Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Closes Immediately After Opening


  • This topic is locked This topic is locked
58 replies to this topic

#1 jab416171

jab416171

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 04 July 2007 - 01:17 PM

Hello, I was reading over this forum
and I had the same problem.
Regedit and MSConfig closed immediately after opening.
Well, to my surprise, after following those steps, I tried to install HiJackThis.
It did the exact same thing.
It closed right after I opened it.
Please help?

BC AdBot (Login to Remove)

 


#2 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 04 July 2007 - 01:34 PM

turns out I was using an old version
so I did what it told me to
now whenever I try to open the folder to run the installer, it restarts the explorer process.
Folder opens, then immediately afterwards, screen goes black.
Something very smart installed in my computer is preventing me from finding it. Please help?

#3 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 04 July 2007 - 01:42 PM

This is VERY frustrating. The hijackthis.log is sitting there on my desktop's desktop.
I'm using my laptop because my desktop lacks internet capabilities.
But oddly enough, it's still connected to the lan.
Here's the log.

Logfile of HijackThis v1.99.1
Scan saved at 2:35:41 PM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\zpwfnt\csrss.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WinTouch\WinTouch.exe
C:\WINDOWS\rayiou.exe
C:\Program Files\Common Files\{EC275333-0897-1033-0606-050411190001}\Update.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Azeroth Advisor Uploader\AzerothAdvisor.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Owner\Application Data\W?nSxS\?hkdsk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bots.acclaim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.100
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\zpwfnt\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\zpwfnt\csrss.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {346D6AFB-D23E-ABE9-1E67-F98DBD2283ED} - C:\WINDOWS\system32\gde.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [SfKg6w] C:\WINDOWS\rayiou.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Azeroth Advisor Uploader] C:\Program Files\Azeroth Advisor Uploader\AzerothAdvisor.exe SILENT
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\SMBOLS~1\winspool.exe" -vt yazb
O4 - HKCU\..\Run: [Aoz] "C:\Documents and Settings\HP_Owner\Application Data\W?nSxS\?hkdsk.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: csrss.lnk = ?
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: Wowhead Client.lnk = C:\Program Files\Wowhead Client\Wowhead_Client.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/...ploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CFCCCB1-6B1E-434B-87E2-01FACACD5AD9}: NameServer = 68.87.73.242,68.87.71.226
O17 - HKLM\System\CS1\Services\Tcpip\..\{4CFCCCB1-6B1E-434B-87E2-01FACACD5AD9}: NameServer = 68.87.73.242,68.87.71.226
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

#4 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 04 July 2007 - 10:06 PM

I'm starting to get annoyed by the fact that people who posted here today are getting answers but I posted yesterday and have yet to get a reply.
Please help when you get a chance.

Edited by jab416171, 05 July 2007 - 02:00 PM.


#5 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 05 July 2007 - 02:13 PM

UPDATE: I now have internet access on my computer. I simply checked 'obtain an IP address automatically" and "Obtain a DNS server automatically" and now it works.
MSConfig and RegEdit still shut down right after opening.
As does HJT.
Please help.

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:43 AM

Posted 05 July 2007 - 02:33 PM

Hello jab416171

I'm starting to get annoyed by the fact that people who posted here today are getting answers but I posted yesterday and have yet to get a reply.
Please help when you get a chance.



Your shooting yourself in the foot by bumping your post!


It is not a good idea to "Bump" your post, as it will only delay
help
for your log.

When selecting logs we generally use two criteria to
look for unanswered logs.

1. We started from the oldest to the most recent. That means if you
keep bumping, your log is at the top of the list, and since we do not work
from the top, it will be looked at last!! :thumbsup:

2. We look for first for posts with no replies. A bump is a reply so
you get pushed further down the response ladder. :flowers:

We have over 100 logs backed up, so that is another reason why you have not been helped.


Hello, I was reading over this forum
and I had the same problem.
Regedit and MSConfig closed immediately after opening.
Well, to my surprise, after following those steps, I tried to install HiJackThis.
It did the exact same thing.
It closed right after I opened it.
Please help?


Never, I repeat NEVER copy another persons fix to try to solve your problem!
Each log is different and requites a different approach, so by copying another person fix you only make matter worse (as you found out).




Download the HostsXpert Here
http://www.funkytoad.com/download/HostsXpert.zip

Unzip HostsXpert to your desktop

Open up the HostsXpert program.

* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program

You will need to use Internet Explorer for this scan.
Disable your antivirus program and go here to run BitDefender Online Scan.
Click on I Agree.
Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.

When the ActiveX Control has loaded, click on "Click here to scan".
Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer.

NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.


When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.


******************

I see you already have AVG Anti-Spyware installed.
DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, press the WINKEY + M key to "Minimize" the AVG display. Then right-click on AVG in the Task Bar and select "Maximize". If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop.
    A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.


When done, submit the BitDefender log, the AVG Anti-Spyware 7.5 log and a fresh Hijackthis log.

Edited by SifuMike, 06 July 2007 - 04:09 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 05 July 2007 - 04:57 PM

I attempted to log in the forum on my desktop, and like everything else, the Firefox window immediately closed.
I'm on my laptop, and am running the BitDefender Online Scanner right now.
The scan's going quick.
As I said previously, it's rather difficult to get a HJT log.
I have to double-click on the icon, click "Scan", and then move the .log file to my laptop before it gets cleared.
It's quite frustrating.
Sorry again for /bumping my post.
I will post the AVG and HJT logs after I restart in safe mode and all.

=============================
BitDefender log



BitDefender Online Scanner







Scan report generated at: Thu, Jul 05, 2007 - 17:51:36









Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;















Statistics

Time


01:19:46

Files


421742

Folders


10691

Boot Sectors


3

Archives


15136

Packed Files


18697







Results

Identified Viruses


19

Infected Files


22

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


21







Engines Info

Virus Definitions


637208

Engine build


AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\HP_Owner\Desktop\HostsXpert\hostsbak.bak


Infected with: Generic.Qhost.FCCA29B0

C:\Documents and Settings\HP_Owner\Desktop\HostsXpert\hostsbak.bak


Disinfection failed

C:\Documents and Settings\HP_Owner\Desktop\HostsXpert\hostsbak.bak


Deleted

C:\Documents and Settings\HP_Owner\Local Settings\Temp\!update.exe


Infected with: Trojan.Downloader.PurityScan.DH

C:\Documents and Settings\HP_Owner\Local Settings\Temp\!update.exe


Disinfection failed

C:\Documents and Settings\HP_Owner\Local Settings\Temp\!update.exe


Deleted

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\CSSP02R8\!update-4395[1].0000


Infected with: Trojan.Downloader.PurityScan.DH

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\CSSP02R8\!update-4395[1].0000


Disinfection failed

C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\CSSP02R8\!update-4395[1].0000


Deleted

C:\Program Files\Common Files\{3C275333-0897-1033-0606-050411190001}\Bar888.dll


Infected with: Trojan.Downloader.Adload.JM

C:\Program Files\Common Files\{3C275333-0897-1033-0606-050411190001}\Bar888.dll


Disinfection failed

C:\Program Files\Common Files\{3C275333-0897-1033-0606-050411190001}\Bar888.dll


Deleted

C:\Program Files\Common Files\{EC275333-0897-1033-0606-050411190001}\Update.exe


Infected with: Trojan.Downloader.Matcash.D

C:\Program Files\Common Files\{EC275333-0897-1033-0606-050411190001}\Update.exe


Disinfection failed

C:\Program Files\Common Files\{EC275333-0897-1033-0606-050411190001}\Update.exe


Delete failed

C:\Program Files\Outerinfo\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0001


Infected with: Trojan.Purityad.O

C:\Program Files\Outerinfo\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0001


Disinfection failed

C:\Program Files\Outerinfo\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0001


Deleted

C:\Program Files\Outerinfo\OiUninstaller.exe=>(NSIS o)


Update failed

C:\Program Files\SMBOLS~1\winspool.exe


Infected with: Trojan.Downloader.PurityScan.DH

C:\Program Files\SMBOLS~1\winspool.exe


Disinfection failed

C:\Program Files\SMBOLS~1\winspool.exe


Delete failed

C:\Program Files\WinPop\UnInstall.exe


Infected with: Trojan.Popwin.BK

C:\Program Files\WinPop\UnInstall.exe


Disinfection failed

C:\Program Files\WinPop\UnInstall.exe


Deleted

C:\WINDOWS\b103.exe


Infected with: Trojan.Downloader.TSUpdate.D

C:\WINDOWS\b103.exe


Disinfection failed

C:\WINDOWS\b103.exe


Deleted

C:\WINDOWS\b104.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Trojan.Downloader.Small.BUY

C:\WINDOWS\b104.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\WINDOWS\b104.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\WINDOWS\b104.exe=>(NSIS o)


Update failed

C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Trojan.Popwin.BK

C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\WINDOWS\b122.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\WINDOWS\b122.exe=>(NSIS o)


Update failed

C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0002


Infected with: Rootkit.Agent.EV

C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0002


Disinfection failed

C:\WINDOWS\b136.exe=>(NSIS o)=>lzma_solid_nsis0002


Deleted

C:\WINDOWS\b136.exe=>(NSIS o)


Update failed

C:\WINDOWS\system32\CTF\ctfmon.dll


Infected with: Trojan.Keylogger.Famlog.A

C:\WINDOWS\system32\CTF\ctfmon.dll


Disinfection failed

C:\WINDOWS\system32\CTF\ctfmon.dll


Deleted

C:\WINDOWS\system32\CTF\ctfmon.exe


Infected with: Trojan.Keylogger.C

C:\WINDOWS\system32\CTF\ctfmon.exe


Disinfection failed

C:\WINDOWS\system32\CTF\ctfmon.exe


Deleted

C:\WINDOWS\system32\CTF\ctfs.dll


Infected with: Trojan.Keylogger.143

C:\WINDOWS\system32\CTF\ctfs.dll


Disinfection failed

C:\WINDOWS\system32\CTF\ctfs.dll


Deleted

C:\WINDOWS\system32\svchosts.exe


Infected with: Trojan.Downloader.Matcash.D

C:\WINDOWS\system32\svchosts.exe


Disinfection failed

C:\WINDOWS\system32\svchosts.exe


Deleted

C:\WINDOWS\system32\unsvchosts.exe


Infected with: Trojan.Small.MF

C:\WINDOWS\system32\unsvchosts.exe


Disinfection failed

C:\WINDOWS\system32\unsvchosts.exe


Deleted

C:\WINDOWS\uninstall_nmon.vbs


Infected with: Trojan.Small.WY

C:\WINDOWS\uninstall_nmon.vbs


Disinfection failed

C:\WINDOWS\uninstall_nmon.vbs


Deleted

C:\WINDOWS\wr.exe=>(RAR Sfx o)=>wr-1-32.exe


Infected with: Trojan.Downloader.Agent.YGD

C:\WINDOWS\wr.exe=>(RAR Sfx o)=>wr-1-32.exe


Disinfection failed

C:\WINDOWS\wr.exe=>(RAR Sfx o)=>wr-1-32.exe


Deleted

C:\WINDOWS\wr.exe=>(RAR Sfx o)


Update failed

D:\stup9x.exe


Infected with: Trojan.VBS.Small.A

D:\stup9x.exe


Disinfection failed

D:\stup9x.exe


Deleted

D:\install.exe


Infected with: Trojan.Downloader.Agent.AZI

D:\install.exe


Disinfection failed

D:\install.exe


Deleted

D:\shared.exe


Infected with: Backdoor.Genlot.KI

D:\shared.exe


Disinfection failed

D:\shared.exe


Deleted

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:43 AM

Posted 05 July 2007 - 05:10 PM

Hi jab416171,


Post the AVG antispware log after you run it in the Safe Mode.
It will remove some of the malware on this computer.


As I said previously, it's rather difficult to get a HJT log.
I have to double-click on the icon, click "Scan", and then move the .log file to my laptop before it gets cleared.


Most probably you are dealing with malware which targets HijackThis.

Please navigate to your HijackThis folder. Rename your hijackthis.exe to analyze.exe

Reboot.

Then doubleclick analyze.exe and post the log from it in your next reply (along with the AVG antispyware log) as well (this will be a HijackThis log of course).

Edited by SifuMike, 05 July 2007 - 05:13 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 05 July 2007 - 05:15 PM

SifuMike,

It's running on another computer in safemode. It's been going for 8 minutes.
I'll post that and the HJT log when they're done.
As I mentioned, MSConfig and RegEdit both close immediately after closing.
And JW, what are all of those "hosts" in my HJT log? They're all "O1".
AVG is now on 11 minutes and 11 infected items, and it's scanned 203,000.
10 of the items are cookies, and one is "Adware.PurityScan". I'll post the log when it's done.
Thanks again for your help.

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:43 AM

Posted 05 July 2007 - 05:19 PM

And JW, what are all of those "hosts" in my HJT log? They're all "O1".


You have (or had) a virus that was blocking all the almost all of the antivirus sites. A very common practice with nasty viruses. :thumbsup:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 05 July 2007 - 05:23 PM

oh, that is nasty.
I'm not wasting your time with replies, am I?
I can wait until AVG is done.
But if you're only working on my problem, and someone else isn't waiting for someone, then it's keeping me busy until it's done.
My relative said that I have a 'root kit', which is what's causing MSConfig and RegEdit to close.
Is this possible or definate?
He also said that root kits are very hard to eliminate, because you can't just delete it. It encrypts itself into essential system files, so if you delete it, your computer becomes inoperable. Thus it has to be cleaned.

#12 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 05 July 2007 - 07:25 PM

After the AVG scan, the "Generate Report" button was disabled.
I couldn't generate a report, but everything it found was quarantined or deleted.
26 items, I believe.
Here's the HJT report.

EDIT: Oh, and renaming HJT didn't do anything.

================================

Logfile of HijackThis v1.99.1
Scan saved at 8:24:56 PM, on 7/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\zpwfnt\csrss.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WinTouch\WinTouch.exe
C:\WINDOWS\rayiou.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Azeroth Advisor Uploader\AzerothAdvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Wowhead Client\Wowhead_Client.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Owner\Desktop\analyze\analyze.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bots.acclaim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.100:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\zpwfnt\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\zpwfnt\csrss.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {346D6AFB-D23E-ABE9-1E67-F98DBD2283ED} - C:\WINDOWS\system32\gde.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [SfKg6w] C:\WINDOWS\rayiou.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Azeroth Advisor Uploader] C:\Program Files\Azeroth Advisor Uploader\AzerothAdvisor.exe SILENT
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\SMBOLS~1\winspool.exe" -vt ndrv
O4 - Startup: csrss.lnk = ?
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: Wowhead Client.lnk = C:\Program Files\Wowhead Client\Wowhead_Client.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/...ploader_v10.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Edited by jab416171, 05 July 2007 - 07:28 PM.


#13 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:43 AM

Posted 05 July 2007 - 10:55 PM

Hi jab4163171,

You have quite a colleciton of malware on this computer. Looks like the virus reloaded the Hosts file with antivirus sites again.

Download CCleaner and install it. (default location is best). Do not run it yet!

CCleaner Tutorial

*******************************************

Select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

F3 - REG:win.ini: load=C:\WINDOWS\system32\zpwfnt\csrss.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\zpwfnt\csrss.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: (no name) - {346D6AFB-D23E-ABE9-1E67-F98DBD2283ED} - C:\WINDOWS\system32\gde.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SfKg6w] C:\WINDOWS\rayiou.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe



*******************************************


Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\zpwfnt\csrss.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\WINDOWS\rayiou.exe
    C:\Program Files\WinPop\winpop.exe


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste the report on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


*******************************************

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups.

Let's empty the temp files:

Run CCleaner.

CAUTION: Please do NOT use the Issues button. This is a built-in registry cleaner. If you don't know how to use it, you may cause irreparable damage to your system.

1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.


2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
Clean all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section.
Clean all entries in the "System" section.
Clean all entries in the "Advanced" section.
Clean any others that you choose.

In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section.
Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

If it asks you to reboot at the end, click NO.

CCleaner should be run with the above settings for each User Account!

*******************************************


Reboot to the Normal Mode

You have some suspicious files we need to check.

You will need to configure Windows to show Hidden files.

Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\PROGRA~1\SMBOLS~1\winspool.exe

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.

Perform the same for next files:

C:\Program Files\WinTouch\WinTouch.exe


Once scanned, copy and paste the results also in your next reply.

I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to reply.
You can copy/paste the results of scan results here.

*******************************************

Open up the HostsXpert program.

* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program


Post the OTMoveit log, the VirusTotal scans results, and a fresh Hijackthis log.

Edited by SifuMike, 05 July 2007 - 11:00 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#14 jab416171

jab416171
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:43 PM

Posted 06 July 2007 - 03:10 PM

It's impossible to bring up this post on my computer.
Therefore, I have to do everything manually.
The directory C:\PROGRA~1\SMBOLS~1\winspool.exe doesn't exist, so I couldn't upload it to "VirusTotal."
====================================================
OTMoveIt:

This is the 2nd time:
First time required a reboot.

[OTMoveIt log]

File/Folder C:\WINDOWS\system32\zpwfnt\csrss.exe not found.
File/Folder C:\WINDOWS\ALCXMNTR.EXE not found.
File/Folder C:\WINDOWS\rayiou.exe not found.
File/Folder C:\Program Files\WinPop\winpop.exe not found.

Created on 07/06/2007 15:53:18
====================================================
I know you didn't ask for it, but this is the CCleaner log.

CLEANING COMPLETE - (15.345 secs)
------------------------------------------------------------------------------------------
270.6MB removed.
Secure file deletion enabled - NSA (7 passes)
------------------------------------------------------------------------------------------

Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (22 files) 0.25MB
C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\desktop.ini 145 bytes
Marked for deletion: C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\HP_Owner\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\index.dat
Marked for deletion: C:\Documents and Settings\HP_Owner\Local Settings\History\History.IE5\mshist012007070620070707\index.dat
C:\WINDOWS\TEMP\WGAErrLog.txt 255 bytes
C:\WINDOWS\TEMP\WGANotify.settings 409 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\1FI20pEH.x2p 10.50KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\1GnjKhFx.kHa 15.94KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\6uR7hqAW.wjI 6.36KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adrm\index.dat 449 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adrm\TA4D.tmp 232 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adrm\TA4F.tmp 36 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adrm\TA50.tmp 7.64KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adrm\TA56.tmp 2.19KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\browserview-18f9588.htm 145 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\browserview-190c8f0.htm 145 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\browserview-190ce48.htm 145 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\browserview-f32e20.htm 145 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\browserview-f6a988.htm 145 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\browserview-f6bf48.htm 145 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\browserview-f7d92c.htm 3.26KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\clipboardcache 3.10MB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\java_install_reg.log 208 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\jusched.log 692 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\NDr18D1.tmp.html 21 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\NDrA66.tmp.html 21 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\NDrA68.tmp.html 531 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\NDrA70.tmp.html 21 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\NDrB89.tmp.html 21 bytes
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\OR5yd7ON.jUr 7.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DF13FA.tmp 16.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DF21A.tmp 16.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DF427A.tmp 16.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DF60D5.tmp 16.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DF6207.tmp 16.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DF8093.tmp 16.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DF8DEB.tmp 16.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DFAB42.tmp 16.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DFD24D.tmp 16.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DFE8CF.tmp 16.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DFED3B.tmp 16.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DFF129.tmp 16.00KB
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\~DFF506.tmp 16.00KB
C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe 0.16MB
C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.inf 4.27KB
C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.txt 402 bytes
C:\WINDOWS\$NtUninstallKB873339$\hypertrm.dll 0.33MB
C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe 0.16MB
C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.inf 5.78KB
C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.txt 91 bytes
C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe 0.16MB
C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.inf 3.83KB
C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.txt 0 bytes
C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe 0.16MB
C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.inf 6.51KB
C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.txt 0 bytes
C:\WINDOWS\$NtUninstallKB885836$\mswrd6.wpc 0.18MB
C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe 0.16MB
C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.inf 6.67KB
C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.txt 107 bytes
C:\WINDOWS\$NtUninstallKB886185$\ipnat.sys 0.13MB
C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe 0.16MB
C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.inf 4.88KB
C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.txt 187 bytes
C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe 1.59MB
C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe 0.16MB
C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.inf 5.70KB
C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.txt 94 bytes
C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe 0.16MB
C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.inf 5.05KB
C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.txt 183 bytes
C:\WINDOWS\$NtUninstallKB888302$\srvsvc.dll 94.50KB
C:\WINDOWS\$NtUninstallKB890859$\authz.dll 55.50KB
C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe 1.96MB
C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe 2.08MB
C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.inf 6.73KB
C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.txt 1.08KB
C:\WINDOWS\$NtUninstallKB890859$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB890859$\user32.dll 0.55MB
C:\WINDOWS\$NtUninstallKB890859$\win32k.sys 1.75MB
C:\WINDOWS\$NtUninstallKB890859$\winsrv.dll 0.28MB
C:\WINDOWS\$NtUninstallKB891781$\dhtmled.ocx 0.12MB
C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe 0.16MB
C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.inf 5.82KB
C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.txt 222 bytes
C:\WINDOWS\$NtUninstallKB893756$\remotesp.tsp 75.00KB
C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.inf 6.88KB
C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.txt 378 bytes
C:\WINDOWS\$NtUninstallKB893756$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB893756$\tapisrv.dll 0.23MB
C:\WINDOWS\$NtUninstallKB894391$\ole32.dll 1.22MB
C:\WINDOWS\$NtUninstallKB894391$\olecli32.dll 67.00KB
C:\WINDOWS\$NtUninstallKB894391$\olecnv32.dll 33.50KB
C:\WINDOWS\$NtUninstallKB894391$\rpcss.dll 0.38MB
C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.inf 5.76KB
C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.txt 740 bytes
C:\WINDOWS\$NtUninstallKB894391$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB896358$\hh.exe 10.50KB
C:\WINDOWS\$NtUninstallKB896358$\hhctrl.ocx 0.50MB
C:\WINDOWS\$NtUninstallKB896358$\hhsetup.dll 38.00KB
C:\WINDOWS\$NtUninstallKB896358$\itircl.dll 0.14MB
C:\WINDOWS\$NtUninstallKB896358$\itss.dll 0.13MB
C:\WINDOWS\$NtUninstallKB896358$\reg00001 8.00KB
C:\WINDOWS\$NtUninstallKB896358$\reg00002 8.00KB
C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.inf 7.71KB
C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.txt 886 bytes
C:\WINDOWS\$NtUninstallKB896358$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe 56.50KB
C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.inf 6.40KB
C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.txt 187 bytes
C:\WINDOWS\$NtUninstallKB896423$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.inf 6.84KB
C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.txt 183 bytes
C:\WINDOWS\$NtUninstallKB896424$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB896424$\win32k.sys 1.75MB
C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.inf 4.74KB
C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.txt 183 bytes
C:\WINDOWS\$NtUninstallKB896428$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB896428$\telnet.exe 73.50KB
C:\WINDOWS\$NtUninstallKB898458$\orun32.exe 1.03MB
C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.inf 5.68KB
C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.txt 97 bytes
C:\WINDOWS\$NtUninstallKB898458$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.inf 5.84KB
C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.txt 463 bytes
C:\WINDOWS\$NtUninstallKB898461$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB899587$\kerberos.dll 0.28MB
C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.inf 7.28KB
C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.txt 191 bytes
C:\WINDOWS\$NtUninstallKB899587$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB899591$\rdpwd.sys 0.13MB
C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.inf 6.75KB
C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.txt 187 bytes
C:\WINDOWS\$NtUninstallKB899591$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB900485$\aec.sys 0.14MB
C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.inf 6.82KB
C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.txt 308 bytes
C:\WINDOWS\$NtUninstallKB900485$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB900725$\linkinfo.dll 18.50KB
C:\WINDOWS\$NtUninstallKB900725$\shlwapi.dll 0.45MB
C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.inf 6.13KB
C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.txt 565 bytes
C:\WINDOWS\$NtUninstallKB900725$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB900725$\winsrv.dll 0.28MB
C:\WINDOWS\$NtUninstallKB900725$\winsrv.dll.000 0.28MB
C:\WINDOWS\$NtUninstallKB901017$\cdosys.dll 1.97MB
C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.inf 6.86KB
C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.txt 183 bytes
C:\WINDOWS\$NtUninstallKB901017$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB901214$\icm32.dll 0.24MB
C:\WINDOWS\$NtUninstallKB901214$\mscms.dll 72.00KB
C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.inf 5.75KB
C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.txt 358 bytes
C:\WINDOWS\$NtUninstallKB901214$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB902400$\catsrv.dll 0.22MB
C:\WINDOWS\$NtUninstallKB902400$\catsrvut.dll 0.60MB
C:\WINDOWS\$NtUninstallKB902400$\clbcatex.dll 0.10MB
C:\WINDOWS\$NtUninstallKB902400$\clbcatq.dll 0.48MB
C:\WINDOWS\$NtUninstallKB902400$\colbact.dll 61.00KB
C:\WINDOWS\$NtUninstallKB902400$\comadmin.dll 0.19MB
C:\WINDOWS\$NtUninstallKB902400$\comrepl.dll 80.50KB
C:\WINDOWS\$NtUninstallKB902400$\comsvcs.dll 1.19MB
C:\WINDOWS\$NtUninstallKB902400$\comuid.dll 0.52MB
C:\WINDOWS\$NtUninstallKB902400$\es.dll 0.23MB
C:\WINDOWS\$NtUninstallKB902400$\migregdb.exe 7.50KB
C:\WINDOWS\$NtUninstallKB902400$\ole32.dll 1.23MB
C:\WINDOWS\$NtUninstallKB902400$\ole32.dll.000 1.23MB
C:\WINDOWS\$NtUninstallKB902400$\olecli32.dll 73.00KB
C:\WINDOWS\$NtUninstallKB902400$\olecli32.dll.000 73.00KB
C:\WINDOWS\$NtUninstallKB902400$\olecnv32.dll 37.00KB
C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll 0.38MB
C:\WINDOWS\$NtUninstallKB902400$\rpcss.dll.000 0.38MB
C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.inf 11.09KB
C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.txt 2.83KB
C:\WINDOWS\$NtUninstallKB902400$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB902400$\txflog.dll 99.00KB
C:\WINDOWS\$NtUninstallKB904706$\quartz.dll 1.23MB
C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.inf 5.33KB
C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.txt 360 bytes
C:\WINDOWS\$NtUninstallKB904706$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.inf 8.89KB
C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.txt 365 bytes
C:\WINDOWS\$NtUninstallKB904942$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB904942$\wdigest.dll 48.00KB
C:\WINDOWS\$NtUninstallKB905414$\netman.dll 0.19MB
C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.inf 5.55KB
C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.txt 183 bytes
C:\WINDOWS\$NtUninstallKB905414$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.inf 4.84KB
C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.txt 191 bytes
C:\WINDOWS\$NtUninstallKB905749$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB905749$\umpnpmgr.dll 0.11MB
C:\WINDOWS\$NtUninstallKB908519$\fontsub.dll 77.50KB
C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.inf 5.41KB
C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.txt 608 bytes
C:\WINDOWS\$NtUninstallKB908519$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB908519$\t2embed.dll 0.20MB
C:\WINDOWS\$NtUninstallKB908531$\shell32.dll 8.00MB
C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.inf 6.54KB
C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.txt 520 bytes
C:\WINDOWS\$NtUninstallKB908531$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB910437$\esent.dll 1.03MB
C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.inf 6.47KB
C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.txt 355 bytes
C:\WINDOWS\$NtUninstallKB910437$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB911280$\rasmans.dll 0.17MB
C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.inf 6.88KB
C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.txt 365 bytes
C:\WINDOWS\$NtUninstallKB911280$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB911562$\msadco.dll 0.14MB
C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.inf 6.98KB
C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.txt 383 bytes
C:\WINDOWS\$NtUninstallKB911562$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB911564$\npdsplay.dll 0.35MB
C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.inf 6.37KB
C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.txt 331 bytes
C:\WINDOWS\$NtUninstallKB911564$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.inf 7.31KB
C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.txt 365 bytes
C:\WINDOWS\$NtUninstallKB911927$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB911927$\webclnt.dll 66.00KB
C:\WINDOWS\$NtUninstallKB912919$\gdi32.dll 0.27MB
C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.inf 5.48KB
C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.txt 355 bytes
C:\WINDOWS\$NtUninstallKB912919$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB913580$\msdtcprx.dll 0.41MB
C:\WINDOWS\$NtUninstallKB913580$\msdtctm.dll 0.91MB
C:\WINDOWS\$NtUninstallKB913580$\msdtcuiu.dll 0.15MB
C:\WINDOWS\$NtUninstallKB913580$\mtxclu.dll 65.00KB
C:\WINDOWS\$NtUninstallKB913580$\mtxoci.dll 88.00KB
C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.inf 6.81KB
C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.txt 1.54KB
C:\WINDOWS\$NtUninstallKB913580$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB913580$\xolehlp.dll 11.50KB
C:\WINDOWS\$NtUninstallKB914388$\dhcpcsvc.dll 0.11MB
C:\WINDOWS\$NtUninstallKB914388$\iphlpapi.dll 92.50KB
C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.inf 6.66KB
C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.txt 673 bytes
C:\WINDOWS\$NtUninstallKB914388$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys 0.43MB
C:\WINDOWS\$NtUninstallKB914389$\rdbss.sys 0.17MB
C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.inf 5.80KB
C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.txt 609 bytes
C:\WINDOWS\$NtUninstallKB914389$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB914440$\custsat.dll 28.00KB
C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.inf 9.49KB
C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.txt 374 bytes
C:\WINDOWS\$NtUninstallKB914440$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.inf 8.63KB
C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.txt 218 bytes
C:\WINDOWS\$NtUninstallKB915865$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB916595$\http.sys 0.25MB
C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.inf 5.39KB
C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.txt 312 bytes
C:\WINDOWS\$NtUninstallKB916595$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB917344$\jscript.dll 0.43MB
C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.inf 6.02KB
C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.txt 365 bytes
C:\WINDOWS\$NtUninstallKB917344$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB917422$\kernel32.dll 0.94MB
C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.inf 5.80KB
C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.txt 370 bytes
C:\WINDOWS\$NtUninstallKB917422$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.inf 7.32KB
C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.txt 313 bytes
C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB917734_WMP9$\wmp.dll 4.65MB
C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.inf 6.32KB
C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.txt 363 bytes
C:\WINDOWS\$NtUninstallKB917953$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys 0.34MB
C:\WINDOWS\$NtUninstallKB918118$\msftedit.dll 0.51MB
C:\WINDOWS\$NtUninstallKB918118$\riched20.dll 0.41MB
C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.inf 8.46KB
C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.txt 618 bytes
C:\WINDOWS\$NtUninstallKB918118$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB918439$\jgdw400.dll 0.14MB
C:\WINDOWS\$NtUninstallKB918439$\jgpl400.dll 41.50KB
C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.inf 6.50KB
C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.txt 510 bytes
C:\WINDOWS\$NtUninstallKB918439$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB919007$\rmcast.sys 0.19MB
C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.inf 6.16KB
C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.txt 368 bytes
C:\WINDOWS\$NtUninstallKB919007$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB920213$\agentdp2.dll 41.00KB
C:\WINDOWS\$NtUninstallKB920213$\agentdpv.dll 57.50KB
C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe 0.24MB
C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.inf 6.52KB
C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.txt 961 bytes
C:\WINDOWS\$NtUninstallKB920213$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB920670$\hlink.dll 76.03KB
C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.inf 6.29KB
C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.txt 355 bytes
C:\WINDOWS\$NtUninstallKB920670$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB920683$\dnsapi.dll 0.14MB
C:\WINDOWS\$NtUninstallKB920683$\rasadhlp.dll 8.00KB
C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.inf 5.36KB
C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.txt 608 bytes
C:\WINDOWS\$NtUninstallKB920683$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB920685$\ciodm.dll 67.50KB
C:\WINDOWS\$NtUninstallKB920685$\query.dll 1.37MB
C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.inf 7.37KB
C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.txt 588 bytes
C:\WINDOWS\$NtUninstallKB920685$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB920872$\kmixer.sys 0.16MB
C:\WINDOWS\$NtUninstallKB920872$\splitter.sys 6.25KB
C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.inf 7.27KB
C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.txt 870 bytes
C:\WINDOWS\$NtUninstallKB920872$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB920872$\wdmaud.sys 81.00KB
C:\WINDOWS\$NtUninstallKB921398$\shell32.dll 8.06MB
C:\WINDOWS\$NtUninstallKB921398$\shell32.dll.000 8.06MB
C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.inf 7.71KB
C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.txt 426 bytes
C:\WINDOWS\$NtUninstallKB921398$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB922582$\fltlib.dll 16.50KB
C:\WINDOWS\$NtUninstallKB922582$\fltmc.exe 22.00KB
C:\WINDOWS\$NtUninstallKB922582$\fltmgr.sys 0.12MB
C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.inf 6.56KB
C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.txt 839 bytes
C:\WINDOWS\$NtUninstallKB922582$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB922616$\hhctrl.ocx 0.52MB
C:\WINDOWS\$NtUninstallKB922616$\reg00001 8.00KB
C:\WINDOWS\$NtUninstallKB922616$\reg00002 8.00KB
C:\WINDOWS\$NtUninstallKB922616$\reg00003 8.00KB
C:\WINDOWS\$NtUninstallKB922616$\reg00004 8.00KB
C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.inf 7.54KB
C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.txt 360 bytes
C:\WINDOWS\$NtUninstallKB922616$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB922819$\6to4svc.dll 98.00KB
C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.inf 8.10KB
C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.txt 611 bytes
C:\WINDOWS\$NtUninstallKB922819$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB922819$\tcpip6.sys 0.21MB
C:\WINDOWS\$NtUninstallKB923191$\comctl32.dll 0.58MB
C:\WINDOWS\$NtUninstallKB923191$\spuninst\KB923191.asms 620 bytes
C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.inf 5.54KB
C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.txt 313 bytes
C:\WINDOWS\$NtUninstallKB923191$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.inf 7.49KB
C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.txt 353 bytes
C:\WINDOWS\$NtUninstallKB923414$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB923414$\srv.sys 0.32MB
C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.inf 6.09KB
C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.txt 309 bytes
C:\WINDOWS\$NtUninstallKB923689$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB923689$\wmvcore.dll 2.01MB
C:\WINDOWS\$NtUninstallKB923694$\directdb.dll 79.50KB
C:\WINDOWS\$NtUninstallKB923694$\inetcomm.dll 0.65MB
C:\WINDOWS\$NtUninstallKB923694$\msoe.dll 1.25MB
C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.inf 7.12KB
C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.txt 1.34KB
C:\WINDOWS\$NtUninstallKB923694$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB923694$\wab32.dll 0.48MB
C:\WINDOWS\$NtUninstallKB923694$\wabimp.dll 83.00KB
C:\WINDOWS\$NtUninstallKB923723$\orun32.exe 1.03MB
C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.inf 7.73KB
C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.txt 219 bytes
C:\WINDOWS\$NtUninstallKB923723$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll 0.14MB
C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.inf 7.26KB
C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.txt 534 bytes
C:\WINDOWS\$NtUninstallKB923980$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB924191$\msxml3.dll 1.18MB
C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.inf 8.78KB
C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.txt 360 bytes
C:\WINDOWS\$NtUninstallKB924191$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB924270$\lsasrv.dll 0.69MB
C:\WINDOWS\$NtUninstallKB924270$\netapi32.dll 0.32MB
C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.inf 7.55KB
C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.txt 846 bytes
C:\WINDOWS\$NtUninstallKB924270$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB924270$\wkssvc.dll 0.13MB
C:\WINDOWS\$NtUninstallKB924496$\reg00002 8.00KB
C:\WINDOWS\$NtUninstallKB924496$\reg00003 8.00KB
C:\WINDOWS\$NtUninstallKB924496$\reg00005 8.00KB
C:\WINDOWS\$NtUninstallKB924496$\reg00006 8.00KB
C:\WINDOWS\$NtUninstallKB924496$\shdocvw.dll 1.41MB
C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.inf 7.05KB
C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.txt 365 bytes
C:\WINDOWS\$NtUninstallKB924496$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB924667$\mfc40u.dll 0.88MB
C:\WINDOWS\$NtUninstallKB924667$\mfc42u.dll 0.98MB
C:\WINDOWS\$NtUninstallKB924667$\spuninst\KB924667.asms 672 bytes
C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.inf 8.22KB
C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.txt 488 bytes
C:\WINDOWS\$NtUninstallKB924667$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB925398_WMP64$\dxmasf.dll 0.48MB
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.inf 7.36KB
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.txt 528 bytes
C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB925398_WMP64$\strmdll.dll 0.23MB
C:\WINDOWS\$NtUninstallKB925454$\browseui.dll 0.97MB
C:\WINDOWS\$NtUninstallKB925454$\cdfview.dll 0.14MB
C:\WINDOWS\$NtUninstallKB925454$\danim.dll 1.00MB
C:\WINDOWS\$NtUninstallKB925454$\dxtmsft.dll 0.34MB
C:\WINDOWS\$NtUninstallKB925454$\dxtrans.dll 0.19MB
C:\WINDOWS\$NtUninstallKB925454$\extmgr.dll 54.50KB
C:\WINDOWS\$NtUninstallKB925454$\iedw.exe 18.00KB
C:\WINDOWS\$NtUninstallKB925454$\iepeers.dll 0.24MB
C:\WINDOWS\$NtUninstallKB925454$\inseng.dll 94.00KB
C:\WINDOWS\$NtUninstallKB925454$\jsproxy.dll 15.50KB
C:\WINDOWS\$NtUninstallKB925454$\mshtml.dll 2.86MB
C:\WINDOWS\$NtUninstallKB925454$\mshtmled.dll 0.43MB
C:\WINDOWS\$NtUninstallKB925454$\msrating.dll 0.14MB
C:\WINDOWS\$NtUninstallKB925454$\mstime.dll 0.51MB
C:\WINDOWS\$NtUninstallKB925454$\plugin.ocx 67.00KB
C:\WINDOWS\$NtUninstallKB925454$\plugin.ocx.000 67.00KB
C:\WINDOWS\$NtUninstallKB925454$\pngfilt.dll 38.50KB
C:\WINDOWS\$NtUninstallKB925454$\reg00002 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00003 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00004 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00005 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00006 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00007 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00010 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00011 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00012 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00013 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00014 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00015 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00016 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00017 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00018 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00019 8.00KB
C:\WINDOWS\$NtUninstallKB925454$\reg00022 32.00KB
C:\WINDOWS\$NtUninstallKB925454$\shdocvw.dll 1.42MB
C:\WINDOWS\$NtUninstallKB925454$\shdocvw.dll.000 1.42MB
C:\WINDOWS\$NtUninstallKB925454$\shlwapi.dll 0.45MB
C:\WINDOWS\$NtUninstallKB925454$\shlwapi.dll.000 0.45MB
C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.inf 16.24KB
C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.txt 4.94KB
C:\WINDOWS\$NtUninstallKB925454$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB925454$\urlmon.dll 0.57MB
C:\WINDOWS\$NtUninstallKB925454$\wininet.dll 0.63MB
C:\WINDOWS\$NtUninstallKB925454$\xpsp3res.dll 0.11MB
C:\WINDOWS\$NtUninstallKB925902$\gdi32.dll 0.27MB
C:\WINDOWS\$NtUninstallKB925902$\mf3216.dll 39.00KB
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.inf 10.02KB
C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.txt 1.04KB
C:\WINDOWS\$NtUninstallKB925902$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB925902$\user32.dll 0.55MB
C:\WINDOWS\$NtUninstallKB925902$\win32k.sys 1.75MB
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.inf 5.67KB
C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.txt 345 bytes
C:\WINDOWS\$NtUninstallKB926255$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB926255$\sxs.dll 0.68MB
C:\WINDOWS\$NtUninstallKB926436$\oledlg.dll 0.11MB
C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.inf 8.17KB
C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.txt 360 bytes
C:\WINDOWS\$NtUninstallKB926436$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB927779$\msado15.dll 0.51MB
C:\WINDOWS\$NtUninstallKB927779$\msadomd.dll 0.17MB
C:\WINDOWS\$NtUninstallKB927779$\msadox.dll 0.19MB
C:\WINDOWS\$NtUninstallKB927779$\msjro.dll 100.00KB
C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.inf 9.71KB
C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.txt 1.14KB
C:\WINDOWS\$NtUninstallKB927779$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.inf 8.54KB
C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.txt 370 bytes
C:\WINDOWS\$NtUninstallKB927802$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB927802$\wiaservc.dll 0.32MB
C:\WINDOWS\$NtUninstallKB927891$\msi.dll 2.76MB
C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.inf 9.45KB
C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.txt 347 bytes
C:\WINDOWS\$NtUninstallKB927891$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB928090$\browseui.dll 0.98MB
C:\WINDOWS\$NtUninstallKB928090$\cdfview.dll 0.14MB
C:\WINDOWS\$NtUninstallKB928090$\danim.dll 1.01MB
C:\WINDOWS\$NtUninstallKB928090$\dxtmsft.dll 0.34MB
C:\WINDOWS\$NtUninstallKB928090$\dxtrans.dll 0.20MB
C:\WINDOWS\$NtUninstallKB928090$\extmgr.dll 54.50KB
C:\WINDOWS\$NtUninstallKB928090$\iedw.exe 18.00KB
C:\WINDOWS\$NtUninstallKB928090$\iepeers.dll 0.24MB
C:\WINDOWS\$NtUninstallKB928090$\inseng.dll 94.00KB
C:\WINDOWS\$NtUninstallKB928090$\jsproxy.dll 16.00KB
C:\WINDOWS\$NtUninstallKB928090$\kb928090.cat 24.12KB
C:\WINDOWS\$NtUninstallKB928090$\mshtml.dll 2.92MB
C:\WINDOWS\$NtUninstallKB928090$\mshtmled.dll 0.43MB
C:\WINDOWS\$NtUninstallKB928090$\msrating.dll 0.14MB
C:\WINDOWS\$NtUninstallKB928090$\mstime.dll 0.51MB
C:\WINDOWS\$NtUninstallKB928090$\pngfilt.dll 38.50KB
C:\WINDOWS\$NtUninstallKB928090$\shdocvw.dll 1.43MB
C:\WINDOWS\$NtUninstallKB928090$\shlwapi.dll 0.45MB
C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.inf 12.75KB
C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.txt 3.67KB
C:\WINDOWS\$NtUninstallKB928090$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB928090$\urlmon.dll 0.59MB
C:\WINDOWS\$NtUninstallKB928090$\wininet.dll 0.63MB
C:\WINDOWS\$NtUninstallKB928090$\xpsp3res.dll 0.11MB
C:\WINDOWS\$NtUninstallKB928090_0$\browseui.dll 0.98MB
C:\WINDOWS\$NtUninstallKB928090_0$\cdfview.dll 0.14MB
C:\WINDOWS\$NtUninstallKB928090_0$\danim.dll 1.01MB
C:\WINDOWS\$NtUninstallKB928090_0$\dxtmsft.dll 0.34MB
C:\WINDOWS\$NtUninstallKB928090_0$\dxtrans.dll 0.20MB
C:\WINDOWS\$NtUninstallKB928090_0$\extmgr.dll 54.50KB
C:\WINDOWS\$NtUninstallKB928090_0$\iedw.exe 18.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\iepeers.dll 0.24MB
C:\WINDOWS\$NtUninstallKB928090_0$\inseng.dll 94.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\jsproxy.dll 16.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\mshtml.dll 2.91MB
C:\WINDOWS\$NtUninstallKB928090_0$\mshtmled.dll 0.43MB
C:\WINDOWS\$NtUninstallKB928090_0$\msrating.dll 0.14MB
C:\WINDOWS\$NtUninstallKB928090_0$\mstime.dll 0.51MB
C:\WINDOWS\$NtUninstallKB928090_0$\pngfilt.dll 38.50KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00001 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00002 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00003 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00004 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00005 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00006 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00007 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00008 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00009 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00010 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00011 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00012 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00013 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00014 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00015 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00016 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00017 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00018 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00019 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00020 12.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00021 8.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\reg00022 76.00KB
C:\WINDOWS\$NtUninstallKB928090_0$\shdocvw.dll 1.43MB
C:\WINDOWS\$NtUninstallKB928090_0$\shlwapi.dll 0.45MB
C:\WINDOWS\$NtUninstallKB928090_0$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB928090_0$\spuninst\spuninst.inf 16.72KB
C:\WINDOWS\$NtUninstallKB928090_0$\spuninst\spuninst.txt 4.75KB
C:\WINDOWS\$NtUninstallKB928090_0$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB928090_0$\urlmon.dll 0.59MB
C:\WINDOWS\$NtUninstallKB928090_0$\wininet.dll 0.63MB
C:\WINDOWS\$NtUninstallKB928090_0$\xpsp3res.dll 0.11MB
C:\WINDOWS\$NtUninstallKB928255$\shell32.dll 8.06MB
C:\WINDOWS\$NtUninstallKB928255$\shsvcs.dll 0.13MB
C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.inf 9.86KB
C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.txt 660 bytes
C:\WINDOWS\$NtUninstallKB928255$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB928843$\hhctrl.ocx 0.52MB
C:\WINDOWS\$NtUninstallKB928843$\reg00001 8.00KB
C:\WINDOWS\$NtUninstallKB928843$\reg00002 8.00KB
C:\WINDOWS\$NtUninstallKB928843$\reg00003 8.00KB
C:\WINDOWS\$NtUninstallKB928843$\reg00004 8.00KB
C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.inf 8.38KB
C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.txt 360 bytes
C:\WINDOWS\$NtUninstallKB928843$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB929123$\directdb.dll 84.50KB
C:\WINDOWS\$NtUninstallKB929123$\inetcomm.dll 0.65MB
C:\WINDOWS\$NtUninstallKB929123$\msoe.dll 1.25MB
C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.inf 11.45KB
C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.txt 1.34KB
C:\WINDOWS\$NtUninstallKB929123$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB929123$\wab32.dll 0.49MB
C:\WINDOWS\$NtUninstallKB929123$\wabimp.dll 83.50KB
C:\WINDOWS\$NtUninstallKB929338$\ntkrnlmp.exe 2.04MB
C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe 1.96MB
C:\WINDOWS\$NtUninstallKB929338$\ntkrpamp.exe 1.92MB
C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe 2.08MB
C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.inf 10.09KB
C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.txt 1.11KB
C:\WINDOWS\$NtUninstallKB929338$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.inf 7.49KB
C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.txt 376 bytes
C:\WINDOWS\$NtUninstallKB929969$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB929969$\vgx.dll 0.81MB
C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.inf 9.02KB
C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.txt 360 bytes
C:\WINDOWS\$NtUninstallKB930178$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB930178$\winsrv.dll 0.28MB
C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys 0.55MB
C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.inf 9.29KB
C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.txt 358 bytes
C:\WINDOWS\$NtUninstallKB930916$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.inf 9.07KB
C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.txt 370 bytes
C:\WINDOWS\$NtUninstallKB931261$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB931261$\upnphost.dll 0.18MB
C:\WINDOWS\$NtUninstallKB931784$\ntkrnlmp.exe 2.04MB
C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe 1.96MB
C:\WINDOWS\$NtUninstallKB931784$\ntkrpamp.exe 1.92MB
C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe 2.08MB
C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.inf 10.59KB
C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.txt 1.30KB
C:\WINDOWS\$NtUninstallKB931784$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.inf 8.95KB
C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.txt 220 bytes
C:\WINDOWS\$NtUninstallKB931836$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB932168$\agentdpv.dll 56.00KB
C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.inf 8.94KB
C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.txt 403 bytes
C:\WINDOWS\$NtUninstallKB932168$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB932168$\xpsp3res.dll 0.24MB
C:\WINDOWS\$NtUninstallKB935839$\kernel32.dll 0.94MB
C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.inf 9.64KB
C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.txt 370 bytes
C:\WINDOWS\$NtUninstallKB935839$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$NtUninstallKB935840$\schannel.dll 0.14MB
C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.inf 9.69KB
C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.txt 370 bytes
C:\WINDOWS\$NtUninstallKB935840$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msi.dll 2.67MB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe 75.50KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msihnd.dll 0.32MB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msimsg.dll 0.84MB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msisip.dll 43.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00013 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00014 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00015 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00016 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00017 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00018 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00019 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00020 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00021 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00022 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00023 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00024 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00025 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00026 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00027 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00028 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00029 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00030 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00031 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00032 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00033 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00034 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00035 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00036 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00037 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00038 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00039 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00040 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00041 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00042 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00043 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00044 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00045 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00046 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00047 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00048 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00051 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00052 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00053 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00054 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00055 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00056 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00057 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00058 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00059 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00060 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00061 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00062 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00063 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00064 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00065 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00066 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00067 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00068 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00069 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00070 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00071 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00072 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00073 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00074 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00075 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00076 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00077 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00078 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00079 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00080 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00081 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00082 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00083 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00084 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00085 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00086 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00087 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00088 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00089 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00090 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00091 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00092 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00093 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00094 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00095 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00096 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00097 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00098 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00099 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00100 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00101 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00102 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00103 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00104 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00105 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00106 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00107 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00108 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00109 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00110 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00111 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00112 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00113 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00114 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00115 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00116 8.00KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe 0.20MB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.inf 14.24KB
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.txt 967 bytes
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll 0.35MB
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 1.27KB
C:\WINDOWS\system32\wbem\Logs\wbemess.log 47.76KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 402 bytes
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\setupapi.log 11.83KB
C:\WINDOWS\ntbtlog.txt 97.96KB
Firefox/Mozilla Temporary Internet Cache (549 files) 61.5MB
C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\profiles\zl3zy0gh.default\history.dat 391 bytes
C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\profiles\zl3zy0gh.default\downloads.rdf 206 bytes
C:\Documents and Settings\HP_Owner\Application Data\Google\Local Search History\google%2Eweb.w 174 bytes
C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6FNAQTU4\community.myride.com\kickapps\flash\media_drop.swf\time.sol 52 bytes
C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6FNAQTU4\community.myride.com\kickapps\flash\media_drop.swf\timeexp.sol 55 bytes
C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\#SharedObjects\6FNAQTU4\www.youtube.com\soundData.sol 58 bytes
C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#community.myride.com\settings.sol 90 bytes
C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 bytes
C:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 405 bytes
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\53\3810bf75-35090179 761 bytes
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\53\3810bf75-35090179.idx 429 bytes
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\6.0\lastAccessed 1 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 2.09KB
------------------------------------------------------------------------------------------

====================================================
The VirusTotal scan results:

Complete scanning result of "WinTouch.exe", received in VirusTotal at 07.06.2007, 21:59:12 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.7.7.0 07.06.2007 no virus found
AntiVir 7.4.0.39 07.06.2007 no virus found
Authentium 4.93.8 07.06.2007 no virus found
Avast 4.7.997.0 07.06.2007 no virus found
AVG 7.5.0.476 07.06.2007 no virus found
BitDefender 7.2 07.06.2007 no virus found
CAT-QuickHeal 9.00 07.06.2007 no virus found
ClamAV devel-20070416 07.06.2007 no virus found
DrWeb 4.33 07.06.2007 no virus found
eSafe 7.0.15.0 07.06.2007 suspicious Trojan/Worm
eTrust-Vet 30.8.3767 07.06.2007 no virus found
Ewido 4.0 07.06.2007 no virus found
FileAdvisor 1 07.06.2007 no virus found
Fortinet 2.91.0.0 07.06.2007 no virus found
F-Prot 4.3.2.48 07.06.2007 no virus found
F-Secure 6.70.13260.0 07.06.2007 no virus found
Ikarus T3.1.1.8 07.06.2007 no virus found
Kaspersky 4.0.2.24 07.06.2007 no virus found
McAfee 5069 07.06.2007 no virus found
Microsoft 1.2704 07.06.2007 no virus found
NOD32v2 2383 07.06.2007 no virus found
Norman 5.80.02 07.06.2007 no virus found
Panda 9.0.0.4 07.06.2007 Suspicious file
Sophos 4.19.0 07.06.2007 no virus found
Sunbelt 2.2.907.0 07.06.2007 Trojan-Downloader.Matcash
Symantec 10 07.06.2007 no virus found
TheHacker 6.1.6.143 07.05.2007 no virus found
VBA32 3.12.0.2 07.06.2007 no virus found
VirusBuster 4.3.23:9 07.06.2007 no virus found
Webwasher-Gateway 6.0.1 07.06.2007 no virus found

Aditional Information
File size: 147968 bytes
MD5: c3218d3f71bd62780dc44f54f22cc78d
SHA1: e1112fc3746c480ebcd2dd0e0f29ef051568a5e6
packers: UPX
packers: UPX
packers: UPX

====================================================

And the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:09:14 PM, on 7/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WinTouch\WinTouch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Common Files\{EC275333-0897-1033-0606-050411190001}\Update.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Azeroth Advisor Uploader\AzerothAdvisor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Wowhead Client\Wowhead_Client.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\HP_Owner\Desktop\analyze.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bots.acclaim.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.100:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Ad Muncher] C:\Program Files\Ad Muncher\AdMunch.exe /bt
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Azeroth Advisor Uploader] C:\Program Files\Azeroth Advisor Uploader\AzerothAdvisor.exe SILENT
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\SMBOLS~1\winspool.exe" -vt ndrv
O4 - Startup: csrss.lnk = ?
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: Wowhead Client.lnk = C:\Program Files\Wowhead Client\Wowhead_Client.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_i...d=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_i...id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_i...menu_ie_exclude
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_i...=menu_ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/sis/...ploader_v10.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:11:43 AM

Posted 06 July 2007 - 03:52 PM

It's impossible to bring up this post on my computer.
Therefore, I have to do everything manually.


Why? What seems to be the problem?

I know you didn't ask for it, but this is the CCleaner log.

Please dont post logs I do not ask for. These logs are long enough as it is.


Before we start, you need to realize that you are missing one important program on that computer: An antivirus program. :thumbsup:

This is somewhat suicidal in today's digital world.

You need to install an antivirus program as soon as you can and run a complete scan of the computer.

I recommend you download the free

Avast or
AntiVir or
AVG antivirus

Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.

Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!




Select the following with HijackThis.
With all windows (including this one!) closed (close browser/explorer windows), please select "fix."

O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\SMBOLS~1\winspool.exe" -vt ndrv
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - Startup: csrss.lnk


Next, we're going on a file hunt.
Go to My Computer and double-click C.
Go to the Tools menu and select 'Folder Options'.
On the 'View' tab select 'show hidden files and folders',
deselect (uncheck) 'hide protected operating system files (recommended)', and
deselect (uncheck) "Hide extensions for known file types.'


Using Windows Explorer, delete the following files/folders in bold (Do not be concerned if they do not exist)
C:\PROGRA~1\SMBOLS~1\winspool.exe <==file
C:\Program Files\WinTouch\WinTouch.exe <==file

Reboot your computer.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you.
Post the ComboFix log and a fresh Hijackthis log in your next reply.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
If you have Norton Antivirus installed then disable script blocking so it will not interfere with the fix.

Edited by SifuMike, 06 July 2007 - 04:04 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users