan-Clicker.Win32.Small.ja 1
C:\Program Files\Norton AntiVirus\Quarantine\2A0365F5 Infected: Trojan-Dropper.Win32.Agent.mu 1
C:\Program Files\Norton AntiVirus\Quarantine\2AE10D01 Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\2AE10D01 Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\2B027BE7 Infected: Trojan-Downloader.Win32.Tibs.fj 1
C:\Program Files\Norton AntiVirus\Quarantine\2B336B1A Infected: not-a-virus:AdWare.Win32.BetterInternet.h 1
C:\Program Files\Norton AntiVirus\Quarantine\2B607275 Infected: Trojan-Downloader.Win32.Small.awa 1
C:\Program Files\Norton AntiVirus\Quarantine\2B91683F Infected: Trojan-Dropper.Win32.Small.amf 1
C:\Program Files\Norton AntiVirus\Quarantine\2BBC0A10 Infected: Trojan-GameThief.Win32.Nilage.pa 1
C:\Program Files\Norton AntiVirus\Quarantine\2E15439C Infected: Trojan-Downloader.Win32.VB.kq 1
C:\Program Files\Norton AntiVirus\Quarantine\2E731BF1 Infected: Trojan-Proxy.Win32.Agent.df 1
C:\Program Files\Norton AntiVirus\Quarantine\2EE12FAB Infected: not-a-virus:AdWare.Win32.Maxifiles.l 1
C:\Program Files\Norton AntiVirus\Quarantine\2EE63695 Infected: Trojan.Win32.Kolweb.b 1
C:\Program Files\Norton AntiVirus\Quarantine\2FDC6086 Infected: not-a-virus:AdWare.Win32.CASClient.a 2
C:\Program Files\Norton AntiVirus\Quarantine\2FE90126 Infected: Trojan-Spy.Win32.Delf.ig 1
C:\Program Files\Norton AntiVirus\Quarantine\30337126 Infected: Email-Worm.Win32.Locksky.aj 1
C:\Program Files\Norton AntiVirus\Quarantine\30573EFF Infected: Trojan.Win32.Small.ev 1
C:\Program Files\Norton AntiVirus\Quarantine\30D20EF4 Infected: Trojan-PSW.Win32.Sinowal.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\328C3BE8 Infected: Email-Worm.Win32.Locksky.aj 1
C:\Program Files\Norton AntiVirus\Quarantine\34276321 Infected: Trojan-Dropper.Win32.Agent.aac 1
C:\Program Files\Norton AntiVirus\Quarantine\348555F1 Infected: not-a-virus:Downloader.Win32.WinFixer.o 1
C:\Program Files\Norton AntiVirus\Quarantine\34F8133D Infected: Trojan-Downloader.Win32.Small.cxx 1
C:\Program Files\Norton AntiVirus\Quarantine\36FD3282 Infected: Trojan.Win32.StartPage.aw 1
C:\Program Files\Norton AntiVirus\Quarantine\3A0B75A3 Infected: Trojan-Downloader.Win32.VB.nh 1
C:\Program Files\Norton AntiVirus\Quarantine\3A726BAA Infected: not-a-virus:AdWare.Win32.WinAD.cx 1
C:\Program Files\Norton AntiVirus\Quarantine\3B363A06 Infected: Trojan-Downloader.Win32.Tibs.cn 1
C:\Program Files\Norton AntiVirus\Quarantine\3BA627ED Infected: Trojan-Downloader.Win32.TSUpdate.n 1
C:\Program Files\Norton AntiVirus\Quarantine\3BA627ED Infected: Trojan-Downloader.Win32.TSUpdate.r 1
C:\Program Files\Norton AntiVirus\Quarantine\3BA627ED Infected: Trojan-Downloader.Win32.TSUpdate.l 1
C:\Program Files\Norton AntiVirus\Quarantine\3BA627ED Infected: Trojan-Downloader.Win32.TSUpdate.f 1
C:\Program Files\Norton AntiVirus\Quarantine\3C1275B7 Infected: Trojan-Proxy.Win32.Agent.jw 1
C:\Program Files\Norton AntiVirus\Quarantine\3CD42DAB Infected: Trojan-Downloader.Win32.Tibs.cn 1
C:\Program Files\Norton AntiVirus\Quarantine\3D997D92 Infected: Trojan.Win32.EliteBar.c 1
C:\Program Files\Norton AntiVirus\Quarantine\40CC514C Infected: Trojan-Downloader.Win32.Small.atl 1
C:\Program Files\Norton AntiVirus\Quarantine\425A29F3 Infected: Trojan-Downloader.Win32.Tibs.cs 1
C:\Program Files\Norton AntiVirus\Quarantine\4403746B Infected: Trojan-Dropper.Win32.Delf.th 1
C:\Program Files\Norton AntiVirus\Quarantine\44904FDB Infected: Trojan-Downloader.Win32.Small.cux 1
C:\Program Files\Norton AntiVirus\Quarantine\453D5679 Infected: not-a-virus:AdWare.Win32.CommAd.a 2
C:\Program Files\Norton AntiVirus\Quarantine\453D5679 Infected: not-a-virus:Monitor.Win32.NetMon.a 1
C:\Program Files\Norton AntiVirus\Quarantine\46681DB0 Infected: not-a-virus:AdWare.Win32.ImiBar.h 1
C:\Program Files\Norton AntiVirus\Quarantine\46DD0A06 Infected: Trojan-Downloader.Win32.Qoologic.c 1
C:\Program Files\Norton AntiVirus\Quarantine\478C7A27 Infected: Trojan.Win32.Dialer.pw 1
C:\Program Files\Norton AntiVirus\Quarantine\47B43309 Infected: Trojan-Clicker.Win32.Agent.ac 1
C:\Program Files\Norton AntiVirus\Quarantine\483A6A48 Infected: Trojan-Spy.Win32.Agent.hq 1
C:\Program Files\Norton AntiVirus\Quarantine\4C5D2875 Infected: not-a-virus:AdWare.Win32.BookedSpace.e 1
C:\Program Files\Norton AntiVirus\Quarantine\4D6939F9 Infected: Trojan-Downloader.Win32.Tiny.ba 1
C:\Program Files\Norton AntiVirus\Quarantine\4D7A47AB.htm Infected: Exploit.HTML.IframeBof 1
C:\Program Files\Norton AntiVirus\Quarantine\4E374ADA.htm Infected: Exploit.HTML.IframeBof 1
C:\Program Files\Norton AntiVirus\Quarantine\4ED40505 Infected: Trojan-Spy.Win32.Small.fe 1
C:\Program Files\Norton AntiVirus\Quarantine\519263A7 Infected: Trojan-Downloader.Win32.Small.cqy 1
C:\Program Files\Norton AntiVirus\Quarantine\51F859AF Infected: not-a-virus:AdWare.Win32.E2Give.d 1
C:\Program Files\Norton AntiVirus\Quarantine\52573203 Infected: Trojan.Win32.Agent.oh 1
C:\Program Files\Norton AntiVirus\Quarantine\52BA3636 Infected: Email-Worm.Win32.Locksky.aj 1
C:\Program Files\Norton AntiVirus\Quarantine\537E7A71 Infected: Trojan-Downloader.Win32.Agent.aaf 1
C:\Program Files\Norton AntiVirus\Quarantine\57E226F6 Infected: Trojan-Downloader.Win32.CWS.s 1
C:\Program Files\Norton AntiVirus\Quarantine\58276FDC Infected: not-a-virus:AdWare.Win32.CASClient.d 1
C:\Program Files\Norton AntiVirus\Quarantine\584D07D4 Infected: Email-Worm.Win32.Locksky.ag 1
C:\Program Files\Norton AntiVirus\Quarantine\5A1F6110 Infected: Trojan-Downloader.Win32.TSUpdate.o 1
C:\Program Files\Norton AntiVirus\Quarantine\5A1F6110 Infected: not-a-virus:AdWare.Win32.Mostofate.u 1
C:\Program Files\Norton AntiVirus\Quarantine\5A9E4C6D Infected: Trojan.Win32.Crypt.t 1
C:\Program Files\Norton AntiVirus\Quarantine\5B1E7986 Infected: Trojan-Proxy.Win32.Xorpix.ac 1
C:\Program Files\Norton AntiVirus\Quarantine\5BC1245A Infected: Trojan-Downloader.Win32.Adload.jm 1
C:\Program Files\Norton AntiVirus\Quarantine\5CBD299E Infected: not-a-virus:AdWare.Win32.Mostofate.u 1
C:\Program Files\Norton AntiVirus\Quarantine\5D231FA6 Infected: Trojan.Win32.Crypt.t 1
C:\Program Files\Norton AntiVirus\Quarantine\5D5D5264 Infected: Trojan-Downloader.Win32.Small.cgy 1
C:\Program Files\Norton AntiVirus\Quarantine\5D8915AD Infected: Trojan-Downloader.Win32.IstBar.gen 1
C:\Program Files\Norton AntiVirus\Quarantine\5DEF0BB5 Infected: Trojan-Downloader.Win32.Small.buy 1
C:\Program Files\Norton AntiVirus\Quarantine\5DEF0BB5 Infected: not-a-virus:AdWare.Win32.Mostofate.u 1
C:\Program Files\Norton AntiVirus\Quarantine\5E5501BD Infected: Trojan-Spy.Win32.Delf.ig 1
C:\Program Files\Norton AntiVirus\Quarantine\5F2E7327 Infected: Trojan.Win32.Crypt.t 1
C:\Program Files\Norton AntiVirus\Quarantine\5F4741D8 Infected: Trojan-Downloader.Win32.Small.bgl 1
C:\Program Files\Norton AntiVirus\Quarantine\62FF3A66 Infected: Trojan-Downloader.Win32.Tiny.ba 1
C:\Program Files\Norton AntiVirus\Quarantine\638C7566 Infected: Trojan-Downloader.Win32.Agent.aly 1
C:\Program Files\Norton AntiVirus\Quarantine\63F03744 Infected: not-a-virus:AdWare.Win32.MediaMotor.o 1
C:\Program Files\Norton AntiVirus\Quarantine\664855A1 Infected: Trojan-Downloader.Win32.Dyfuca.ey 1
C:\Program Files\Norton AntiVirus\Quarantine\666713D4 Infected: Trojan-Downloader.Win32.Adload.jm 1
C:\Program Files\Norton AntiVirus\Quarantine\684D659D Infected: Trojan-Downloader.Win32.Small.cxx 1
C:\Program Files\Norton AntiVirus\Quarantine\697F47B4 Infected: not-a-virus:AdWare.Win32.MediaMotor.p 1
C:\Program Files\Norton AntiVirus\Quarantine\69B05B76 Infected: HackTool.Win32.Sniffer.WpePro.a 1
C:\Program Files\Norton AntiVirus\Quarantine\69DD2008 Infected: Trojan-Mailfinder.Win32.Agent.l 1
C:\Program Files\Norton AntiVirus\Quarantine\69E53DBB Infected: Trojan-Proxy.Win32.Small.bt 1
C:\Program Files\Norton AntiVirus\Quarantine\6B110940 Infected: Trojan-Downloader.Win32.Qoologic.ax 1
C:\Program Files\Norton AntiVirus\Quarantine\6D8865D0 Infected: not-a-virus:AdWare.Win32.PurityScan.ak 1
C:\Program Files\Norton AntiVirus\Quarantine\6DD853BF Infected: Trojan-Downloader.Win32.Small.skn 1
C:\Program Files\Norton AntiVirus\Quarantine\6FAB3B45 Infected: Trojan-Downloader.Win32.Small.buy 1
C:\Program Files\Norton AntiVirus\Quarantine\6FAB3B45 Infected: not-a-virus:AdWare.Win32.Mostofate.u 1
C:\Program Files\Norton AntiVirus\Quarantine\7183471C Infected: Trojan-Downloader.Win32.Agent.aly 1
C:\Program Files\Norton AntiVirus\Quarantine\72315B3C Infected: not-a-virus:AdWare.Win32.BetterInternet 1
C:\Program Files\Norton AntiVirus\Quarantine\73DD219C Infected: Trojan-Downloader.Win32.IstBar.ij 1
C:\Program Files\Norton AntiVirus\Quarantine\744317A3 Infected: not-a-virus:AdWare.Win32.SideFind 1
C:\Program Files\Norton AntiVirus\Quarantine\74A90DAB Infected: Trojan-Downloader.Win32.Adload.jm 1
C:\Program Files\Norton AntiVirus\Quarantine\74FB0A76 Infected: Trojan-Dropper.Win32.Delf.th 1
C:\Program Files\Norton AntiVirus\Quarantine\751003B2 Infected: not-a-virus:AdWare.Win32.BookedSpace.e 1
C:\Program Files\Norton AntiVirus\Quarantine\75166E33 Infected: Trojan.Win32.Agent.oh 1
C:\Program Files\Norton AntiVirus\Quarantine\75191830 Infected: Trojan-GameThief.Win32.Nilage.pa 1
C:\Program Files\Norton AntiVirus\Quarantine\756E5C07 Infected: Trojan-Downloader.Win32.Small.awa 1
C:\Program Files\Norton AntiVirus\Quarantine\757679BA Infected: HackTool.Win32.Sniffer.WpePro.w 1
C:\Program Files\Norton AntiVirus\Quarantine\75997DA4 Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\75997DA4 Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\76283505 Infected: Trojan-Downloader.Win32.Small.awa 1
C:\Program Files\Norton AntiVirus\Quarantine\765356D7 Infected: Trojan-Dropper.Win32.Small.amf 1
C:\Program Files\Norton AntiVirus\Quarantine\768022A4 Infected: Trojan-GameThief.Win32.Nilage.pa 1
C:\Program Files\Norton AntiVirus\Quarantine\771F145C Infected: Trojan-Spy.Win32.Delf.ig 1
C:\Program Files\Norton AntiVirus\Quarantine\78F749EF Infected: Exploit.Java.ByteVerify 2
C:\Program Files\Norton AntiVirus\Quarantine\78F749EF Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Program Files\Norton AntiVirus\Quarantine\7AF82E1D Infected: Trojan-Downloader.Win32.Small.atl 1
C:\Program Files\Norton AntiVirus\Quarantine\7C2E1E65 Infected: Trojan-Dropper.Win32.Mudrop.cd 1
C:\Program Files\Norton AntiVirus\Quarantine\7C34725E Infected: Trojan-Downloader.Win32.Small.dgk 1
C:\Program Files\Norton AntiVirus\Quarantine\7C371C5A Infected: Trojan-Downloader.Win32.Tibs.fj 1
C:\Program Files\Norton AntiVirus\Quarantine\7C44444C Infected: Trojan-Proxy.Win32.Xmiler.c 1
C:\Program Files\Norton AntiVirus\Quarantine\7C9D31EB Infected: Trojan-Dropper.Win32.Small.amf 1
C:\Program Files\Norton AntiVirus\Quarantine\7CAA59DD Infected: Trojan-Downloader.Win32.Busky.gen 1
C:\Program Files\Norton AntiVirus\Quarantine\7DD91A8E Infected: Trojan-Downloader.Win32.Small.cux 1
C:\Program Files\Norton AntiVirus\Quarantine\7EBA77D1 Infected: Trojan-PSW.Win32.Sinowal.ad 1
C:\Program Files\Norton AntiVirus\Quarantine\7F9E3AC3 Infected: Packed.Win32.NSAnti.r 1
C:\Program Files\Norton AntiVirus\Quarantine\7FD453A2 Infected: not-a-virus:AdWare.Win32.AdSquash.g 1
C:\Program Files\Winamp\winampa.exe Infected: Trojan.Win32.Small.uf 1
C:\Program Files\Windows Media Player\wmplayer.exe.tmp Infected: Trojan-Downloader.Win32.Pacer.e 1
C:\Python22\Lib\site-packages\UnWisePW32.exe Infected: Virus.Win32.Neshta.a 1
C:\Python22\UNWISE.EXE Infected: Virus.Win32.Neshta.a 1
C:\qoobox\Hiv-backup\ERDNT.EXE Infected: Virus.Win32.Neshta.a 1
C:\qoobox\Quarantine\C\Documents and Settings\Owner\My Documents\ICROSO~1.NET\tаskmgr.exe.vir Infected: Virus.Win32.Neshta.a 1
C:\qoobox\Quarantine\C\WINDOWS\svchost.com.vir Infected: Virus.Win32.Neshta.a 1
C:\qoobox\Quarantine\C\WINDOWS\system32\knsasu.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.csr 1
C:\qoobox\Quarantine\[4]-Submit_2008-11-04@8.42.zip Infected: Virus.Win32.Neshta.a 2
C:\qoobox\Quarantine\[4]-Submit_2008-11-04@8.42.zip Infected: Trojan.Win32.VB.gip 1
C:\qoobox\Quarantine\[4]-Submit_2008-11-04@8.42.zip Infected: not-a-virus:AdWare.Win32.SuperJuan.csr 1
C:\Saga\Super Popup Blocker\popkill.exe Infected: Virus.Win32.Neshta.a 1
C:\Saga\Super Popup Blocker\unins000.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\apps\download.exe Infected: Virus.Win32.Neshta.a 1

rainshield
2008-11-05, 03:39
C:\SDFix\apps\ERUNT.EXE Infected: Virus.Win32.Neshta.a 1
C:\SDFix\apps\LS.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\apps\Process.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\apps\psservice.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\apps\RegDACL.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\apps\regedit.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\apps\Replace\W2K.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\apps\Replace\XP.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\apps\SF.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\apps\swreg.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\apps\unzip.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\apps\zip.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\backups\backups.zip Infected: Trojan-Clicker.HTML.IFrame.dn 1
C:\SDFix\backups\backups.zip Infected: Virus.Win32.Neshta.a 1
C:\SDFix\backups\regedit.exe Infected: Virus.Win32.Neshta.a 1
C:\SDFix\catchme.exe Infected: Virus.Win32.Neshta.a 1
C:\temp\gorPUS.exe Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\crazyx.ocx Infected: not-a-virus:AdWare.Win32.CrazyWin.e 1
C:\WINDOWS\q1i.exe Infected: Trojan-Spy.Win32.Zbot.ts 1
C:\WINDOWS\Resources\Themes\118321.exe Infected: Trojan-Downloader.Win32.Small.bke 1
C:\WINDOWS\Resources\Themes\118321.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
C:\WINDOWS\Resources\Themes\118321.exe Infected: not-a-virus:AdWare.Win32.ActivShopper.a 2
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Wildtangent\Cdacache\C035477C-FD53-405C-A0B2-CA237A502FBF\Racing.exe Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Wildtangent\Cdacache\C035477C-FD53-405C-A0B2-CA237A502FBF\start.exe Infected: Packed.Win32.CPEX-based.m 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Wildtangent\Cdacache\C035477C-FD53-405C-A0B2-CA237A502FBF\_C035477C-FD53-405C-A0B2-CA237A502FBF.exe Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\system32\config\systemprofile\My Documents\87098.exe Infected: Packed.Win32.CPEX-based.m 1
C:\WINDOWS\system32\config\systemprofile\My Documents\My Received Files\WPEXP.rar Infected: HackTool.Win32.Sniffer.WpePro.a 1
C:\WINDOWS\system32\config\systemprofile\My Documents\My Received Files\WPEXP.rar Infected: HackTool.Win32.Sniffer.WpePro.w 1
C:\WINDOWS\system32\kBin19\kBin191065.exe Infected: Trojan-Downloader.Win32.VB.gfh 1
C:\WINDOWS\system32\mjofabpx.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.bqm 1
C:\WINDOWS\system32\modtrux01\modtrux011065.exe Infected: Trojan-Downloader.Win32.VB.eyc 1
C:\_OTMoveIt\MovedFiles\syssylo.exe Infected: Trojan-Downloader.Win32.Nurech.dh 1
C:\_OTMoveIt\MovedFiles\WINDOWS\mshostsr.exe Infected: Virus.Win32.Neshta.a 1
C:\_OTMoveIt\MovedFiles\WINDOWS\system\svchost.dll Infected: Backdoor.Win32.Agent.iw 1
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\sys32time.dll Infected: Trojan-Banker.Win32.Banker.hrm 1
D:\cmdcons\autochk.exe Infected: Virus.Win32.Neshta.a 1
D:\cmdcons\autofmt.exe Infected: Virus.Win32.Neshta.a 1
D:\cmdcons\system32\smss.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\autochk.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\autofmt.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\Bootini.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\cmd.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\cmd2.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\DblRes.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\diskpart.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\ditrace.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\dmadmin.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\DskPart.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\Eject.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\eqndiag.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\eqnlogr.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\eqnloop.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\factory.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\FATFMT32.EXE Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\ipconfig.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\locator.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\LogViewer.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\net1.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\notepad.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\ntkrnlmp.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\odbcconf.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\PAGEFILE.EXE Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\peer.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\portmon.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\reg.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\regedit.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\RESTORE.EXE Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\RPONOFF.EXE Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\rsvp.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\services.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\ShutDown.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\smss.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\spoolsv.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\start.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\taskmgr.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\winlogon.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\xlog.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\AUTOCHK.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\AUTOFMT.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\Apps\APP06334\App06334.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\Apps\APP11538\App11538.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\DIST\SYSTEM32\SMSS.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\DRW\DWWIN.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\NETSETUP.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\REGEDIT.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSPARSE.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\Bootini.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\DblRes.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\DskPart.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\Eject.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\FATFMT32.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\LogViewer.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\PAGEFILE.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\RESTORE.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\RPONOFF.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\SMSS.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\ShutDown.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\autochk.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\autofmt.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\cmd.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\cmd2.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\diskpart.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\ditrace.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\dmadmin.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\eqndiag.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\eqnlogr.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\eqnloop.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\factory.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\ipconfig.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\locator.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\net1.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\notepad.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\ntkrnlmp.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\odbcconf.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\peer.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\portmon.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\reg.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\regedit.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\rsvp.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\services.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\spoolsv.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\start.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\taskmgr.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\winlogon.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSTEM32\xlog.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\TELNET.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\USETUP.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\WINNT.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\WINNT32.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP21726\App21726.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP00153\App00153.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP00292\App00292.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP11942\App11942.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP14771\App14771.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP16827\App16827.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP18716\App18716.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP19895\App19895.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP23281\App23281.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ARA.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-CHS.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-CHT.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-DAN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-DEU.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ENU.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ESN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-FIN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-FRA.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ITA.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-JPN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-KOR.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-NLD.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-NOR.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-PTG.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-SVE.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-TRK.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1CDC\files\ALL\CD Creator.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42NA1MCA\LaunchMsn.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW3SEQ\Agere_Cheetah_Modem_6386-01.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW3SEQ\Agere_Sequoia_Modem_6960-01.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App00153.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App00292.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App00491.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App02995.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App04827.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App05447.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App05705.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App09961.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App16827.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App17421.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App18716.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App19169.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App19718.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App19895.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App23281.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App24464.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App26962.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App29358.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App99993.exe Infected: Virus.Win32.Neshta.a

rainshield
2008-11-05, 03:39
D:\hp\patches\42WW1REC\src\xApp14604.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Arabic\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Dan\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Eng\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Fin\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Fr\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Ger\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\It\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Jpn\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Kor\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\NL\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Nor\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Port\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\SC\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\SW\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Sp\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\TC\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Turk\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\CHS\WindowsXP-KB821431-x86-CHS.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\CHT\WindowsXP-KB821431-x86-CHT.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\CSY\WindowsXP-KB821431-x86-CSY.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\DAN\WindowsXP-KB821431-x86-DAN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\DEU\WindowsXP-KB821431-x86-DEU.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\ELL\WindowsXP-KB821431-x86-ELL.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\ENU\WindowsXP-KB821431-x86-ENU.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\ESN\WindowsXP-KB821431-x86-ESN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\FIN\WindowsXP-KB821431-x86-FIN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\FRA\WindowsXP-KB821431-x86-FRA.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\HEB\WindowsXP-KB821431-x86-HEB.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\HUN\WindowsXP-KB821431-x86-HUN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\HUN\ARA\WindowsXP-KB821431-x86-ARA.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\ITA\WindowsXP-KB821431-x86-ITA.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\JPN\WindowsXP-KB821431-x86-JPN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\KOR\WindowsXP-KB821431-x86-KOR.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\NLD\WindowsXP-KB821431-x86-NLD.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\NOR\WindowsXP-KB821431-x86-NOR.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\PLK\WindowsXP-KB821431-x86-PLK.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\PTB\WindowsXP-KB821431-x86-PTB.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\PTG\WindowsXP-KB821431-x86-PTG.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\RUS\WindowsXP-KB821431-x86-RUS.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\SVE\WindowsXP-KB821431-x86-SVE.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\TRK\WindowsXP-KB821431-x86-TRK.exe Infected: Virus.Win32.Neshta.a 1
F:\game\Steam\bin\SteamService.exe Infected: Virus.Win32.Neshta.a 1
F:\game\Steam\GameOverlayUI.exe Infected: Virus.Win32.Neshta.a 1
F:\game\Steam\Steam.exe Infected: Virus.Win32.Neshta.a 1
F:\game\Steam\steamapps\1life1love4ever\counter-strike\hl.exe Infected: Virus.Win32.Neshta.a 1
F:\game\Steam\steamapps\1life1love4ever\counter-strike\hlds.exe Infected: Virus.Win32.Neshta.a 1
F:\game\Steam\WriteMiniDump.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\BackgroundDownloader.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\BNUpdate.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\Launcher.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\Patches\WoW-2.3.3-to-2.4.0-enUS-Win-patch\BNUpdate.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\Repair.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-1.12.0-enUS-downloader.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch\Updater.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-2.3.0-enUS-downloader.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-2.3.0.7561-to-2.3.2.7741-enUS-downloader.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-2.3.0.7561-to-2.3.2.7741-enUS-patch.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-2.3.2.7741-to-2.3.3.7799-enUS-downloader.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-2.3.2.7741-to-2.3.3.7799-enUS-patch.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-2.3.3.7799-to-2.4.0.8089-enUS-downloader.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-downloader.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-2.4.0.8089-to-2.4.1.8125-enUS-patch.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-2.4.1.8125-to-2.4.2.8278-enUS-downloader.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WoW-2.4.2.8278-to-2.4.3.8606-enUS-downloader.exe Infected: Virus.Win32.Neshta.a 1
F:\game\World of Warcraft\WowError.exe Infected: Virus.Win32.Neshta.a 1

The selected area was scanned.

katana
2008-11-05, 12:30
==============================WARNING==============================
There is some evidence of what may be a very nasty infection.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
Back up all important data on the machine.
If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
Take any other steps you think appropriate for an attempted identity theft.
==============================WARNING==============================


Your machine is extremely infected.

There is evidence of Password Stealers and also Backdoors
Your main problem at the moment is a file infector that looks to have been around for a long time now.
( Norton added it to their database around 2005/6 )

If your Antivirus is an upto date paid copy please inform me.

I'm afraid your best option is to backup any data you want to keep ( only documents, photos and music, NO programs ) and then reformat your machine.

rainshield
2008-11-05, 19:48
1st of all. thanks alot of your help katana. i just want to ask if i can put all the music, pictures, documents in my hard drive F:/ and format the hard drive C:/ or i have to format both of them? and can u plz inform step by step how to format my pc? sorry im not really good at pc. so thanks again katana

katana
2008-11-06, 00:09
Are your drives completely separate, or is it just one drive that is partitioned ?
Your log shows C:, D:, and F:
Do you have an install disc, restore disc or restore partition ?

rainshield
2008-11-06, 01:18
my computer is compaq Presario SR1010NX , the C:/ and D:/ is hard drive come with pc in stock, and the F:/ is the extra hard drive internal i just put in 2 months ago. I believed my pc have something called system restore, it doesnt come with window xp CD when i bought this pc, that's why i dont know how to format it. So how i can do to reformat? can i back up all the stuffs i want to keep in F:/ hard drive and then disconnect it and format the pc? i'll be appreciated if u can instruct me step by step. thanks

katana
2008-11-06, 01:39
Before you put anything on the F:\ drive, you need to delete the F:\game folder, it has a lot of infected files in it.

Next, transfer any files you want to keep to the F: drive.
The instructions for using Compaq Recovery are here
Recovering during startup (http://h10025.www1.hp.com/ewfrf/wc/document?lc=en&dlc=en&cc=us&product=403786&docname=bph07145#bph07145_cp)

I recommend that you download an antivirus as soon as you can once your machine is working again.

Free AV list ( for Home users)
Avira AntiVir (http://www.free-av.com/)
Avast (http://www.avast.com/eng/products.html)


Here is some general info on reformatting

1 - Backup Your Data
Copy all your data to a separate drive, CD, DVD, etc.
It may be a good idea to check the files that you backup with an online scanner, you don't want to be reinfected.
http://www.kaspersky.com/virusscanner

2 - Install Security Programs
Install your Antivirus, Firewall, and other security programs

3 - Install Any Microsoft Updates
Reconnect your computer to the internet and go to the Microsoft Updates site: http://update.microsoft.com/microsoftupdate
Download and install any required updates

4 - Install Any Programs
Finally, install any programs you need to run

If you have any questions, don't hesitate to ask.

rainshield
2008-11-06, 04:55
thanks for the instruction katana, i follow all those steps, but when i start the window recovery system, after press F10, the recovery window start loading only 2% at the beginning the proccess then it stall, i leave it for 2h and come back, but it doesnt go up any %. It seem like i can't be able get in system recovery anymore. This happened year ago when my pc got 1st infected, is there anything to fix it? :(

katana
2008-11-06, 12:17
This happened year ago when my pc got 1st infected

Your machine has been infected for over a year ??

It sounds as if the recovery section has been corrupted :(

If the machine can still boot to windows, then you have two options.
If it doesn't boot at all and you are using a different machine to reply then you only have the first option.

1) Contact Compaq and order a Recovery Disc
(you should do this anyway for future safety)

2) Dr Web Cure It -- A tool that may be able to cure the infected files.

I must warn you, if you decide to try and clean the machine with the following instructions then
a) It may not work in which case Your machine will not start again
b) even if it does work you are advised to reformat as soon as you are able.


Download Dr. Web CureIt (ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe) and save it to your desktop.
Double click on cureit.exe to run it.
Click on Start to start the scan.
Dr Web CureIt will prompt you. Click OK.
This will start an express scan. It shouldn't take too long.
When done, click on Options > Change settings.
Select the Scan tab. Uncheck (untick) Heuristics analysis box.
Select the Log file tab. Uncheck (untick) Maximum log file size box.
Click OK to apply the settings.
Select the Complete scan radio button, then click on the green triangle button on the right hand side.
It will start scanning. Please be patient as this scan can be long.
During the scan, if it finds any infected items, it will prompt you. Click Yes to all to cure the files.
Click on File > Save report list. Save this report to a convenient location.

rainshield
2008-11-06, 13:01
dear katana, thanks alot for your helps. i found a way to make the system recovery, spent whole night. i just simply use compaq recovery CD/DVD creator and then copy all the file to CDs and finally it work, now my pc is formatted...feel so clear and clean and way better than before. I just wanna say thanks alot katana for helping me all the way through..YOU ARE AWESOME! im really appreciated :D

katana
2008-11-06, 15:22
I recommend that you do another scan at Kaspersky to make sure that no infected files remain.

rainshield
2008-11-07, 05:56
i guess i was wrong, there's still alot of infected files in my pc after i formatted it :(...how i can get rid all of them now?

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, November 6, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, November 06, 2008 18:34:57
Records in database: 1372741
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 70216
Threat name: 2
Infected objects: 338
Suspicious objects: 0
Duration of the scan: 01:37:24


File name / Threat name / Threats count
C:\hp\bin\AddDevicePath.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\AUTOMOD.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\automod32.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\autorun.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\blocks\BBoot\HP_EndBuild_for_BBoot_ALL_WW_0000-16.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\blocks\BBoot\Power_Options_System_Standby_Off_ALL_WW_0000-01.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\blocks\EJECT.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\blocks\FINIS.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\blocks\GREPINATOR.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\blocks\ISRUNNING.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\EJECT.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\IniMerge.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\MsgBoxPlus.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\restore.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\burnboot\UINI.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\COMMANDS.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\DISTILL.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\DM.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\CDSTART.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\MSI\WIN9X\INSTMSI.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\MSI\WINNT\INSTMSI.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\NPF\ALERULES.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\NPF.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\SUPPORT\DCOM98\DCOM98.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\SUPPORT\LIVEREG\LRSETUP.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\firewallnorton\SUPPORT\LUPDATE\LUSETUP.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\FullScreen.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\HPBI.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\hpdmi.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\HPLocale.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\HtmlMsg.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\IcoSet\IcoSet.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\IniMerge.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\IsRunning.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\iTunes\NewShortcut4_8C3BCD70236347B8A53EEE8A82FD5C78.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\KillIt.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\omnipass\Setup.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\omnipass\weblink\Setup.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\OSType.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\ProcessLogger.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\Progress.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\PwrMgt.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\Python-2.2.1.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\RefCount.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\replace.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\RPCOPY.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\SETLEVEL.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\SetRes.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\TransientMessage.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\TrialHTML\Office 2003 Edition 60 Day Trial.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\UIni.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\USBPwrMGMT.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\bin\win32all-146.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\audio_realtek\Alcxmntr.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\keyboard\PS2.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\modem_Agere_Sequoia\agrsmdel.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\modem_Agere_Sequoia\AGRSMMsg.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\CopyInf.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\hpbvspst.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\hpzglu08.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\install.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\instmsia.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\instmsiw.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\program files\Hewlett-Packard\hp deskjet assistant\bin\browser.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\setup.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\util\common\hpfpdi08.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\util\common\hpzghl08.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\printers\deskjet\util\common\hpzpin08.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\video_Intel\hkcmd.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\video_Intel\igfxcfg.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\video_Intel\igfxdiag.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\video_Intel\igfxext.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\drivers\video_Intel\igfxtray.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\EasyHomeNet\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\MicrosoftNetworkGuide\netguide.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\MicrosoftNetworkGuide\run.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\shortcut.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\Splash\Entertainment\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\Splash\HotDeals\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\Splash\Security\showdetto.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\Splash\Security\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\warranty\EN\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\warranty\EN_CA\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\warranty\EN_US\splash.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\DTIcons\warranty\runner.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\IAccess\IAccess.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\KBD\KBUPDATE.EXE Infected: Virus.Win32.Neshta.a 1
C:\hp\KBD\STATIC\Common\hpkey.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\OrgTut\OrgTut.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42NA1MCA\LaunchMsn.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ARA.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-CHS.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-CHT.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-DAN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-DEU.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ENU.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ESN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-FIN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-FRA.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ITA.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-JPN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-KOR.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-NLD.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-NOR.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-PTG.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-SVE.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-TRK.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1CDC\files\ALL\CD Creator.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Arabic\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Dan\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Eng\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Fin\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Fr\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Ger\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\It\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Jpn\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Kor\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\NL\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Nor\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Port\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\SC\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Sp\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\SW\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\TC\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1HTM\src\Turk\Q832894.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\CHS\WindowsXP-KB821431-x86-CHS.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\CHT\WindowsXP-KB821431-x86-CHT.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\CSY\WindowsXP-KB821431-x86-CSY.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\DAN\WindowsXP-KB821431-x86-DAN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\DEU\WindowsXP-KB821431-x86-DEU.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\ELL\WindowsXP-KB821431-x86-ELL.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\ENU\WindowsXP-KB821431-x86-ENU.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\ESN\WindowsXP-KB821431-x86-ESN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\FIN\WindowsXP-KB821431-x86-FIN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\FRA\WindowsXP-KB821431-x86-FRA.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\HEB\WindowsXP-KB821431-x86-HEB.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\HUN\ARA\WindowsXP-KB821431-x86-ARA.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\HUN\WindowsXP-KB821431-x86-HUN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\ITA\WindowsXP-KB821431-x86-ITA.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\JPN\WindowsXP-KB821431-x86-JPN.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\KOR\WindowsXP-KB821431-x86-KOR.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\NLD\WindowsXP-KB821431-x86-NLD.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\NOR\WindowsXP-KB821431-x86-NOR.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\PLK\WindowsXP-KB821431-x86-PLK.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\PTB\WindowsXP-KB821431-x86-PTB.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\PTG\WindowsXP-KB821431-x86-PTG.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\RUS\WindowsXP-KB821431-x86-RUS.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\SVE\WindowsXP-KB821431-x86-SVE.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1IPD\src\TRK\WindowsXP-KB821431-x86-TRK.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App00153.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App00292.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App00491.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App02995.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App04827.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App05447.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App05705.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App09961.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App16827.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App17421.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App18716.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App19169.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App19718.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App19895.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App23281.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App24464.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App26962.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App29358.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\App99993.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW1REC\src\xApp14604.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW3SEQ\Agere_Cheetah_Modem_6386-01.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\patches\42WW3SEQ\Agere_Sequoia_Modem_6960-01.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\recovery\wizard\SWR_Wizard.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\region\wallpaper\wp.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\support\HPSysInfo.exe Infected: Virus.Win32.Neshta.a 1
C:\hp\vinetlink\autorun.exe Infected: Virus.Win32.Neshta.a 1
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\Program Files\Online Services\MSN80\LaunchMsn.exe Infected: Virus.Win32.Neshta.a 1
C:\Python22\Lib\site-packages\UnWisePW32.exe Infected: Virus.Win32.Neshta.a 1
C:\Python22\UNWISE.EXE Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\CREATOR\CD Creator.exe Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\I386\AUTOCHK.EXE Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\I386\AUTOFMT.EXE Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\I386\DRW\DWWIN.EXE Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\I386\NETSETUP.EXE Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\I386\REGEDIT.EXE Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\I386\SYSPARSE.EXE Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\I386\SYSTEM32\SMSS.EXE Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\I386\TELNET.EXE Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\I386\USETUP.EXE Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\I386\WINNT.EXE Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\I386\WINNT32.EXE Infected: Virus.Win32.Neshta.a 1
C:\WINDOWS\svchost.com Infected: Virus.Win32.Neshta.a 1
D:\cmdcons\autochk.exe Infected: Virus.Win32.Neshta.a 1
D:\cmdcons\autofmt.exe Infected: Virus.Win32.Neshta.a 1
D:\cmdcons\system32\smss.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\autochk.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\autofmt.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\Bootini.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\cmd.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\cmd2.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\DblRes.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\diskpart.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\ditrace.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\dmadmin.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\DskPart.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\Eject.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\eqndiag.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\eqnlogr.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\eqnloop.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\factory.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\FATFMT32.EXE Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\ipconfig.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\locator.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\LogViewer.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\net1.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\notepad.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\ntkrnlmp.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\odbcconf.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\PAGEFILE.EXE Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\peer.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\portmon.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\reg.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\regedit.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\RESTORE.EXE Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\RPONOFF.EXE Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\rsvp.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\services.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\ShutDown.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\smss.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\spoolsv.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\start.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\taskmgr.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\winlogon.exe Infected: Virus.Win32.Neshta.a 1
D:\MiniNT\system32\xlog.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\AUTOCHK.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\AUTOFMT.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\Apps\APP06334\App06334.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\Apps\APP11538\App11538.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\DIST\SYSTEM32\SMSS.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\DRW\DWWIN.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP00153\App00153.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP00292\App00292.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP11942\App11942.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP14771\App14771.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP16827\App16827.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP18716\App18716.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP19895\App19895.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP21726\App21726.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\drv\APP23281\App23281.exe Infected: Virus.Win32.Neshta.a 1
D:\I386\NETSETUP.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\REGEDIT.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\SYSPARSE.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\TELNET.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\USETUP.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\WINNT.EXE Infected: Virus.Win32.Neshta.a 1
D:\I386\WINNT32.EXE Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42NA1MCA\LaunchMsn.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ARA.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-CHS.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-CHT.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-DAN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-DEU.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ENU.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ESN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-FIN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-FRA.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-ITA.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-JPN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-KOR.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-NLD.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-NOR.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-PTG.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-SVE.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1ASN\src\WindowsXP-KB828028-x86-TRK.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1CDC\files\ALL\CD Creator.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Arabic\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Dan\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Eng\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Fin\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Fr\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Ger\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\It\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Jpn\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Kor\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\NL\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Nor\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Port\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\SC\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\SW\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Sp\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\TC\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1HTM\src\Turk\Q832894.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\CHS\WindowsXP-KB821431-x86-CHS.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\CHT\WindowsXP-KB821431-x86-CHT.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\CSY\WindowsXP-KB821431-x86-CSY.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\DAN\WindowsXP-KB821431-x86-DAN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\DEU\WindowsXP-KB821431-x86-DEU.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\ELL\WindowsXP-KB821431-x86-ELL.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\ENU\WindowsXP-KB821431-x86-ENU.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\ESN\WindowsXP-KB821431-x86-ESN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\FIN\WindowsXP-KB821431-x86-FIN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\FRA\WindowsXP-KB821431-x86-FRA.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\HEB\WindowsXP-KB821431-x86-HEB.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\HUN\ARA\WindowsXP-KB821431-x86-ARA.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\HUN\WindowsXP-KB821431-x86-HUN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\ITA\WindowsXP-KB821431-x86-ITA.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\JPN\WindowsXP-KB821431-x86-JPN.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\KOR\WindowsXP-KB821431-x86-KOR.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\NLD\WindowsXP-KB821431-x86-NLD.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\NOR\WindowsXP-KB821431-x86-NOR.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\PLK\WindowsXP-KB821431-x86-PLK.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\PTB\WindowsXP-KB821431-x86-PTB.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\PTG\WindowsXP-KB821431-x86-PTG.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\RUS\WindowsXP-KB821431-x86-RUS.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\SVE\WindowsXP-KB821431-x86-SVE.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1IPD\src\TRK\WindowsXP-KB821431-x86-TRK.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App00153.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App00292.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App00491.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App02995.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App04827.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App05447.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App05705.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App09961.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App16827.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App17421.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App18716.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App19169.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App19718.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App19895.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App23281.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App24464.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App26962.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App29358.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\App99993.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW1REC\src\xApp14604.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW3SEQ\Agere_Cheetah_Modem_6386-01.exe Infected: Virus.Win32.Neshta.a 1
D:\hp\patches\42WW3SEQ\Agere_Sequoia_Modem_6960-01.exe Infected: Virus.Win32.Neshta.a 1

The selected area was scanned.

katana
2008-11-07, 13:21
Did you create a recovery disc and then restore from it ?

If not there are a few reasons why this may have happened

1) you only formatted/recovered drive C: ... You need to do C: and D:
2) one of the files that you backed up was infected
3) your recovery section is also infected.

Since you have got the recovery console working, it may be worth trying DR Web Cure It now.
Run Dr Web and that should remove the infection
You can always restore it with the recovery disc if the machine fails.

rainshield
2008-11-07, 13:44
hi katana. yes i created the restore disc from the tool in my cd and then restore from it. i think the D:/ drive got infected that may caused the virus still in pc after formatted. but i'll just try the Dr web cure. do i need to post the log on here for u?

katana
2008-11-07, 13:51
yes i created the restore disc from the tool in my cd and then restore from it.

The restore disc you created was infected, you need to restore to factory settings if you have that option.

rainshield
2008-11-07, 13:57
i dont think i have that option :(. but i still gonna try Dr web cure see if it can remove all the infected.

rainshield
2008-11-07, 21:08
hi katana. somehow i can't scan with Dr. web cureit. After i downloaded cureit.exe file from your link, i run it, and i click start, so there's messenger say they will do express scan, so i click ok....but nothing is scanning, instead all i got is another window say "full version free trial"... there's no express scanning or anything else. so i try to update it, but it's just get same problem. then i restart pc try to boot window in safe mode,but no luck, Dr web cureit seem doesnt run the express scan.

katana
2008-11-07, 21:45
Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal (http://www.virustotal.com/en/indexf.html)
Click Browse and navigate to the CureIt.exe file you downloaded
Click Submit/Send File
Please post back, to let me know the results.

If Virustotal is too busy please try Jotti (http://virusscan.jotti.org/)

rainshield
2008-11-07, 22:04
File cureit.exe received on 11.07.2008 20:59:29 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 2/36 (5.56%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.11.7.1 2008.11.07 -
AntiVir 7.9.0.26 2008.11.07 -
Authentium 5.1.0.4 2008.11.07 -
Avast 4.8.1248.0 2008.11.07 -
AVG 8.0.0.161 2008.11.07 -
BitDefender 7.2 2008.11.07 -
CAT-QuickHeal 9.50 2008.11.07 -
ClamAV 0.94.1 2008.11.07 -
DrWeb 4.44.0.09170 2008.11.07 -
eSafe 7.0.17.0 2008.11.06 Suspicious File
eTrust-Vet 31.6.6198 2008.11.07 -
Ewido 4.0 2008.11.07 -
F-Prot 4.4.4.56 2008.11.07 -
F-Secure 8.0.14332.0 2008.11.07 -
Fortinet 3.117.0.0 2008.11.07 -
GData 19 2008.11.07 -
Ikarus T3.1.1.45.0 2008.11.07 -
K7AntiVirus 7.10.519 2008.11.07 -
Kaspersky 7.0.0.125 2008.11.07 -
McAfee 5426 2008.11.06 -
Microsoft 1.4104 2008.11.07 -
NOD32 3595 2008.11.07 -
Norman 5.80.02 2008.11.07 -
Panda 9.0.0.4 2008.11.07 -
PCTools 4.4.2.0 2008.11.07 -
Prevx1 V2 2008.11.07 Suspicious
Rising 21.02.42.00 2008.11.07 -
SecureWeb-Gateway 6.7.6 2008.11.07 -
Sophos 4.35.0 2008.11.07 -
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.07 -
TheHacker 6.3.1.1.144 2008.11.07 -
TrendMicro 8.700.0.1004 2008.11.07 -
VBA32 3.12.8.9 2008.11.06 -
ViRobot 2008.11.7.1457 2008.11.07 -
VirusBuster 4.5.11.0 2008.11.07 -

katana
2008-11-07, 22:42
Please try running it again, it may be that it is trying to clean the running processes.

rainshield
2008-11-07, 23:04
last night i left it on for whole night and it still doesnt scan anything...it only have window with these word "full version free trial"

rainshield
2008-11-07, 23:33
addition note : when i start the Dr web cureit, i open the task manager in processes tab there's file start.exe and cureit.exe running. but then the cureit.exe ended in less than second. Only the start.exe file running while Dr web cureit run

katana
2008-11-07, 23:48
Fix With HJT

Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer]
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2]
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRA~1\SUPERA~1\SUPERA~1.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis


----------------------------------------------------------- -----------------------------------------------------------

If the previous step did not automatically reboot your machine, Please reboot now


Now try running Dr Web

If it still doesn't run please post a fresh HJT log

rainshield
2008-11-08, 00:42
it's still not working :(

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:53 PM, on 11/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMPAQ~1\1940576\Program\BACKWE~1.EXE
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
C:\PROGRA~1\INTERM~1\SPAMSU~1\SpamSub.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HIJACK~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,1,1,0.dll
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1225969865437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225971228734
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe

--
End of file - 5549 bytes

katana
2008-11-08, 00:45
Unfortunately, we are out of options.
Unless you can get the Restore To Factory Settings working via F10 at boot time the only option you have is to get a reinstall disc from Compaq.

rainshield
2008-11-08, 03:54
well it's sad that there's no other option, but thanks katana for helping me alot. i'll start order a cd recovery, and will post log back here to make sure. thanks alot again

katana
2008-11-18, 01:22
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.