14luvmusic
-
Posts
97 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by 14luvmusic
-
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
c:\winnt\system32\sstext3dSrv.exe AhnLab-V3 2010.11.20.00 2010.11.19 Win-Trojan/Krap.47104.DE AntiVir 7.10.14.55 2010.11.19 TR/Dropper.Gen Antiy-AVL 2.0.3.7 2010.11.20 Packed/Win32.Krap.gen Avast 4.8.1351.0 2010.11.20 Win32:Rootkit-gen Avast5 5.0.594.0 2010.11.20 Win32:Rootkit-gen AVG 9.0.0.851 2010.11.20 SHeur3.AMRA BitDefender 7.2 2010.11.20 Backdoor.Generic.504880 CAT-QuickHeal 11.00 2010.11.09 - ClamAV 0.96.4.0 2010.11.20 Trojan.Small-8978 Command 5.2.11.5 2010.11.20 W32/Trojan2.NAVC Comodo 6785 2010.11.20 Heur.Packed.Unknown DrWeb 5.0.2.03300 2010.11.20 - Emsisoft 5.0.0.50 2010.11.20 Packed.Win32.Krap!IK eSafe 7.0.17.0 2010.11.18 Win32.TRDropper eTrust-Vet 36.1.7989 2010.11.20 Win32/Zbot.M!generic F-Prot 4.6.2.117 2010.11.19 W32/Trojan2.NAVC F-Secure 9.0.16160.0 2010.11.20 Packed:W32/Xorfus.A Fortinet 4.2.254.0 2010.11.20 - GData 21 2010.11.20 Backdoor.Generic.504880 Ikarus T3.1.1.90.0 2010.11.20 Packed.Win32.Krap Jiangmin 13.0.900 2010.11.20 Packed.Krap.czla K7AntiVirus 9.68.3041 2010.11.20 Trojan Kaspersky 7.0.0.125 2010.11.20 Packed.Win32.Krap.hm McAfee 5.400.0.1158 2010.11.20 Generic.dx!tfi McAfee-GW-Edition 2010.1C 2010.11.20 Generic.dx!tfi Microsoft 1.6402 2010.11.19 VirTool:Win32/Obfuscator.KH NOD32 5634 2010.11.19 a variant of Win32/Kryptik.FSD Norman 6.06.10 2010.11.20 W32/Suspicious_Gen2.BSEEU nProtect 2010-11-20.01 2010.11.20 Backdoor.Generic.504880 Panda 10.0.2.7 2010.11.20 Trj/Krap.Y PCTools 7.0.3.5 2010.11.20 Trojan.Gen Prevx 3.0 2010.11.20 Medium Risk Malware Rising 22.74.04.00 2010.11.20 Trojan.Win32.Generic.52210879 Sophos 4.59.0 2010.11.20 Mal/Zbot-U SUPERAntiSpyware 4.40.0.1006 2010.11.20 Trojan.Agent/Gen-Falleg Symantec 20101.2.0.161 2010.11.20 Trojan.Gen TheHacker 6.7.0.1.087 2010.11.20 - TrendMicro 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4 TrendMicro-HouseCall 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4 VBA32 3.12.14.2 2010.11.19 Malware-Cryptor.Win32.073 VIPRE 7362 2010.11.20 LooksLike.Win32.Malware!C (v) ViRobot 2010.11.20.4158 2010.11.20 - VirusBuster 13.6.51.0 2010.11.20 Trojan.Krap!707iKaIDjwA -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
c:\winnt\system32\mshtaSrv.exe AhnLab-V3 2010.11.20.00 2010.11.19 Win-Trojan/Krap.47104.DE AntiVir 7.10.14.55 2010.11.19 TR/Dropper.Gen Antiy-AVL 2.0.3.7 2010.11.20 Packed/Win32.Krap.gen Avast 4.8.1351.0 2010.11.20 Win32:Rootkit-gen Avast5 5.0.594.0 2010.11.20 Win32:Rootkit-gen AVG 9.0.0.851 2010.11.20 SHeur3.AMRA BitDefender 7.2 2010.11.20 Backdoor.Generic.504880 CAT-QuickHeal 11.00 2010.11.09 - ClamAV 0.96.4.0 2010.11.20 Trojan.Small-8978 Command 5.2.11.5 2010.11.20 W32/Trojan2.NAVC Comodo 6785 2010.11.20 Heur.Packed.Unknown DrWeb 5.0.2.03300 2010.11.20 - Emsisoft 5.0.0.50 2010.11.20 Packed.Win32.Krap!IK eSafe 7.0.17.0 2010.11.18 Win32.TRDropper eTrust-Vet 36.1.7989 2010.11.20 Win32/Zbot.M!generic F-Prot 4.6.2.117 2010.11.19 W32/Trojan2.NAVC F-Secure 9.0.16160.0 2010.11.20 Packed:W32/Xorfus.A Fortinet 4.2.254.0 2010.11.20 - GData 21 2010.11.20 Backdoor.Generic.504880 Ikarus T3.1.1.90.0 2010.11.20 Packed.Win32.Krap Jiangmin 13.0.900 2010.11.20 Packed.Krap.czla K7AntiVirus 9.68.3041 2010.11.20 Trojan Kaspersky 7.0.0.125 2010.11.20 Packed.Win32.Krap.hm McAfee 5.400.0.1158 2010.11.20 Generic.dx!tfi McAfee-GW-Edition 2010.1C 2010.11.20 Generic.dx!tfi Microsoft 1.6402 2010.11.19 VirTool:Win32/Obfuscator.KH NOD32 5634 2010.11.19 a variant of Win32/Kryptik.FSD Norman 6.06.10 2010.11.20 W32/Suspicious_Gen2.BSEEU nProtect 2010-11-20.01 2010.11.20 Backdoor.Generic.504880 Panda 10.0.2.7 2010.11.20 Trj/Krap.Y PCTools 7.0.3.5 2010.11.20 Trojan.Gen Prevx 3.0 2010.11.20 Medium Risk Malware Rising 22.74.04.00 2010.11.20 Trojan.Win32.Generic.52210879 Sophos 4.59.0 2010.11.20 Mal/Zbot-U SUPERAntiSpyware 4.40.0.1006 2010.11.20 Trojan.Agent/Gen-Falleg Symantec 20101.2.0.161 2010.11.20 Trojan.Gen TheHacker 6.7.0.1.087 2010.11.20 - TrendMicro 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4 TrendMicro-HouseCall 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4 VBA32 3.12.14.2 2010.11.19 Malware-Cryptor.Win32.073 VIPRE 7362 2010.11.20 LooksLike.Win32.Malware!C (v) ViRobot 2010.11.20.4158 2010.11.20 - VirusBuster 13.6.51.0 2010.11.20 Trojan.Krap!707iKaIDjwA -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
c:\winnt\system32\NarratorSrv.exe AhnLab-V3 2010.11.20.00 2010.11.19 Win-Trojan/Krap.47104.DE AntiVir 7.10.14.55 2010.11.19 TR/Dropper.Gen Antiy-AVL 2.0.3.7 2010.11.20 Packed/Win32.Krap.gen Avast 4.8.1351.0 2010.11.20 Win32:Rootkit-gen Avast5 5.0.594.0 2010.11.20 Win32:Rootkit-gen AVG 9.0.0.851 2010.11.20 SHeur3.AMRA BitDefender 7.2 2010.11.20 Backdoor.Generic.504880 CAT-QuickHeal 11.00 2010.11.09 - ClamAV 0.96.4.0 2010.11.20 Trojan.Small-8978 Command 5.2.11.5 2010.11.20 W32/Trojan2.NAVC Comodo 6785 2010.11.20 Heur.Packed.Unknown DrWeb 5.0.2.03300 2010.11.20 - Emsisoft 5.0.0.50 2010.11.20 Packed.Win32.Krap!IK eSafe 7.0.17.0 2010.11.18 Win32.TRDropper eTrust-Vet 36.1.7989 2010.11.20 Win32/Zbot.M!generic F-Prot 4.6.2.117 2010.11.19 W32/Trojan2.NAVC F-Secure 9.0.16160.0 2010.11.20 Packed:W32/Xorfus.A Fortinet 4.2.254.0 2010.11.20 - GData 21 2010.11.20 Backdoor.Generic.504880 Ikarus T3.1.1.90.0 2010.11.20 Packed.Win32.Krap Jiangmin 13.0.900 2010.11.20 Packed.Krap.czla K7AntiVirus 9.68.3041 2010.11.20 Trojan Kaspersky 7.0.0.125 2010.11.20 Packed.Win32.Krap.hm McAfee 5.400.0.1158 2010.11.20 Generic.dx!tfi McAfee-GW-Edition 2010.1C 2010.11.20 Generic.dx!tfi Microsoft 1.6402 2010.11.19 VirTool:Win32/Obfuscator.KH NOD32 5634 2010.11.19 a variant of Win32/Kryptik.FSD Norman 6.06.10 2010.11.20 W32/Suspicious_Gen2.BSEEU nProtect 2010-11-20.01 2010.11.20 Backdoor.Generic.504880 Panda 10.0.2.7 2010.11.20 Trj/Krap.Y PCTools 7.0.3.5 2010.11.20 Trojan.Gen Prevx 3.0 2010.11.20 Medium Risk Malware Rising 22.74.04.00 2010.11.20 Trojan.Win32.Generic.52210879 Sophos 4.59.0 2010.11.20 Mal/Zbot-U SUPERAntiSpyware 4.40.0.1006 2010.11.20 Trojan.Agent/Gen-Falleg Symantec 20101.2.0.161 2010.11.20 Trojan.Gen TheHacker 6.7.0.1.087 2010.11.20 - TrendMicro 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4 TrendMicro-HouseCall 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4 VBA32 3.12.14.2 2010.11.19 Malware-Cryptor.Win32.073 VIPRE 7362 2010.11.20 LooksLike.Win32.Malware!C (v) ViRobot 2010.11.20.4158 2010.11.20 - VirusBuster 13.6.51.0 2010.11.20 Trojan.Krap!707iKaIDjwA -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
c:\program files\Movie Maker\moviemkSrv.exe AhnLab-V3 2010.11.20.00 2010.11.19 Win32/Ramnit AntiVir 7.10.14.55 2010.11.19 W32/Ramnit.A Antiy-AVL 2.0.3.7 2010.11.20 Packed/Win32.Krap.gen Avast 4.8.1351.0 2010.11.20 Win32:Quolko Avast5 5.0.594.0 2010.11.20 Win32:Quolko AVG 9.0.0.851 2010.11.20 SHeur3.AMQX BitDefender 7.2 2010.11.20 Win32.Ramnit CAT-QuickHeal 11.00 2010.11.09 - ClamAV 0.96.4.0 2010.11.20 W32.Ramnit-1 Command 5.2.11.5 2010.11.20 W32/Ramnit.B Comodo 6785 2010.11.20 Packed.Win32.MUPX.Gen DrWeb 5.0.2.03300 2010.11.20 Win32.Rmnet Emsisoft 5.0.0.50 2010.11.20 Virus.Win32.Ramnit!IK eSafe 7.0.17.0 2010.11.18 - eTrust-Vet 36.1.7989 2010.11.20 Win32/Ramnit.A F-Prot 4.6.2.117 2010.11.19 W32/Ramnit.B F-Secure 9.0.16160.0 2010.11.20 Win32.Ramnit Fortinet 4.2.254.0 2010.11.20 W32/Ramnit.A GData 21 2010.11.20 Win32.Ramnit Ikarus T3.1.1.90.0 2010.11.20 Virus.Win32.Ramnit Jiangmin 13.0.900 2010.11.20 Win32/PatchFile.et K7AntiVirus 9.68.3041 2010.11.20 Virus Kaspersky 7.0.0.125 2010.11.20 Virus.Win32.Nimnul.a McAfee 5.400.0.1158 2010.11.20 W32/Ramnit.a McAfee-GW-Edition 2010.1C 2010.11.20 W32/Ramnit.a Microsoft 1.6402 2010.11.19 Virus:Win32/Ramnit.A NOD32 5634 2010.11.19 Win32/Ramnit.A Norman 6.06.10 2010.11.20 W32/Ramnit.A nProtect 2010-11-20.01 2010.11.20 Trojan/W32.Agent.95744.FT Panda 10.0.2.7 2010.11.20 W32/Cosmu.gen PCTools 7.0.3.5 2010.11.20 Malware.Ramnit Prevx 3.0 2010.11.20 Medium Risk Malware Rising 22.74.04.00 2010.11.20 Win32.Ramnit.a Sophos 4.59.0 2010.11.20 W32/Patched-I SUPERAntiSpyware 4.40.0.1006 2010.11.20 Trojan.Agent/Gen-Falleg Symantec 20101.2.0.161 2010.11.20 W32.Ramnit!inf TheHacker 6.7.0.1.087 2010.11.20 - TrendMicro 9.120.0.1004 2010.11.20 PE_RAMNIT.H TrendMicro-HouseCall 9.120.0.1004 2010.11.20 PE_RAMNIT.H VBA32 3.12.14.2 2010.11.19 Virus.Win32.Nimnul.a VIPRE 7362 2010.11.20 Virus.Win32.Ramnit.a (v) ViRobot 2010.11.20.4158 2010.11.20 - VirusBuster 13.6.51.0 2010.11.20 Win32.Ramnit.Gen -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
ComboFix 10-11-19.04 - Megs 11/20/2010 15:20:07.5.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1007.462 [GMT 0:00] Running from: c:\documents and settings\Megs\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Megs\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} * Created a new restore point FILE :: "c:\documents and settings\Administrator\Start Menu\Programs\Startup\ipso.exe" "c:\documents and settings\Administrator\Start Menu\Programs\Startup\odli.exe" "c:\documents and settings\Administrator\Start Menu\Programs\Startup\uqanyc.exe" "c:\documents and settings\Administrator\Start Menu\Programs\Startup\yhto.exe" "c:\documents and settings\Megs\Start Menu\Programs\Startup\napion.exe" "c:\documents and settings\standalone\Start Menu\Programs\Startup\opmier.exe" "c:\documents and settings\standalone\Start Menu\Programs\Startup\xiufm.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Megs\Application Data\Lyec c:\documents and settings\Megs\Application Data\Lyec\ydpuu.evd c:\documents and settings\Megs\Application Data\Orohq c:\documents and settings\Megs\Application Data\Orohq\oxpyk.exe c:\documents and settings\Megs\Application Data\Orohq\oxpykSrv.exe c:\documents and settings\Megs\Application Data\Ryda c:\documents and settings\Megs\Application Data\Ryda\qoer.exe c:\documents and settings\Megs\Application Data\Upinp c:\documents and settings\Megs\Application Data\Upinp\ewox.bia c:\program files\Belkin\Belkin Wireless Network Utility\PCARmDrvSrv.exe c:\program files\Internet Explorer\iexploreSrv.exe c:\winnt\ExplorerSrv.exe . ((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 ))))))))))))))))))))))))))))))) . 2010-11-17 19:40 . 2010-11-17 19:40 -------- d-----w- c:\program files\NCH Software 2010-11-17 19:38 . 2010-11-17 19:38 -------- d-----w- c:\program files\NCH Swift Sound 2010-11-15 18:44 . 2010-11-15 18:55 95744 ----a-w- c:\program files\Movie Maker\moviemkSrv.exe 2010-11-14 17:43 . 2010-11-20 15:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-11-04 20:13 . 2010-11-13 19:11 -------- d-----w- c:\program files\AVIConverter 2010-11-04 18:21 . 2010-11-04 18:21 47104 ----a-w- c:\winnt\system32\NarratorSrv.exe 2010-11-04 18:09 . 2010-11-04 18:15 95744 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iKernelSrv.exe 2010-11-03 18:22 . 2010-11-03 18:23 95744 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapisvrSrv.exe 2010-11-03 16:05 . 2010-11-15 16:35 95744 ----a-w- c:\program files\Windows Media Player\wmplayerSrv.exe 2010-11-01 18:12 . 2010-11-11 18:44 -------- d-----w- c:\program files\UK Truck Simulator 2010-10-31 21:25 . 2010-10-31 21:28 47104 ----a-w- c:\winnt\system32\mshtaSrv.exe 2010-10-31 16:05 . 2008-04-14 00:12 221184 ----a-w- c:\winnt\system32\wmpns.dll 2010-10-31 15:42 . 2010-10-31 15:42 -------- d-----w- C:\32788R22FWJFW.1.tmp 2010-10-31 11:53 . 2010-10-31 11:53 47104 ----a-w- c:\winnt\system32\sstext3dSrv.exe 2010-10-30 12:22 . 2008-04-14 00:12 218624 ----a-w- C:\uxtheme.dll 2010-10-30 11:38 . 2010-11-03 16:16 47104 ----a-w- c:\winnt\system32\verclsidSrv.exe 2010-10-29 20:48 . 2010-10-31 12:07 -------- d-----w- c:\documents and settings\Megs 2010-10-27 16:53 . 2010-10-27 16:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\documents and settings\standalone\Application Data\Xiinpa 2010-10-27 16:47 . 2010-11-20 15:11 -------- d-----w- c:\program files\windows 2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\program files\riv87 2010-10-27 15:28 . 2007-04-04 18:53 81768 ----a-w- c:\winnt\system32\xinput1_3.dll 2010-10-27 15:26 . 2010-11-07 14:52 -------- d-----w- c:\winnt\Logs 2010-10-23 12:09 . 2009-02-26 12:06 521080 ----a-w- C:\POWERPNT.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-29 18:08 . 2004-08-04 12:00 120192 ----a-w- c:\winnt\system32\drivers\pcmcia.sys 2010-10-21 18:47 . 2009-10-03 13:47 210944 ----a-w- C:\UNWISE.EXE 2010-10-03 23:43 . 2010-10-03 23:43 59240 ----a-w- c:\winnt\system32\drivers\RapportKELL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [2008-04-14 143360] "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2010-10-14 114688] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-10-21 471040] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680] "vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2004-07-20 124112] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "SoundMan"="SOUNDMAN.EXE" [2003-03-27 53248] "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2010-10-21 917504] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528] "tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ ipso.exe [2010-11-19 152576] uqanyc.exe [2010-11-15 202752] c:\documents and settings\Default User\Start Menu\Programs\Startup\ odli.exe [2010-11-19 152576] yhto.exe [2010-11-15 202752] c:\documents and settings\standalone\Start Menu\Programs\Startup\ opmier.exe [2010-11-19 152576] WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-7-2 2268672] xiufm.exe [2010-11-15 202752] c:\documents and settings\Megs\Start Menu\Programs\Startup\ napion.exe [2010-11-20 202752] napionSrv.exe [2010-11-20 95744] napionSrvSrv.exe [2010-11-20 47104] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 196608] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\winnt\system32\userinit.exe,,c:\program files\belkin\belkin wireless network utility\pcarmdrvsrv.exe,c:\program files\microsoft\desktoplayer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\WePrint\\WePrint Server.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 RapportKELL;RapportKELL;c:\winnt\system32\drivers\RapportKELL.sys [10/3/2010 23:43 59240] R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [10/3/2010 23:54 34792] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 23:43 169320] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/3/2010 23:43 767208] R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\winnt\system32\drivers\A311.sys [7/6/2004 08:12 33335] R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\winnt\system32\drivers\A310.sys [7/6/2004 08:12 33335] S1 mkh2de0;mkh2de0;c:\winnt\system32\drivers\mkh2de0.sys [2/13/2010 15:00 0] S1 pmk70ea;pmk70ea;c:\winnt\system32\drivers\pmk70ea.sys [2/5/2010 17:52 0] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/26/2009 16:34 135664] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 14:18 169192] S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/6/2004 07:48 49776] . Contents of the 'Scheduled Tasks' folder 2010-11-17 c:\winnt\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] 2010-11-20 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34] 2010-11-20 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34] 2010-11-13 c:\winnt\Tasks\Norton Security Scan for Megs.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 00:51] 2010-11-13 c:\winnt\Tasks\Norton Security Scan for standalone.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 00:51] 2010-11-17 c:\winnt\Tasks\switchShakeIcon.job - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-11-17 19:38] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-20 15:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2772) c:\winnt\system32\WININET.dll c:\program files\Trusteer\Rapport\bin\rooksbas.dll c:\winnt\system32\ieframe.dll c:\winnt\system32\webcheck.dll c:\winnt\system32\WPDShServiceObj.dll c:\winnt\system32\PortableDeviceTypes.dll c:\winnt\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\winnt\system32\MsPMSPSv.exe c:\winnt\SOUNDMAN.EXE c:\winnt\system32\rundll32.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MICROS~4\rapimgr.exe c:\winnt\system32\msiexec.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-11-20 15:44:18 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-20 15:44 ComboFix2.txt 2010-11-20 14:00 ComboFix3.txt 2010-11-13 19:21 ComboFix4.txt 2010-11-03 22:29 Pre-Run: 3,061,159,936 bytes free Post-Run: 3,044,570,112 bytes free - - End Of File - - D3CB3DDBD026F839AB07F98C22319502 -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
Log from combofix: ComboFix 10-11-19.04 - Megs 11/20/2010 13:10:02.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1007.480 [GMT 0:00] Running from: c:\documents and settings\Megs\Desktop\ComboFix.exe AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Megs\Application Data\Buym c:\documents and settings\Megs\Application Data\Buym\kidy.vae c:\documents and settings\Megs\Application Data\Daehyr c:\documents and settings\Megs\Application Data\Daehyr\ceaz.exe c:\documents and settings\Megs\Application Data\Elikf c:\documents and settings\Megs\Application Data\Elikf\pyso.ref c:\documents and settings\Megs\Application Data\Ensy c:\documents and settings\Megs\Application Data\Ensy\piwa.rui c:\documents and settings\Megs\Application Data\Ewuz c:\documents and settings\Megs\Application Data\Ewuz\uwawo.exe c:\documents and settings\Megs\Application Data\Fuyg c:\documents and settings\Megs\Application Data\Fuyg\axciw.exe c:\documents and settings\Megs\Application Data\Fyfua c:\documents and settings\Megs\Application Data\Fyfua\lidiq.exe c:\documents and settings\Megs\Application Data\Heuvxo c:\documents and settings\Megs\Application Data\Heuvxo\iqov.exe c:\documents and settings\Megs\Application Data\Igbox c:\documents and settings\Megs\Application Data\Igbox\fenao.tao c:\documents and settings\Megs\Application Data\Isitty c:\documents and settings\Megs\Application Data\Isitty\fyow.yxa c:\documents and settings\Megs\Application Data\Kuuck c:\documents and settings\Megs\Application Data\Kuuck\komip.wix c:\documents and settings\Megs\Application Data\Meqoy c:\documents and settings\Megs\Application Data\Meqoy\pura.exe c:\documents and settings\Megs\Application Data\Moere c:\documents and settings\Megs\Application Data\Moere\akqy.uhi c:\documents and settings\Megs\Application Data\Owroyr c:\documents and settings\Megs\Application Data\Owroyr\anax.exe c:\documents and settings\Megs\Application Data\Quacbi c:\documents and settings\Megs\Application Data\Quacbi\ucvy.exe c:\documents and settings\Megs\Application Data\Somu c:\documents and settings\Megs\Application Data\Somu\ospu.vyy c:\documents and settings\Megs\Application Data\Tievuq c:\documents and settings\Megs\Application Data\Tievuq\sedys.ebi c:\documents and settings\Megs\Application Data\Ubep c:\documents and settings\Megs\Application Data\Ubep\avox.exe c:\documents and settings\Megs\Application Data\Udyw c:\documents and settings\Megs\Application Data\Udyw\woihv.exe c:\documents and settings\Megs\Application Data\Uhby c:\documents and settings\Megs\Application Data\Uhby\wimae.lyx c:\documents and settings\Megs\Application Data\Uqxiu c:\documents and settings\Megs\Application Data\Uqxiu\geuw.tya c:\documents and settings\Megs\Application Data\Usze c:\documents and settings\Megs\Application Data\Usze\geyh.exe c:\documents and settings\Megs\Application Data\Wyuh c:\documents and settings\Megs\Application Data\Wyuh\gaaz.exe c:\documents and settings\Megs\Application Data\Xutuyh c:\documents and settings\Megs\Application Data\Xutuyh\pimo.azh c:\documents and settings\Megs\Application Data\Yquz c:\documents and settings\Megs\Application Data\Yquz\yvsay.zut c:\documents and settings\Megs\Application Data\Ysudfu c:\documents and settings\Megs\Application Data\Ysudfu\ebymr.exe c:\program files\Acoustica Mixcraft 4\mixcraft4srvSrv.exe c:\program files\Belkin\Belkin Wireless Network Utility\PCARmDrvSrv.exe c:\program files\Common Files\Roxio Shared\System\EngUtilSrv.exe c:\program files\Internet Explorer\complete.dat c:\program files\Internet Explorer\dmlconf.dat c:\program files\Internet Explorer\iexploreSrv.exe c:\program files\Microsoft\DesktopLayer.exe c:\program files\quicktime\qttasksrv.exe c:\winnt\ExplorerSrv.exe c:\winnt\system32\rundll32Srv.exe . ((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 ))))))))))))))))))))))))))))))) . 2010-11-17 19:40 . 2010-11-17 19:40 -------- d-----w- c:\program files\NCH Software 2010-11-17 19:38 . 2010-11-17 19:38 -------- d-----w- c:\program files\NCH Swift Sound 2010-11-15 18:44 . 2010-11-15 18:55 95744 ----a-w- c:\program files\Movie Maker\moviemkSrv.exe 2010-11-14 18:06 . 2010-01-22 09:55 767952 ----a-w- c:\winnt\BDTSupport.dll 2010-11-14 18:06 . 2010-01-22 09:56 149456 ----a-w- c:\winnt\SGDetectionTool.dll 2010-11-14 18:06 . 2010-01-22 09:56 165840 ----a-w- c:\winnt\PCTBDRes.dll 2010-11-14 18:06 . 2010-01-22 09:56 1652688 ----a-w- c:\winnt\PCTBDCore.dll 2010-11-14 17:44 . 2010-02-05 09:17 233136 ----a-w- c:\winnt\system32\drivers\pctgntdi.sys 2010-11-14 17:44 . 2010-11-14 18:34 218592 ----a-w- c:\winnt\system32\drivers\PCTCore.sys 2010-11-14 17:44 . 2009-11-23 13:54 88040 ----a-w- c:\winnt\system32\drivers\PCTAppEvent.sys 2010-11-14 17:44 . 2010-11-14 18:34 63360 ----a-w- c:\winnt\system32\drivers\pctplsg.sys 2010-11-14 17:43 . 2010-11-14 19:39 -------- d-----w- c:\program files\Spyware Doctor 2010-11-14 17:43 . 2010-11-14 18:06 -------- d-----w- c:\program files\Common Files\PC Tools 2010-11-14 17:43 . 2010-11-14 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-11-14 17:43 . 2010-11-20 13:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-11-04 20:13 . 2010-11-13 19:11 -------- d-----w- c:\program files\AVIConverter 2010-11-04 18:21 . 2010-11-04 18:21 47104 ----a-w- c:\winnt\system32\NarratorSrv.exe 2010-11-04 18:09 . 2010-11-04 18:15 95744 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iKernelSrv.exe 2010-11-03 18:22 . 2010-11-03 18:23 95744 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapisvrSrv.exe 2010-11-03 16:05 . 2010-11-15 16:35 95744 ----a-w- c:\program files\Windows Media Player\wmplayerSrv.exe 2010-11-01 18:12 . 2010-11-11 18:44 -------- d-----w- c:\program files\UK Truck Simulator 2010-10-31 21:25 . 2010-10-31 21:28 47104 ----a-w- c:\winnt\system32\mshtaSrv.exe 2010-10-31 16:05 . 2008-04-14 00:12 221184 ----a-w- c:\winnt\system32\wmpns.dll 2010-10-31 15:42 . 2010-10-31 15:42 -------- d-----w- C:\32788R22FWJFW.1.tmp 2010-10-31 11:53 . 2010-10-31 11:53 47104 ----a-w- c:\winnt\system32\sstext3dSrv.exe 2010-10-30 12:22 . 2008-04-14 00:12 218624 ----a-w- C:\uxtheme.dll 2010-10-30 11:38 . 2010-11-03 16:16 47104 ----a-w- c:\winnt\system32\verclsidSrv.exe 2010-10-29 20:48 . 2010-10-31 12:07 -------- d-----w- c:\documents and settings\Megs 2010-10-27 16:53 . 2010-10-27 16:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\documents and settings\standalone\Application Data\Xiinpa 2010-10-27 16:47 . 2010-11-19 20:43 -------- d-----w- c:\program files\windows 2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\program files\riv87 2010-10-27 15:28 . 2007-04-04 18:53 81768 ----a-w- c:\winnt\system32\xinput1_3.dll 2010-10-27 15:26 . 2010-11-07 14:52 -------- d-----w- c:\winnt\Logs 2010-10-23 12:09 . 2009-02-26 12:06 521080 ----a-w- C:\POWERPNT.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-29 18:08 . 2004-08-04 12:00 120192 ----a-w- c:\winnt\system32\drivers\pcmcia.sys 2010-10-21 18:47 . 2009-10-03 13:47 210944 ----a-w- C:\UNWISE.EXE 2010-10-03 23:43 . 2010-10-03 23:43 59240 ----a-w- c:\winnt\system32\drivers\RapportKELL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [2008-04-14 143360] "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2010-10-14 114688] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-10-21 471040] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680] "vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2004-07-20 124112] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "SoundMan"="SOUNDMAN.EXE" [2003-03-27 53248] "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2010-10-21 917504] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [2002-07-24 20752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528] "tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ ipso.exe [2010-11-19 152576] uqanyc.exe [2010-11-15 202752] c:\documents and settings\Default User\Start Menu\Programs\Startup\ odli.exe [2010-11-19 152576] yhto.exe [2010-11-15 202752] c:\documents and settings\standalone\Start Menu\Programs\Startup\ opmier.exe [2010-11-19 152576] WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-7-2 2268672] xiufm.exe [2010-11-15 202752] c:\documents and settings\Megs\Start Menu\Programs\Startup\ napion.exe [2010-11-15 154112] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 196608] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 77824] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\WePrint\\WePrint Server.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 PCTCore;PCTools KDS;c:\winnt\system32\drivers\PCTCore.sys [11/14/2010 17:44 218592] R0 RapportKELL;RapportKELL;c:\winnt\system32\drivers\RapportKELL.sys [10/3/2010 23:43 59240] R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [10/3/2010 23:54 34792] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 23:43 169320] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/14/2010 18:06 112592] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/3/2010 23:43 767208] R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\winnt\system32\drivers\A311.sys [7/6/2004 08:12 33335] R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\winnt\system32\drivers\A310.sys [7/6/2004 08:12 33335] S1 mkh2de0;mkh2de0;c:\winnt\system32\drivers\mkh2de0.sys [2/13/2010 15:00 0] S1 pmk70ea;pmk70ea;c:\winnt\system32\drivers\pmk70ea.sys [2/5/2010 17:52 0] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/26/2009 16:34 135664] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 14:18 169192] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/14/2010 17:43 366840] S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/6/2004 07:48 49776] . Contents of the 'Scheduled Tasks' folder 2010-11-17 c:\winnt\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] 2010-11-20 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34] 2010-11-20 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34] 2010-11-13 c:\winnt\Tasks\Norton Security Scan for Megs.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 00:51] 2010-11-13 c:\winnt\Tasks\Norton Security Scan for standalone.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 00:51] 2010-11-17 c:\winnt\Tasks\switchShakeIcon.job - c:\program files\NCH Swift Sound\Switch\switch.exe [2010-11-17 19:38] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-20 13:47 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(500) c:\winnt\system32\igfxsrvc.dll c:\winnt\system32\hccutils.DLL . Completion time: 2010-11-20 14:00:24 ComboFix-quarantined-files.txt 2010-11-20 14:00 ComboFix2.txt 2010-11-13 19:21 ComboFix3.txt 2010-11-03 22:29 Pre-Run: 558,296,064 bytes free Post-Run: 890,355,712 bytes free - - End Of File - - 8BDCBACBCE774EB8696602C14BE0D056 -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
The spyware doctor has found over 300 infections but to delete them I need to buy the software but I can't buy the software. -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
I deleted all the infections that you listed successfully, I ran MBAM but it came up with the same three infections again. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5065 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/14/2010 16:23:18 mbam-log-2010-11-14 (16-23-18).txt Scan type: Quick scan Objects scanned: 173046 Time elapsed: 37 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\winnt\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Delete on reboot. -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
It's not letting me delete any of them in C:\Documents and Settings\Megs\Start Menu\Programs\Startup. It keeps coming up with: Cannot delete ekel: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use. -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
So any of the infections you listed from the log I posted do I just delete them from the startup folders you mentioned? -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
So waht should I do? These don't show up on any of the other anti-virus programmes I have. -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
c:\program files\Roxio\Easy CD Creator 6\AudioCentral\LibraryAudio.exe c:\program files\Roxio\Easy CD Creator 6\DragToDisc\MRW\MRFINSTMRFINST.exe c:\program files\Roxio\Easy CD Creator 6\DragToDisc\ScanDiscScanDisc.exe c:\program files\Roxio\Easy CD Creator 6\Easy CD Creator\DiscEasy.exe c:\program files\Roxio\Easy CD Creator 6\PMStudio\DzlSDKPMStudio.exe c:\program files\Roxio\Easy CD Creator 6\Roxio Player\RoxioRoxioPlayer.exe c:\program files\Sony\Content Transfer\ModuleContent.exe c:\program files\Sony\Content Transfer\Resources\CHS\resourcefile.exe c:\program files\Sony\Content Transfer\Resources\CHT\ContentTransferResourcefile.exe c:\program files\Sony\Content Transfer\Resources\DEU\fileresource.exe c:\program files\Sony\Content Transfer\Resources\ENU\resourceTransfer.exe c:\program files\Sony\Content Transfer\Resources\ESP\resourcefile.exe c:\program files\Sony\Content Transfer\Resources\filefile.exe c:\program files\Sony\Content Transfer\Resources\FRA\ContentTransfer13023190.exe c:\program files\Sony\Content Transfer\Resources\ITA\resourceContent13023190.exe c:\program files\Sony\Content Transfer\Resources\JPN\resourceContentTransferResource.exe c:\program files\Sony\Content Transfer\Resources\KOR\fileresource.exe c:\program files\Sony\Content Transfer\Resources\PTB\Transferresource.exe c:\program files\Sony\Content Transfer\Resources\PTG\fileresource.exe c:\program files\Sony\Content Transfer\Resources\RUS\Transferfile.exe c:\program files\Sony\Content Transfer\UpdateChecker\UwcGUILibraryUwcGUILibrary1.0.1.07100.exe c:\program files\Sony\WALKMAN Guide\NWZ-E440\Backup\Install\InstallerApp\GuideTransfer1.2.0.07300.exe c:\program files\Sony\WALKMAN Guide\NWZ-E440\Backup\Install\InstallLauncher\SetupLauncherSetupLauncher2.0.0.08040.exe c:\program files\Sony\WALKMAN Guide\NWZ-E440\Backup\SetupSetup.exe c:\program files\Sony\WALKMAN Guide\NWZ-E440\WALKMANWALKMANGuide.exe c:\program files\Symantec AntiVirus\LuaWrapSymClnUp9.0.0.339.exe c:\program files\Symantec AntiVirus\Virus Defs\naveng32Engine2003.03.0.11.exe c:\program files\Symantec\LiveUpdate\S32LUHL1NetDetect.exe c:\program files\Symantec\S32EVNT1SYMEVENT11.4.0.11.exe c:\program files\WePrint\zlibzlib1.exe c:\program files\Winamp\Plugins\avs\Community Picks\shitmixing.exe c:\program files\Winamp\Plugins\avs\texercolormap.exe c:\program files\Winamp\Plugins\avs\Winamp 5 Picks\skupersremix.exe c:\program files\Winamp\Plugins\DSP_SPS\downcockos945.exe c:\program files\Winamp\Plugins\Gracenote\ModuleCDDBControlNSWinamp.exe c:\program files\Winamp\Plugins\Milkdrop2\presets\SciencemUnchained.exe c:\program files\Winamp\Plugins\mlwireNowplaying7.10.3052.4.exe c:\program files\Winamp\System\aacPlusDecoderomBrowser.exe c:\program files\Winamp\VisualWinamp.exe c:\program files\Windows Media Connect 2\WindowsSystem.exe c:\program files\Windows Media Player\1033\DWIntlError.exe c:\program files\Windows Media Player\Installer\WextractWEXTRACT.exe c:\program files\Windows Media Player\Roxio\WindowsWMBurn.exe c:\program files\Windows NT\Accessories\ImageVue\WindowsKodakPrv.exe c:\program files\Windows NT\Accessories\OperatingMicrosoft5.1.2600.55843.0804211413.exe c:\program files\Windows NT\Pinball\PINBALLPinball5.1.2600.5512.exe c:\program files\YouTube Downloader\MSCOMCTLMSCOMCTL.exe c:\program files\ZipCentral\unins000ZipDLL.exe c:\winnt\$hf_mig$\KB867282\WindowsSystem.exe c:\winnt\$hf_mig$\KB873333\update\UPDATEOperating5.5.0033.003.0311130918.exe c:\winnt\$hf_mig$\KB873339\SP2QFE\WindowsWindows.exe c:\winnt\$hf_mig$\KB885835\MicrosoftSystem.exe c:\winnt\$hf_mig$\KB885835\update\UPDATEUPDATE.exe c:\winnt\$hf_mig$\KB885836\SP2QFE\Documentmswrd632.exe c:\winnt\$hf_mig$\KB886185\spmsgWindows.exe c:\winnt\$hf_mig$\KB886185\update\UPDATEWindows.exe c:\winnt\$hf_mig$\KB887472\SP2QFE\msmsgsmsmsgs.exe c:\winnt\$hf_mig$\KB887472\update\UPDATEWindows.exe c:\winnt\$hf_mig$\KB887742\SP2QFE\httphttp.exe c:\winnt\$hf_mig$\KB887742\WindowsSPUNINST.exe c:\winnt\$hf_mig$\KB888113\SP2QFE\hlinkhlink.exe c:\winnt\$hf_mig$\KB888113\update\Windowsspcustom.exe c:\winnt\$hf_mig$\KB888302\SP2QFE\OperatingWindows.exe c:\winnt\$hf_mig$\KB890046\SP2QFE\WindowsAgentDpv.exe c:\winnt\$hf_mig$\KB890047\Microsoftspmsg.exe c:\winnt\$hf_mig$\KB890175\update\UPDATESystem.exe c:\winnt\$hf_mig$\KB893756\SystemWindows6.1.0022.4.exe c:\winnt\$hf_mig$\KB893756\update\SETUPAPIOperating6.1.0022.403.0311130918.exe c:\winnt\$hf_mig$\KB894391\SP2QFE\WindowsWindows.exe c:\winnt\$hf_mig$\KB894391\update\OperatingSETUPAPI.exe c:\winnt\$hf_mig$\KB896358\update\Systemspcustom.exe c:\winnt\$hf_mig$\KB899587\WindowsWindows.exe c:\winnt\$hf_mig$\KB899591\update\spcustomWindows.exe c:\winnt\$hf_mig$\KB900485\update\SETUPAPIUPDATE.exe c:\winnt\$hf_mig$\KB900725\SP2QFE\OperatingMicrosoft.exe c:\winnt\$hf_mig$\KB900725\update\WindowsSystem.exe c:\winnt\$hf_mig$\KB901017\update\SETUPAPIOperating5.1.2600.27572.0509091512.exe c:\winnt\$hf_mig$\KB901214\Systemspmsg.exe c:\winnt\$hf_mig$\KB902400\spmsgWindows.exe c:\winnt\$hf_mig$\KB902400\update\UPDATEUPDATE.exe c:\winnt\$hf_mig$\KB904942\SP2QFE\OperatingWDIGEST5.1.2600.2874.0603231528.exe c:\winnt\$hf_mig$\KB904942\SystemMicrosoft.exe c:\winnt\$hf_mig$\KB905414\SP2QFE\Operatingnetman.exe c:\winnt\$hf_mig$\KB905749\SP2QFE\WindowsWindows.exe c:\winnt\$hf_mig$\KB908519\SP2QFE\T2EMBEDWindows.exe c:\winnt\$hf_mig$\KB908519\spmsgSPUNINST.exe c:\winnt\$hf_mig$\KB908531\SP2QFE\xpsp3resxpsp3res.exe c:\winnt\$hf_mig$\KB908531\WindowsSystem6.2.0029.0.exe c:\winnt\$hf_mig$\KB910437\SP2QFE\SystemOperating5.1.2600.2780.exe c:\winnt\$hf_mig$\KB911280\SP2QFE\RasmansOperating5.1.2600.2936.exe c:\winnt\$hf_mig$\KB911280\update\SystemUPDATE6.2.0029.0.exe c:\winnt\$hf_mig$\KB911562\spmsgWindows.exe c:\winnt\$hf_mig$\KB911562\update\WindowsUPDATE.exe c:\winnt\$hf_mig$\KB911927\spmsgSystem6.2.0029.0.exe c:\winnt\$hf_mig$\KB911927\update\OperatingSETUPAPI.exe c:\winnt\$hf_mig$\KB913580\SP2QFE\TransactionMicrosoft.exe c:\winnt\$hf_mig$\KB913580\spmsgSPUNINST.exe c:\winnt\$hf_mig$\KB913580\update\Windowsspcustom.exe c:\winnt\$hf_mig$\KB914388\update\SETUPAPIUPDATE.exe c:\winnt\$hf_mig$\KB914389\Operatingspmsg.exe c:\winnt\$hf_mig$\KB914389\update\WindowsWindows.exe c:\winnt\$hf_mig$\KB915865\SystemSPUNINST.exe c:\winnt\$hf_mig$\KB915865\update\SystemSETUPAPI.exe c:\winnt\$hf_mig$\KB918118\Systemspmsg.exe c:\winnt\$hf_mig$\KB918118\update\WindowsUPDATE.exe c:\winnt\$hf_mig$\KB918439\spmsgSPUNINST.exe c:\winnt\$hf_mig$\KB919007\SP2QFE\MicrosoftWindows.exe c:\winnt\$hf_mig$\KB919007\spmsgSystem.exe c:\winnt\$hf_mig$\KB920213\Microsoftspmsg.exe c:\winnt\$hf_mig$\KB920213\SP2QFE\AnimationServer.exe c:\winnt\$hf_mig$\KB920213\update\UPDATESystem.exe c:\winnt\$hf_mig$\KB920670\WindowsSystem6.2.0029.003.0311130918.exe c:\winnt\$hf_mig$\KB920685\SPUNINSTWindows.exe c:\winnt\$hf_mig$\KB920685\update\SystemWindows6.2.0029.0.exe c:\winnt\$hf_mig$\KB920872\update\UPDATESystem.exe c:\winnt\$hf_mig$\KB921503\spmsgSystem6.2.0029.003.0311130918.exe c:\winnt\$hf_mig$\KB922582\spmsgSystem.exe c:\winnt\$hf_mig$\KB922582\update\UPDATEUPDATE.exe c:\winnt\$hf_mig$\KB922819\spmsgWindows.exe c:\winnt\$hf_mig$\KB922819\update\WindowsSystem6.2.0029.0.exe c:\winnt\$hf_mig$\KB923414\update\Windowsspcustom.exe c:\winnt\$hf_mig$\KB923561\SP3QFE\WindowsMicrosoft.exe c:\winnt\$hf_mig$\KB923561\update\spcustomSETUPAPI.exe c:\winnt\$hf_mig$\KB923980\SPUNINSTWindows.exe c:\winnt\$hf_mig$\KB924270\SP2QFE\OperatingMicrosoft.exe c:\winnt\$hf_mig$\KB924496\update\SystemWindows6.2.0029.003.0311130918.exe c:\winnt\$hf_mig$\KB925902\SP2QFE\SystemSystem.exe c:\winnt\$hf_mig$\KB925902\spmsgSystem.exe c:\winnt\$hf_mig$\KB926436\SystemWindows.exe c:\winnt\$hf_mig$\KB927802\SP2QFE\SystemWindows.exe c:\winnt\$hf_mig$\KB927802\update\UPDATEspcustom6.2.0029.0.exe c:\winnt\$hf_mig$\KB927891\update\WindowsWindows.exe c:\winnt\$hf_mig$\KB927891\WindowsWindows.exe c:\winnt\$hf_mig$\KB928255\SP2QFE\Windowsxpsp3res.exe c:\winnt\$hf_mig$\KB928843\SP2QFE\HTMLHHCtrl.exe c:\winnt\$hf_mig$\KB928843\update\spcustomSETUPAPI6.2.0029.0.exe c:\winnt\$hf_mig$\KB929123\spmsgWindows6.2.0029.003.0311130918.exe c:\winnt\$hf_mig$\KB930178\Microsoftspmsg6.2.0029.0.exe c:\winnt\$hf_mig$\KB930916\SP2QFE\OperatingWindows5.1.2600.30812.0702090034.exe c:\winnt\$hf_mig$\KB931261\SP2QFE\MicrosoftSystem.exe c:\winnt\$hf_mig$\KB931784\SP2QFE\OperatingSystem.exe c:\winnt\$hf_mig$\KB932168\SP2QFE\Dataxpsp3res.exe c:\winnt\$hf_mig$\KB932823-v3\SP2QFE\WindowsOperating5.1.2600.3319.exe c:\winnt\$hf_mig$\KB932823-v3\update\Operatingspcustom.exe c:\winnt\$hf_mig$\KB933729\SP2QFE\rpcrt4rpcrt4.exe c:\winnt\$hf_mig$\KB933729\WindowsWindows.exe c:\winnt\$hf_mig$\KB935839\SP2QFE\Systemkernel32.exe c:\winnt\$hf_mig$\KB935840\MicrosoftWindows6.2.0029.003.0311130918.exe c:\winnt\$hf_mig$\KB935840\SP2QFE\OperatingWindows.exe c:\winnt\$hf_mig$\KB936021\SP2QFE\MicrosoftRMSXML.exe c:\winnt\$hf_mig$\KB937894\SP2QFE\MQISEMessage.exe c:\winnt\$hf_mig$\KB938127-IE7\update\spcustomSystem.exe c:\winnt\$hf_mig$\KB938127\update\SystemSETUPAPI6.2.0029.0.exe c:\winnt\$hf_mig$\KB938464\Microsoftspmsg.exe c:\winnt\$hf_mig$\KB938464\update\MicrosoftSystem.exe c:\winnt\$hf_mig$\KB938828\update\spcustomWindows6.2.0029.0.exe c:\winnt\$hf_mig$\KB938829\update\MicrosoftWindows.exe c:\winnt\$hf_mig$\KB941202\Microsoftspmsg.exe c:\winnt\$hf_mig$\KB941202\SP2QFE\WindowsMicrosoft.exe c:\winnt\$hf_mig$\KB941202\update\WindowsWindows.exe c:\winnt\$hf_mig$\KB941693\SP2QFE\Windowswin32k5.1.2600.33352.0803191242.exe c:\winnt\$hf_mig$\KB942615-IE7\spmsgspmsg.exe c:\winnt\$hf_mig$\KB942615\SP2QFE\Microsoftwininet.exe c:\winnt\$hf_mig$\KB942763\SP2QFE\Operatingtzchange.exe c:\winnt\$hf_mig$\KB942763\SystemSPUNINST.exe c:\winnt\$hf_mig$\KB942763\update\UPDATEWindows6.2.0029.0.exe c:\winnt\$hf_mig$\KB942840\Microsoftspmsg.exe c:\winnt\$hf_mig$\KB942840\SP2QFE\JScriptMicrosoft.exe c:\winnt\$hf_mig$\KB942840\update\spcustomWindows.exe c:\winnt\$hf_mig$\KB943055\update\Systemspcustom.exe c:\winnt\$hf_mig$\KB943485\SP2QFE\OperatingSystem.exe c:\winnt\$hf_mig$\KB944533-IE7\Operatingspmsg.exe c:\winnt\$hf_mig$\KB944653\SP2QFE\SECURITYDriver.exe c:\winnt\$hf_mig$\KB945553\update\UPDATESystem6.2.0029.0.exe c:\winnt\$hf_mig$\KB946026\spmsgMicrosoft.exe c:\winnt\$hf_mig$\KB946648\Systemspmsg6.3.0013.0.exe c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\IE4UINITWindows.exe c:\winnt\$hf_mig$\KB947864-IE7\spmsgSystem.exe c:\winnt\$hf_mig$\KB948590\SP2QFE\gdi32Microsoft5.1.2600.33162.0802191317.exe c:\winnt\$hf_mig$\KB950749\SP2QFE\MSTEXT40DAO360.exe c:\winnt\$hf_mig$\KB950749\update\WindowsSystem.exe c:\winnt\$hf_mig$\KB950749\WindowsWindows.exe c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ExplorerMSHTMLED.exe c:\winnt\$hf_mig$\KB950759-IE7\update\WindowsUPDATE.exe c:\winnt\$hf_mig$\KB950760\update\WindowsSystem6.3.0013.0.exe c:\winnt\$hf_mig$\KB950762\SP3GDR\rmcastrmcast.exe c:\winnt\$hf_mig$\KB950974\spmsgOperating.exe c:\winnt\$hf_mig$\KB951072-v2\SP3GDR\SystemOperating.exe c:\winnt\$hf_mig$\KB951072-v2\spmsgSystem.exe c:\winnt\$hf_mig$\KB951376\SP3QFE\OperatingSystem5.1.2600.5580.exe c:\winnt\$hf_mig$\KB951376\update\spcustomUPDATE.exe c:\winnt\$hf_mig$\KB951376\WindowsWindows.exe c:\winnt\$hf_mig$\KB951698\update\SystemSystem6.3.0013.0.exe c:\winnt\$hf_mig$\KB951748\SP3GDR\mswsockWindows.exe c:\winnt\$hf_mig$\KB951748\update\WindowsSETUPAPI.exe c:\winnt\$hf_mig$\KB952004\SP3QFE\TransactionServices.exe c:\winnt\$hf_mig$\KB952287\SP2QFE\ComponentsData.exe c:\winnt\$hf_mig$\KB952954\SP3QFE\WindowsWindows.exe c:\winnt\$hf_mig$\KB952954\update\SystemMicrosoft6.3.0013.0.exe c:\winnt\$hf_mig$\KB953838-IE7\update\spcustomWindows.exe c:\winnt\$hf_mig$\KB953839\SPUNINSTWindows.exe c:\winnt\$hf_mig$\KB953839\update\WindowsUPDATE.exe c:\winnt\$hf_mig$\KB954211\SystemMicrosoft6.3.0013.0.exe c:\winnt\$hf_mig$\KB954459\update\WindowsUPDATE.exe c:\winnt\$hf_mig$\KB955069\SP3GDR\SP10SP10.exe c:\winnt\$hf_mig$\KB955069\update\spcustomSETUPAPI.exe c:\winnt\$hf_mig$\KB955759\SP3QFE\WindowsSystem.exe c:\winnt\$hf_mig$\KB955759\SystemWindows.exe c:\winnt\$hf_mig$\KB955839\OperatingSPUNINST.exe c:\winnt\$hf_mig$\KB955839\SP2QFE\OperatingSystem.exe c:\winnt\$hf_mig$\KB955839\SP3GDR\tzchangetzchange5.1.2600.5699.exe c:\winnt\$hf_mig$\KB955839\SP3QFE\SystemOperating.exe c:\winnt\$hf_mig$\KB955839\update\UPDATEspcustom.exe c:\winnt\$hf_mig$\KB956391\SPUNINSTWindows.exe c:\winnt\$hf_mig$\KB956391\update\spcustomSystem6.3.0013.0.exe c:\winnt\$hf_mig$\KB956572\Windowsspmsg.exe c:\winnt\$hf_mig$\KB956744\WindowsWindows.exe c:\winnt\$hf_mig$\KB956802\SP3GDR\gdi32gdi32.exe c:\winnt\$hf_mig$\KB956803\SP3GDR\WindowsOperating5.1.2600.56573.0808141236.exe c:\winnt\$hf_mig$\KB956803\Systemspmsg.exe c:\winnt\$hf_mig$\KB956803\update\WindowsMicrosoft.exe c:\winnt\$hf_mig$\KB956841\SP2QFE\MicrosoftWindows.exe c:\winnt\$hf_mig$\KB956841\SP3GDR\ntkrpampMicrosoft.exe c:\winnt\$hf_mig$\KB956841\SP3QFE\ntoskrnlWindows.exe c:\winnt\$hf_mig$\KB956841\spmsgspmsg6.3.0013.0.exe c:\winnt\$hf_mig$\KB957095\OperatingSPUNINST.exe c:\winnt\$hf_mig$\KB957095\SP2QFE\OperatingSystem.exe c:\winnt\$hf_mig$\KB957095\SP3QFE\MicrosoftOperating.exe c:\winnt\$hf_mig$\KB957095\update\SETUPAPIWindows6.3.0013.0.exe c:\winnt\$hf_mig$\KB957097\SP3QFE\SystemOperating.exe c:\winnt\$hf_mig$\KB958644\SP2QFE\OperatingSystem.exe c:\winnt\$hf_mig$\KB958687\SP3QFE\MicrosoftOperating.exe c:\winnt\$hf_mig$\KB958687\update\WindowsUPDATE.exe c:\winnt\$hf_mig$\KB958690\SP3QFE\Microsoftwin32k.exe c:\winnt\$hf_mig$\KB958690\Windowsspmsg.exe c:\winnt\$hf_mig$\KB960225\SP3QFE\schannelschannel5.1.2600.5721.exe c:\winnt\$hf_mig$\KB960225\update\spcustomWindows.exe c:\winnt\$hf_mig$\KB960714-IE7\MicrosoftWindows6.2.0029.0.exe c:\winnt\$hf_mig$\KB960714-IE7\update\OperatingSETUPAPI.exe c:\winnt\$hf_mig$\KB960715\SystemWindows.exe c:\winnt\$hf_mig$\KB960715\update\MicrosoftUPDATE.exe c:\winnt\$hf_mig$\KB960803\SystemWindows.exe c:\winnt\$hf_mig$\KB960803\update\SystemWindows.exe c:\winnt\$hf_mig$\KB960859\MicrosoftOperating.exe c:\winnt\$hf_mig$\KB960859\SP3QFE\telnetWindows5.1.2600.5829.exe c:\winnt\$hf_mig$\KB960859\update\WindowsSystem6.3.0013.0.exe c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\WindowsMSRATING7.00.6000.16730.exe c:\winnt\$hf_mig$\KB961371\SP3QFE\Systemfontsub.exe c:\winnt\$hf_mig$\KB961371\WindowsMicrosoft6.3.0013.0.exe c:\winnt\$hf_mig$\KB961373\Windowsspmsg.exe c:\winnt\$hf_mig$\KB961501\spmsgWindows6.3.0013.0.exe c:\winnt\$hf_mig$\KB963027-IE7\MicrosoftOperating6.3.0013.0.exe c:\winnt\$hf_mig$\KB963027-IE7\SP3QFE\WindowsIERNONCE.exe c:\winnt\$hf_mig$\KB963027-IE7\update\UPDATESystem.exe c:\winnt\$hf_mig$\KB967715\update\spcustomSETUPAPI.exe c:\winnt\$hf_mig$\KB968389\SP3QFE\SystemWDIGEST5.1.2600.5834.exe c:\winnt\$hf_mig$\KB968389\SystemWindows.exe c:\winnt\$hf_mig$\KB968389\update\SystemWindows.exe c:\winnt\$hf_mig$\KB968537\update\spcustomUPDATE.exe c:\winnt\$hf_mig$\KB969059\SP3QFE\Windowsquery.exe c:\winnt\$hf_mig$\KB969059\SystemWindows.exe c:\winnt\$hf_mig$\KB969897-IE7\SP3QFE\WindowsInternet.exe c:\winnt\$hf_mig$\KB969897-IE7\spmsgSPUNINST.exe c:\winnt\$hf_mig$\KB969947\SP3QFE\WindowsSystem.exe c:\winnt\$hf_mig$\KB969947\WindowsWindows.exe c:\winnt\$hf_mig$\KB970238\Systemspmsg6.3.0013.0.exe c:\winnt\$hf_mig$\KB970238\update\SystemUPDATE.exe c:\winnt\$hf_mig$\KB970430\SP3QFE\Operatingstreamfilt.exe c:\winnt\$hf_mig$\KB970430\update\Windowsspcustom.exe c:\winnt\$hf_mig$\KB971486\SP3QFE\WindowsWindows.exe c:\winnt\$hf_mig$\KB971486\update\SETUPAPIMicrosoft.exe c:\winnt\$hf_mig$\KB971633\update\Systemspcustom6.3.0013.0.exe c:\winnt\$hf_mig$\KB971633\WindowsSystem.exe c:\winnt\$hf_mig$\KB971657\spmsgspmsg.exe c:\winnt\$hf_mig$\KB971737\SP3QFE\MicrosoftWindows.exe c:\winnt\$hf_mig$\KB971961-IE8\SP3QFE\jscriptMicrosoft.exe c:\winnt\$hf_mig$\KB971961\SP3QFE\MicrosoftJScript5.7.6002.22145.exe c:\winnt\$hf_mig$\KB971961\update\UPDATEMicrosoft.exe c:\winnt\$hf_mig$\KB972260-IE7\spmsgSystem.exe c:\winnt\$hf_mig$\KB972260-IE7\update\WindowsUPDATE.exe c:\winnt\$hf_mig$\KB972260-IE8\SP3QFE\wininetieproxy.exe c:\winnt\$hf_mig$\KB972270\spmsgSystem.exe c:\winnt\$hf_mig$\KB972270\update\spcustomSystem.exe c:\winnt\$hf_mig$\KB973346\WindowsSPUNINST.exe c:\winnt\$hf_mig$\KB973354\Windowsspmsg.exe c:\winnt\$hf_mig$\KB973507\WindowsSystem.exe c:\winnt\$hf_mig$\KB973525\SPUNINSTSystem.exe c:\winnt\$hf_mig$\KB973687\SP3QFE\MicrosoftRSP10.exe c:\winnt\$hf_mig$\KB973687\spmsgSPUNINST6.3.0013.0.exe c:\winnt\$hf_mig$\KB973687\update\SystemWindows6.3.0013.0.exe c:\winnt\$hf_mig$\KB973869\MicrosoftSystem6.3.0013.0.exe c:\winnt\$hf_mig$\KB973869\update\spcustomSystem6.3.0013.0.exe c:\winnt\$hf_mig$\KB973904\SP3QFE\DocumentConverters.exe c:\winnt\$hf_mig$\KB974318\SP3QFE\MicrosoftSystem.exe c:\winnt\$hf_mig$\KB974318\spmsgWindows.exe c:\winnt\$hf_mig$\KB974318\update\spcustomSETUPAPI.exe c:\winnt\$hf_mig$\KB974392\update\WindowsUPDATE.exe c:\winnt\$hf_mig$\KB974455-IE8\SP3QFE\Internetiepeers.exe c:\winnt\$hf_mig$\KB974571\update\SETUPAPIWindows.exe c:\winnt\$hf_mig$\KB974571\Windowsspmsg.exe c:\winnt\$hf_mig$\KB975025\SP3QFE\Audiomsaud32.exe c:\winnt\$hf_mig$\KB975025\SPUNINSTSystem.exe c:\winnt\$hf_mig$\KB975025\update\MicrosoftUPDATE6.3.0013.0.exe c:\winnt\$hf_mig$\KB975467\update\WindowsWindows.exe c:\winnt\$hf_mig$\KB975560\spmsgSystem.exe c:\winnt\$hf_mig$\KB975561\SP3QFE\WindowsWindows.exe c:\winnt\$hf_mig$\KB975561\update\spcustomMicrosoft.exe c:\winnt\$hf_mig$\KB975713\update\SystemSystem.exe c:\winnt\$hf_mig$\KB976325-IE8\WindowsSystem.exe c:\winnt\$hf_mig$\KB976662-IE8\SystemWindows.exe c:\winnt\$hf_mig$\KB976662-IE8\update\spcustomspcustom.exe c:\winnt\$hf_mig$\KB977165\spmsgspmsg6.3.0013.0.exe c:\winnt\$hf_mig$\KB977165\update\UPDATEspcustom.exe c:\winnt\$hf_mig$\KB977816\SP3QFE\MSACMLayer3.exe c:\winnt\$hf_mig$\KB977816\WindowsSystem.exe c:\winnt\$hf_mig$\KB977914\Systemspmsg.exe c:\winnt\$hf_mig$\KB978037\SP3QFE\CSRSrvWindows.exe c:\winnt\$hf_mig$\KB978037\spmsgspmsg.exe c:\winnt\$hf_mig$\KB978207-IE8\update\SystemUPDATE.exe c:\winnt\$hf_mig$\KB978251\update\MicrosoftWindows.exe c:\winnt\$hf_mig$\KB978338\update\UPDATESystem.exe c:\winnt\$hf_mig$\KB978601\SP3QFE\WINTRUSTMicrosoft.exe c:\winnt\$hf_mig$\KB978706\SP3QFE\WindowsWindows5.1.2600.59183.0912162118.exe c:\winnt\$hf_mig$\KB978706\update\Microsoftspcustom.exe c:\winnt\$hf_mig$\KB979309\update\SETUPAPISystem6.3.0013.0.exe c:\winnt\$hf_mig$\KB979683\spmsgspmsg.exe c:\winnt\$hf_mig$\KB979683\update\SystemOperating.exe c:\winnt\$hf_mig$\KB980182-IE8\Systemspmsg.exe c:\winnt\$hf_mig$\KB980182-IE8\update\spcustomUPDATE.exe c:\winnt\$hf_mig$\KB980232\SP3QFE\MRXSMBSystem.exe c:\winnt\$hf_mig$\KB981332-IE8\SP3QFE\vbscriptvbscript.exe c:\winnt\$MSI31Uninstall_KB893803v2$\WindowsMSISIP.exe c:\winnt\$NtServicePackUninstall$\Microsoftappmgmts.exe c:\winnt\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\SPUNINSTWindows.exe c:\winnt\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\SPUNINSTMicrosoft.exe c:\winnt\$NtUninstallKB867282$\spuninst\WindowsMicrosoft.exe c:\winnt\$NtUninstallKB873339$\SystemWindows.exe c:\winnt\$NtUninstallKB885250$\MRXSMBWindows.exe c:\winnt\$NtUninstallKB885836$\ConvertersDocument.exe c:\winnt\$NtUninstallKB885884$\spuninst\WindowsSystem.exe c:\winnt\$NtUninstallKB886185$\WindowsIPNAT.exe c:\winnt\$NtUninstallKB887472$\msmsgsmsmsgs.exe c:\winnt\$NtUninstallKB887472$\spuninst\SPUNINSTWindows.exe c:\winnt\$NtUninstallKB887742$\spuninst\OperatingSystem.exe c:\winnt\$NtUninstallKB888113$\spuninst\SystemMicrosoft.exe c:\winnt\$NtUninstallKB888302$\spuninst\WindowsSPUNINST5.5.0033.0.exe c:\winnt\$NtUninstallKB891781$\spuninst\MicrosoftOperating5.5.0033.0.exe c:\winnt\$NtUninstallKB893756$\TelephonyTAPISRV.exe c:\winnt\$NtUninstallKB894391$\spuninst\SystemOperating.exe c:\winnt\$NtUninstallKB894391$\SystemSystem5.1.2600.25952.0411301729.exe c:\winnt\$NtUninstallKB896423$\WindowsSystem.exe c:\winnt\$NtUninstallKB896428$\spuninst\WindowsSystem.exe c:\winnt\$NtUninstallKB899587$\spuninst\SystemSystem.exe c:\winnt\$NtUninstallKB899591$\spuninst\WindowsMicrosoft.exe c:\winnt\$NtUninstallKB899591$\WindowsSystem.exe c:\winnt\$NtUninstallKB900485$\SystemOperating.exe c:\winnt\$NtUninstallKB901017$\CDOSYSMicrosoft.exe c:\winnt\$NtUninstallKB901214$\WindowsWindows5.1.2600.21802.0408032158.exe c:\winnt\$NtUninstallKB902400$\spuninst\SPUNINSTWindows.exe c:\winnt\$NtUninstallKB904942$\MicrosoftSystem.exe c:\winnt\$NtUninstallKB904942$\spuninst\SPUNINSTWindows.exe c:\winnt\$NtUninstallKB905414$\Systemnetman.exe c:\winnt\$NtUninstallKB908519$\spuninst\WindowsSPUNINST.exe c:\winnt\$NtUninstallKB908531$\spuninst\OperatingSPUNINST.exe c:\winnt\$NtUninstallKB910437$\spuninst\MicrosoftSystem.exe c:\winnt\$NtUninstallKB910437$\WindowsOperating.exe c:\winnt\$NtUninstallKB911280$\spuninst\SETUPAPIWindows.exe c:\winnt\$NtUninstallKB911280$\WindowsWindows.exe c:\winnt\$NtUninstallKB911562$\spuninst\SETUPAPIWindows.exe c:\winnt\$NtUninstallKB911564$\WindowsWindows.exe c:\winnt\$NtUninstallKB911927$\MicrosoftWindows.exe c:\winnt\$NtUninstallKB914388$\MicrosoftWindows.exe c:\winnt\$NtUninstallKB914388$\spuninst\SPUNINSTOperating.exe c:\winnt\$NtUninstallKB914389$\spuninst\WindowsSystem.exe c:\winnt\$NtUninstallKB914389$\WindowsWindows.exe c:\winnt\$NtUninstallKB914440$\spuninst\SystemOperating.exe c:\winnt\$NtUninstallKB914440$\SystemOperating.exe c:\winnt\$NtUninstallKB915865$\spuninst\SPUNINSTOperating.exe c:\winnt\$NtUninstallKB916595$\spuninst\WindowsWindows.exe c:\winnt\$NtUninstallKB917344$\JScriptjscript.exe c:\winnt\$NtUninstallKB917344$\spuninst\SystemSPUNINST.exe c:\winnt\$NtUninstallKB918118$\RichEditControl.exe c:\winnt\$NtUninstallKB918439$\spuninst\OperatingSETUPAPI6.2.0029.003.0311130918.exe c:\winnt\$NtUninstallKB919007$\spuninst\SPUNINSTSystem.exe c:\winnt\$NtUninstallKB920683$\rasadhlprasadhlp5.1.2600.2180.exe c:\winnt\$NtUninstallKB920683$\spuninst\SystemMicrosoft6.2.0029.003.0311130918.exe c:\winnt\$NtUninstallKB920685$\queryquery.exe c:\winnt\$NtUninstallKB920685$\spuninst\SPUNINSTSPUNINST6.2.0029.0.exe c:\winnt\$NtUninstallKB920872$\WDMAUDWDMAUD.exe c:\winnt\$NtUninstallKB921503$\spuninst\MicrosoftSystem.exe c:\winnt\$NtUninstallKB922582$\spuninst\WindowsWindows.exe c:\winnt\$NtUninstallKB922819$\spuninst\SPUNINSTSPUNINST.exe c:\winnt\$NtUninstallKB923191$\COMCTL32Operating6.00.2900.2180.exe c:\winnt\$NtUninstallKB923191$\spuninst\SPUNINSTWindows.exe c:\winnt\$NtUninstallKB923561$\spuninst\SETUPAPISPUNINST.exe c:\winnt\$NtUninstallKB923561$\WindowsSystem.exe c:\winnt\$NtUninstallKB923810$\TIFFLTTIFFLT.exe c:\winnt\$NtUninstallKB923980$\spuninst\WindowsWindows.exe c:\winnt\$NtUninstallKB924667$\spuninst\SystemWindows.exe c:\winnt\$NtUninstallKB925902$\gdi32Operating5.1.2600.26222.0503011519.exe c:\winnt\$NtUninstallKB926255$\spuninst\SPUNINSTSystem.exe c:\winnt\$NtUninstallKB926436$\OLEDLGSupport.exe c:\winnt\$NtUninstallKB926436$\spuninst\SystemOperating.exe c:\winnt\$NtUninstallKB927779$\msado15Microsoft.exe c:\winnt\$NtUninstallKB927779$\spuninst\SPUNINSTSystem.exe c:\winnt\$NtUninstallKB927891$\WindowsUnicode.exe c:\winnt\$NtUninstallKB928255$\spuninst\SystemSPUNINST.exe c:\winnt\$NtUninstallKB929123$\spuninst\WindowsOperating.exe c:\winnt\$NtUninstallKB929399$\Microsoftmsscp.exe c:\winnt\$NtUninstallKB929399$\spuninst\OperatingSETUPAPI.exe c:\winnt\$NtUninstallKB930178$\MicrosoftOperating.exe c:\winnt\$NtUninstallKB931261$\MicrosoftOperating.exe c:\winnt\$NtUninstallKB931261$\spuninst\WindowsMicrosoft.exe c:\winnt\$NtUninstallKB932168$\AgentDataProviderData2.00.0.3424.exe c:\winnt\$NtUninstallKB932168$\spuninst\SPUNINSTMicrosoft.exe c:\winnt\$NtUninstallKB933729$\OperatingWindows.exe c:\winnt\$NtUninstallKB933729$\spuninst\WindowsWindows6.2.0029.003.0311130918.exe c:\winnt\$NtUninstallKB936021$\MicrosoftRMicrosoftR.exe c:\winnt\$NtUninstallKB936782_WMP9$\spuninst\SystemMicrosoft.exe c:\winnt\$NtUninstallKB938127$\spuninst\SETUPAPISystem.exe c:\winnt\$NtUninstallKB938464$\spuninst\WindowsOperating.exe c:\winnt\$NtUninstallKB938464_0$\spuninst\SPUNINSTSPUNINST.exe c:\winnt\$NtUninstallKB938828$\Windowsexplorer.exe c:\winnt\$NtUninstallKB938829$\Microsoftgdi32.exe c:\winnt\$NtUninstallKB939683$\OperatingWindows.exe c:\winnt\$NtUninstallKB939683$\spuninst\WindowsWindows.exe c:\winnt\$NtUninstallKB941202$\MicrosoftINETCOMM6.00.2900.21802.0408032158.exe c:\winnt\$NtUninstallKB941202$\spuninst\SPUNINSTWindows.exe c:\winnt\$NtUninstallKB941569$\Serviceswmvcore9.00.00.32502.0408032158.exe c:\winnt\$NtUninstallKB942615$\Windowsxpsp3res.exe c:\winnt\$NtUninstallKB942615_0$\MicrosoftManager.exe c:\winnt\$NtUninstallKB942615_0$\spuninst\WindowsSPUNINST6.2.0029.0.exe c:\winnt\$NtUninstallKB942763$\spuninst\SPUNINSTSystem.exe c:\winnt\$NtUninstallKB942840$\spuninst\SystemWindows.exe c:\winnt\$NtUninstallKB943460$\xpsp3resMicrosoft.exe c:\winnt\$NtUninstallKB944653$\spuninst\SPUNINSTSETUPAPI.exe c:\winnt\$NtUninstallKB945553$\dnsrslvrMicrosoft.exe c:\winnt\$NtUninstallKB946026$\MRxDavMRxDAV5.1.2600.21802.0408032158.exe c:\winnt\$NtUninstallKB946026$\spuninst\WindowsMicrosoft.exe c:\winnt\$NtUninstallKB946648$\spuninst\WindowsSETUPAPI.exe c:\winnt\$NtUninstallKB948590$\spuninst\SystemOperating.exe c:\winnt\$NtUninstallKB950749$\spuninst\SystemSystem.exe c:\winnt\$NtUninstallKB950760$\spuninst\WindowsSPUNINST.exe c:\winnt\$NtUninstallKB950762$\rmcastrmcast.exe c:\winnt\$NtUninstallKB950762_0$\spuninst\SPUNINSTOperating.exe c:\winnt\$NtUninstallKB950974$\spuninst\WindowsWindows6.3.0013.0.exe c:\winnt\$NtUninstallKB950974_0$\spuninst\SPUNINSTWindows.exe c:\winnt\$NtUninstallKB951066$\MicrosoftWindows.exe c:\winnt\$NtUninstallKB951066_0$\spuninst\SETUPAPISPUNINST.exe c:\winnt\$NtUninstallKB951066_0$\SystemOperating6.00.2900.31982.0708201448.exe c:\winnt\$NtUninstallKB951376-v2_0$\bthportSystem.exe c:\winnt\$NtUninstallKB951376$\spuninst\WindowsSPUNINST.exe c:\winnt\$NtUninstallKB951376$\WindowsMicrosoft.exe c:\winnt\$NtUninstallKB951376_0$\spuninst\WindowsSPUNINST.exe c:\winnt\$NtUninstallKB951698$\spuninst\MicrosoftSPUNINST.exe c:\winnt\$NtUninstallKB951748_0$\spuninst\WindowsSystem6.3.0013.0.exe c:\winnt\$NtUninstallKB951748_0$\SystemMicrosoft.exe c:\winnt\$NtUninstallKB951978$\vbscriptjscript.exe c:\winnt\$NtUninstallKB952011$\spuninst\OperatingSystem.exe c:\winnt\$NtUninstallKB952287$\AccessMicrosoft.exe c:\winnt\$NtUninstallKB952287$\spuninst\SystemOperating6.3.0013.0.exe c:\winnt\$NtUninstallKB952954$\MicrosoftSystem.exe c:\winnt\$NtUninstallKB952954_0$\OperatingSystem.exe c:\winnt\$NtUninstallKB954154_WM11$\spuninst\SETUPAPISystem.exe c:\winnt\$NtUninstallKB954154_WM11$\wmpeffectswmpeffects.exe c:\winnt\$NtUninstallKB954155_WM9$\OperatingMicrosoft11.0.5721.514511.0610182006.exe c:\winnt\$NtUninstallKB954211$\kb954211Operating.exe c:\winnt\$NtUninstallKB954211$\spuninst\SystemSystem.exe c:\winnt\$NtUninstallKB954211_0$\MicrosoftWindows.exe c:\winnt\$NtUninstallKB954211_0$\spuninst\WindowsSystem.exe c:\winnt\$NtUninstallKB954459$\MSXML6MicrosoftR.exe c:\winnt\$NtUninstallKB954600$\WindowsMicrosoft.exe c:\winnt\$NtUninstallKB954600_0$\spuninst\WindowsMicrosoft6.3.0013.0.exe c:\winnt\$NtUninstallKB955069$\spuninst\SystemMicrosoft.exe c:\winnt\$NtUninstallKB955069_0$\spuninst\SystemSPUNINST6.3.0013.0.exe c:\winnt\$NtUninstallKB955759$\MicrosoftOperating5.1.2600.5512.0804132105.exe c:\winnt\$NtUninstallKB955839$\spuninst\SystemMicrosoft.exe c:\winnt\$NtUninstallKB956391$\spuninst\OperatingWindows.exe c:\winnt\$NtUninstallKB956802_0$\Microsoftgdi325.1.2600.33162.0802191316.exe c:\winnt\$NtUninstallKB956803$\spuninst\SPUNINSTOperating.exe c:\winnt\$NtUninstallKB956803_0$\MicrosoftWindows.exe c:\winnt\$NtUninstallKB956803_0$\spuninst\SystemWindows6.3.0013.0.exe c:\winnt\$NtUninstallKB956841$\spuninst\SPUNINSTSETUPAPI.exe c:\winnt\$NtUninstallKB956844$\EditingComponent.exe c:\winnt\$NtUninstallKB956844$\spuninst\SETUPAPISPUNINST.exe c:\winnt\$NtUninstallKB957095$\spuninst\SystemSPUNINST.exe c:\winnt\$NtUninstallKB957097$\Systemkb957097.exe c:\winnt\$NtUninstallKB957097_0$\spuninst\WindowsWindows6.3.0013.0.exe c:\winnt\$NtUninstallKB957097_0$\SystemMRxSmb5.1.2600.29022.0605050036.exe c:\winnt\$NtUninstallKB958687$\spuninst\OperatingSPUNINST.exe c:\winnt\$NtUninstallKB958687$\WindowsMicrosoft.exe c:\winnt\$NtUninstallKB960715$\spuninst\WindowsMicrosoft.exe c:\winnt\$NtUninstallKB960803$\WindowsOperating5.1.2600.5512.0804132105.exe c:\winnt\$NtUninstallKB960859$\telnettelnetc.exe c:\winnt\$NtUninstallKB961371$\SystemT2EMBED5.1.2600.5512.exe c:\winnt\$NtUninstallKB961373$\spuninst\SETUPAPISPUNINST.exe c:\winnt\$NtUninstallKB961501$\localsplMicrosoft.exe c:\winnt\$NtUninstallKB967715$\spuninst\WindowsSPUNINST.exe c:\winnt\$NtUninstallKB968389$\securityWindows.exe c:\winnt\$NtUninstallKB968389$\spuninst\SETUPAPISPUNINST.exe c:\winnt\$NtUninstallKB968537$\Microsoftwin32k.exe c:\winnt\$NtUninstallKB968537$\spuninst\SPUNINSTWindows6.3.0013.0.exe c:\winnt\$NtUninstallKB969947$\spuninst\SPUNINSTOperating.exe c:\winnt\$NtUninstallKB969947$\WindowsSystem.exe c:\winnt\$NtUninstallKB970238$\spuninst\SETUPAPISPUNINST.exe c:\winnt\$NtUninstallKB970430$\spuninst\WindowsSystem6.3.0013.0.exe c:\winnt\$NtUninstallKB971468$\spuninst\WindowsSystem.exe c:\winnt\$NtUninstallKB971486$\ntkrnlmpntkrnlpa.exe c:\winnt\$NtUninstallKB971557$\AVIFIL32Windows.exe c:\winnt\$NtUninstallKB971557$\spuninst\OperatingWindows.exe c:\winnt\$NtUninstallKB971657$\OperatingMicrosoft.exe c:\winnt\$NtUninstallKB971737$\Microsoftwinhttp.exe c:\winnt\$NtUninstallKB971961$\spuninst\SPUNINSTOperating.exe c:\winnt\$NtUninstallKB973346$\spuninst\MicrosoftSPUNINST.exe c:\winnt\$NtUninstallKB973507$\MicrosoftVisual3.05.2284.exe c:\winnt\$NtUninstallKB973507$\spuninst\SETUPAPIWindows.exe c:\winnt\$NtUninstallKB973540_WM9$\spuninst\SPUNINSTMicrosoft.exe c:\winnt\$NtUninstallKB973540_WM9$\WMPDLLWindows9.00.00.4503.exe c:\winnt\$NtUninstallKB973815$\DirectShowMSWebDVD.exe c:\winnt\$NtUninstallKB974112$\spuninst\SPUNINSTSystem6.3.0013.0.exe c:\winnt\$NtUninstallKB974392$\oakleySystem5.1.2600.5512.exe c:\winnt\$NtUninstallKB974392$\spuninst\SPUNINSTSPUNINST.exe c:\winnt\$NtUninstallKB975025$\spuninst\MicrosoftSPUNINST.exe c:\winnt\$NtUninstallKB975467$\OperatingMSV10.exe c:\winnt\$NtUninstallKB975560$\SystemWindowsR.exe c:\winnt\$NtUninstallKB977816$\spuninst\WindowsSETUPAPI.exe c:\winnt\$NtUninstallKB978037$\spuninst\SETUPAPIWindows.exe c:\winnt\$NtUninstallKB978338$\spuninst\SystemSystem.exe c:\winnt\$NtUninstallKB978601$\WindowsWindows.exe c:\winnt\$NtUninstallKB978706$\MSPAINTWindows.exe c:\winnt\$NtUninstallKB978706$\spuninst\SPUNINSTSETUPAPI.exe c:\winnt\$NtUninstallKB979306$\SystemWindows.exe c:\winnt\$NtUninstallKB979309$\OperatingMicrosoft.exe c:\winnt\$NtUninstallKB979683$\WindowsWindows.exe c:\winnt\$NtUninstallMSCompPackV1$\spuninst\SystemSPUNINST.exe c:\winnt\$NtUninstallWMFDist11$\spuninst\SystemMicrosoft.exe c:\winnt\$NtUninstallwmp11$\PlayerWMPDLL.exe c:\winnt\$NtUninstallwmp11$\spuninst\WindowsSPUNINST.exe c:\winnt\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\VisualVisual.exe c:\winnt\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\InteropOffice12.0.4518.1014.exe c:\winnt\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\SystemSystem.exe c:\winnt\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\FrameworkManagement.exe c:\winnt\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\SystemFramework.exe c:\winnt\ehome\Systemcustsat.exe c:\winnt\ie7\OperatingWindows.exe c:\winnt\ie7updates\KB938127-IE7\ExplorerInternet.exe c:\winnt\ie7updates\KB938127-IE7\spuninst\SystemSystem.exe c:\winnt\ie7updates\KB950759-IE7\spuninst\SPUNINSTSETUPAPI6.2.0029.003.0311130918.exe c:\winnt\ie7updates\KB953838-IE7\MSHTMLEDInternet.exe c:\winnt\ie7updates\KB960714-IE7\WindowsExplorer.exe c:\winnt\ie7updates\KB961260-IE7\InternetInternet.exe c:\winnt\ie7updates\KB961260-IE7\spuninst\SystemSPUNINST.exe c:\winnt\ie7updates\KB963027-IE7\spuninst\WindowsWindows6.3.0013.0.exe c:\winnt\ie7updates\KB969897-IE7\spuninst\SETUPAPISPUNINST.exe c:\winnt\ie7updates\KB972260-IE7\spuninst\WindowsWindows.exe c:\winnt\ie7updates\KB972260-IE7\wininetInternet7.00.6000.16850.0904230018.exe c:\winnt\ie8\spuninst\WindowsSystem.exe c:\winnt\ie8updates\KB971961-IE8\JScriptMicrosoft.exe c:\winnt\ie8updates\KB972260-IE8\WindowsWindows8.00.6001.187028.0903080339.exe c:\winnt\ie8updates\KB974455-IE8\spuninst\SPUNINSTMicrosoft6.3.0013.0.exe c:\winnt\ie8updates\KB976325-IE8\InternetWindows.exe c:\winnt\ie8updates\KB976662-IE8\spuninst\SystemSPUNINST.exe c:\winnt\ie8updates\KB978207-IE8\spuninst\WindowsSPUNINST.exe c:\winnt\ie8updates\KB980182-IE8\OCCACHEmsfeeds.exe c:\winnt\ie8updates\KB980182-IE8\spuninst\WindowsSETUPAPI.exe c:\winnt\ime\WindowsSPTIP.exe c:\winnt\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\ProjectWINPROJ.exe c:\winnt\Installer\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}\InstallShieldIsIcoRes.exe c:\winnt\Installer\{848AC794-8B81-440A-81AE-6474337DB527}\IsIcoResInstallShield.exe c:\winnt\Installer\{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}\IsIcoResIsIcoRes.exe c:\winnt\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\MicrosoftWindows9.05.132.0000.exe c:\winnt\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\MicrosoftWindows.exe c:\winnt\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Direct3DXDirectX9.07.239.0000.exe c:\winnt\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\WindowsDirectX.exe c:\winnt\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\MicrosoftMicrosoft.exe c:\winnt\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\MicrosoftWindows9.12.589.0000.exe c:\winnt\Modio\SLAMR2KV\SlCleanSlClean.exe c:\winnt\msagent\MicrosoftSpeech.exe c:\winnt\network diagnostic\xpnetdiagSystem.exe c:\winnt\PeerNet\SQLSE20SQLDB20.exe c:\winnt\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMWindows.exe c:\winnt\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMMedia10.0.3790.3802.exe c:\winnt\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\SystemWPDConns.exe c:\winnt\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmodwmvdmod9.00.00.4503.exe c:\winnt\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2cltdrmstor.exe c:\winnt\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2cltdrmclien.exe c:\winnt\Resources\Themes\Luna\Shell\Homestead\WindowsSHELLSTYLE.exe c:\winnt\Resources\Themes\Luna\Shell\Metallic\WindowsSHELLSTYLE5.1.2600.0.0108171148.exe c:\winnt\ServicePackFiles\i386\lang\MicrosoftPINTLPHR5.1.2600.5512.0804132105.exe c:\winnt\ServicePackFiles\i386\Windowsadv01w2k.exe c:\winnt\ServicePackFiles\ServicePackCache\i386\msgslangmsgslang4.7.3001.exe c:\winnt\SoftwareDistribution\Download\WindowsWindowsKB890830V2.exe c:\winnt\Speech\VCmdvtext4.0.4.3405.exe c:\winnt\system32\Adobe\Shockwave 11\Xtras\DynamiksHavokXtra.exe c:\winnt\system32\bits\qmgrSystem.exe c:\winnt\system32\config\systemprofile\Start Menu\Programs\Accessories\PromptCommand.exe c:\winnt\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\SystemWindows.exe c:\winnt\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\MobileApple1.49.0.0.exe c:\winnt\system32\en\ResourcesMMCEx5.2.3790.2560.exe c:\winnt\system32\export\dssenhWindows5.00.2195.1391.exe c:\winnt\system32\inetsrv\Internetsmtpadm.exe c:\winnt\system32\Macromed\Flash\FlashWindows.exe c:\winnt\system32\Macromed\Shockwave 10\Xtras\NetFileSpeak.exe c:\winnt\system32\mui\0401\OperatingWindows.exe c:\winnt\system32\mui\0402\Operatingxpsp1res.exe c:\winnt\system32\mui\0406\Windowsxpsp3res.exe c:\winnt\system32\mui\0408\xpob2resxpsp2res.exe c:\winnt\system32\mui\0409\Frameworkmscorees.exe c:\winnt\system32\mui\040C\Windowsxpsp1res5.1.2600.5512.0804132113.exe c:\winnt\system32\mui\040D\Windowsxpsp1res.exe c:\winnt\system32\mui\0410\WindowsWindows5.1.2600.5512.0804132113.exe c:\winnt\system32\mui\0411\Systemxpsp2res.exe c:\winnt\system32\mui\0413\Windowsbesturingssysteemxpob2res.exe c:\winnt\system32\mui\0414\xpsp2resxpsp3res.exe c:\winnt\system32\mui\0415\xpsp3resxpsp2res5.1.2600.5512.0804132113.exe c:\winnt\system32\mui\0419\xpsp1resxpsp3res.exe c:\winnt\system32\mui\041a\Windowsxpsp1res.exe c:\winnt\system32\mui\041b\xpob2resxpsp3res5.1.2600.5512.exe c:\winnt\system32\mui\0425\Windowsxpsp1res.exe c:\winnt\system32\mui\0804\xpsp2resxpsp1res5.1.2600.5512.0804132113.exe c:\winnt\system32\PreInstall\WinSE\wxp_x86_0409_v1\spmsgUPDATE6.1.0022.403.0311130918.exe c:\winnt\system32\ReinstallBackups\0005\DriverFiles\i386\OperatingWindows.exe c:\winnt\system32\ReinstallBackups\0006\DriverFiles\i386\isapnpSystem.exe c:\winnt\system32\Setup\OperatingInformation.exe c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\WindowsMicrosoft.exe c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wupsMicrosoft.exe c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wupswups.exe c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2Windows.exe c:\winnt\system32\spool\drivers\w32x86\3\WindowsOperating.exe c:\winnt\system32\URTTemp\StudioMicrosoft7.10.3052.4.exe c:\winnt\twain_32\hpsj_0000\Twainhpqgends.exe c:\winnt\twain_32\OperatingWIATWAIN.exe c:\winnt\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\MicrosoftVisual6.00.8972.0.exe c:\winnt\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\StudioVisual.exe c:\winnt\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\VisualVisual.exe c:\winnt\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MicrosoftStudio.exe c:\winnt\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MicrosoftStudio.exe c:\winnt\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\StudioMicrosoft.exe c:\winnt\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\VisualVisual8.00.50727.4053.0507274000.exe c:\winnt\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\StudioMicrosoft9.00.21022.08.exe c:\winnt\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\MicrosoftStudio.exe c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\VisualMFC90KOR.exe c:\winnt\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\VisualVCOMP90.exe c:\winnt\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\VisualVisual.exe c:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\Systemcomctl326.02.0408032158.exe c:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\Windowscomctl32.exe c:\winnt\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\OperatingWindows.exe c:\winnt\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\WindowsWindows.exe c:\winnt\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\Microsoftmsvcirt.exe c:\winnt\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\WindowsSystem.exe . . ((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 ))))))))))))))))))))))))))))))) . 2010-11-04 20:13 . 2010-11-13 19:11 -------- d-----w- c:\program files\AVIConverter 2010-11-04 18:21 . 2010-11-04 18:21 47104 ----a-w- c:\winnt\system32\NarratorSrv.exe 2010-11-04 18:09 . 2010-11-04 18:15 95744 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iKernelSrv.exe 2010-11-03 18:22 . 2010-11-03 18:23 95744 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapisvrSrv.exe 2010-11-03 16:05 . 2010-11-13 14:25 95744 ----a-w- c:\program files\Windows Media Player\wmplayerSrv.exe 2010-11-01 18:12 . 2010-11-11 18:44 -------- d-----w- c:\program files\UK Truck Simulator 2010-10-31 21:25 . 2010-10-31 21:28 47104 ----a-w- c:\winnt\system32\mshtaSrv.exe 2010-10-31 16:05 . 2008-04-14 00:12 221184 ----a-w- c:\winnt\system32\wmpns.dll 2010-10-31 15:42 . 2010-10-31 15:42 -------- d-----w- C:\32788R22FWJFW.1.tmp 2010-10-31 11:53 . 2010-10-31 11:53 47104 ----a-w- c:\winnt\system32\sstext3dSrv.exe 2010-10-30 12:22 . 2008-04-14 00:12 218624 ----a-w- C:\uxtheme.dll 2010-10-30 11:38 . 2010-11-03 16:16 47104 ----a-w- c:\winnt\system32\verclsidSrv.exe 2010-10-29 20:48 . 2010-10-31 12:07 -------- d-----w- c:\documents and settings\Megs 2010-10-27 16:53 . 2010-10-27 16:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\documents and settings\standalone\Application Data\Xiinpa 2010-10-27 16:47 . 2010-11-13 14:36 -------- d-----w- c:\program files\windows 2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\program files\riv87 2010-10-27 15:28 . 2007-04-04 18:53 81768 ----a-w- c:\winnt\system32\xinput1_3.dll 2010-10-27 15:26 . 2010-11-07 14:52 -------- d-----w- c:\winnt\Logs 2010-10-23 12:09 . 2009-02-26 12:06 521080 ----a-w- C:\POWERPNT.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-29 18:08 . 2004-08-04 12:00 120192 ----a-w- c:\winnt\system32\drivers\pcmcia.sys 2010-10-21 18:47 . 2009-10-03 13:47 210944 ----a-w- C:\UNWISE.EXE 2010-10-03 23:43 . 2010-10-03 23:43 59240 ----a-w- c:\winnt\system32\drivers\RapportKELL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [2008-04-14 143360] "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2010-10-14 114688] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-10-21 471040] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680] "vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2004-07-20 124112] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "SoundMan"="SOUNDMAN.EXE" [2003-03-27 53248] "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2010-10-21 917504] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [2002-07-24 20752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528] "tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\Administrator\Start Menu\Programs\Startup\ bihyc.exe [2010-11-4 202752] ekqo.exe [2010-11-10 107008] kegi.exe [2010-11-11 107008] oqir.exe [2010-11-13 107008] ydzue.exe [2010-11-7 202752] yztoy.exe [2010-11-12 107008] c:\documents and settings\Default User\Start Menu\Programs\Startup\ aquzy.exe [2010-11-12 107008] haavol.exe [2010-11-10 107008] iwxaka.exe [2010-11-11 107008] ohpu.exe [2010-11-4 202752] ubax.exe [2010-11-7 202752] wyipe.exe [2010-11-13 107008] c:\documents and settings\standalone\Start Menu\Programs\Startup\ cuumus.exe [2010-11-4 202752] cuumusSrv.exe [2010-11-10 95744] foune.exe [2010-11-7 202752] founeSrv.exe [2010-11-10 95744] himopo.exe [2010-11-10 107008] ohweib.exe [2010-11-11 107008] puywiv.exe [2010-11-12 107008] utraar.exe [2010-11-13 107008] WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-7-2 2268672] c:\documents and settings\Megs\Start Menu\Programs\Startup\ ekel.exe [2010-11-11 107008] qifur.exe [2010-11-12 107008] ryli.exe [2010-11-13 107008] ykkawu.exe [2010-11-10 107008] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 196608] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 77824] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\WePrint\\WePrint Server.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 RapportKELL;RapportKELL;c:\winnt\system32\drivers\RapportKELL.sys [10/3/2010 23:43 59240] R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [10/3/2010 23:54 34792] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 23:43 169320] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/3/2010 23:43 767208] R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\winnt\system32\drivers\A311.sys [7/6/2004 08:12 33335] R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\winnt\system32\drivers\A310.sys [7/6/2004 08:12 33335] S1 mkh2de0;mkh2de0;c:\winnt\system32\drivers\mkh2de0.sys [2/13/2010 15:00 0] S1 pmk70ea;pmk70ea;c:\winnt\system32\drivers\pmk70ea.sys [2/5/2010 17:52 0] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/26/2009 16:34 135664] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 14:18 169192] S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/6/2004 07:48 49776] . Contents of the 'Scheduled Tasks' folder 2010-11-10 c:\winnt\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] 2010-11-13 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34] 2010-11-13 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34] 2010-11-13 c:\winnt\Tasks\Norton Security Scan for Megs.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 00:51] 2010-11-13 c:\winnt\Tasks\Norton Security Scan for standalone.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 00:51] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-13 19:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(492) c:\winnt\system32\igfxsrvc.dll c:\winnt\system32\hccutils.DLL . Completion time: 2010-11-13 19:21:34 ComboFix-quarantined-files.txt 2010-11-13 19:21 ComboFix2.txt 2010-11-03 22:29 Pre-Run: 1,870,058,496 bytes free Post-Run: 3,241,280,000 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINNT [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - BCF94064FEA737C1D6BCF1188D6E097F -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
ComboFix 10-11-12.06 - Megs 11/13/2010 18:56:11.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1007.452 [GMT 0:00] Running from: c:\documents and settings\Megs\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Megs\Application Data\Agdi c:\documents and settings\Megs\Application Data\Agdi\siac.exe c:\documents and settings\Megs\Application Data\Arutyr c:\documents and settings\Megs\Application Data\Arutyr\yvta.sak c:\documents and settings\Megs\Application Data\Azrexe c:\documents and settings\Megs\Application Data\Azrexe\yqof.exe c:\documents and settings\Megs\Application Data\Babi c:\documents and settings\Megs\Application Data\Babi\goobh.wev c:\documents and settings\Megs\Application Data\Ewisl c:\documents and settings\Megs\Application Data\Ewisl\ulmae.ont c:\documents and settings\Megs\Application Data\Hayhto c:\documents and settings\Megs\Application Data\Hayhto\yrryu.exe c:\documents and settings\Megs\Application Data\Oclyap c:\documents and settings\Megs\Application Data\Oclyap\vade.avp c:\documents and settings\Megs\Application Data\Ofyq c:\documents and settings\Megs\Application Data\Ofyq\esadn.edv c:\documents and settings\Megs\Application Data\Qiuv c:\documents and settings\Megs\Application Data\Qiuv\miqee.axo c:\documents and settings\Megs\Application Data\Ubhaqe c:\documents and settings\Megs\Application Data\Ubhaqe\oxxy.hek c:\documents and settings\Megs\Application Data\Ubna c:\documents and settings\Megs\Application Data\Ubna\aqoq.exe c:\documents and settings\Megs\Application Data\Uspuci c:\documents and settings\Megs\Application Data\Uspuci\harui.exe c:\documents and settings\Megs\Application Data\Vouqy c:\documents and settings\Megs\Application Data\Vouqy\xeef.exe c:\documents and settings\Megs\Application Data\Yfup c:\documents and settings\Megs\Application Data\Yfup\faikv.exe c:\documents and settings\Megs\Application Data\Ymac c:\documents and settings\Megs\Application Data\Ymac\epduv.exe c:\documents and settings\standalone\Application Data\Deuzu c:\documents and settings\standalone\Application Data\Deuzu\fopyy.pew c:\documents and settings\standalone\Application Data\Iboraf c:\documents and settings\standalone\Application Data\Iboraf\vief.exe c:\documents and settings\standalone\Application Data\Owno c:\documents and settings\standalone\Application Data\Owno\urcu.pua c:\documents and settings\standalone\Application Data\Ykep c:\documents and settings\standalone\Application Data\Ykep\vuyq.exe c:\program files\Internet Explorer\complete.dat c:\program files\Internet Explorer\dmlconf.dat c:\program files\Internet Explorer\iexploreSrv.exe c:\program files\Microsoft\DesktopLayer.exe c:\program files\quicktime\qttasksrv.exe c:\winnt\explorerSrv.exe c:\winnt\system32\NOTEPADSrv.exe c:\winnt\system32\rundll32Srv.exe ----- File Replicators ----- c:\documents and settings\Megs\Application Data\Microsoft\Document Building Blocks\1033\BuildingBlocksd.exe c:\program files\Acoustica Mixcraft 4\Example Projects\BabyAbout.exe c:\program files\Acoustica Mixcraft 4\guirezscanner.exe c:\program files\Acoustica Mixcraft 4\hpCDEPrimoBurnertm2531.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Acoustic Guitar\AcousticChorused.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Acoustic Piano\EPinstrumAcoustic.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Bass\BassinstrumAcoustica.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Combinations\LayeredFoster.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Distorted Guitar\BlackMagic15161.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Electric Guitar\ChorusGuitarinstrum.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Electric Piano\EPinstrumBell.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Flute\BottleBlowinstrum.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Hard Lead\LeadSynthinstrum.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Hits and Stabs\SynthHitinstrum.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Keyboard\AnalogClavinstrum.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Mallet\BreathMalletinstrum21911.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Orchestra\OrchestrainstrumFull.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Organ\DetunedOrganinstrum23554.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Sax\AltoSaxinstrum.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Soft Lead\ProphetinstrumFlutey.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Soft Pad\PadinstrumBell.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Strings\StringSynthinstrum.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Synth Bass\LeadBassinstrum.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Synth FX\NoiseinstrumBurst.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Techno Synth\MysteryPadinstrum.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Vox\ChoirMonoinstrum.exe c:\program files\Acoustica Mixcraft 4\InstPresets\Vox\scannerSoftWare2.4.5600.00108171148.exe c:\program files\Acoustica Mixcraft 4\VST\Acoustica Instruments\AcousticaInstruments1488.exe c:\program files\Acoustica Mixcraft 4\VST\Classic\ClassicAutoFilter.exe c:\program files\Acoustica Mixcraft 4\VST\Voxengo\SimulatorVoxengo.exe c:\program files\Acoustica Shared Effects\WISEWISE.exe c:\program files\Adobe\Acrobat 7.0\ActiveX\BrowserShell.exe c:\program files\Adobe\Acrobat 7.0\Esl\AdobeAiod7000.exe c:\program files\Adobe\Acrobat 7.0\Reader\Browser\NPPDF32Acrobat.exe c:\program files\Adobe\Acrobat 7.0\Reader\edb1Runtime3.0.exe c:\program files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm\PMP\AdobePDF417PlugIn7.0.0.0.exe c:\program files\Adobe\Acrobat 7.0\Reader\plug_ins\CheckersEscript.exe c:\program files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\en_US\SVGRSRCAdobe.exe c:\program files\Adobe\Acrobat 7.0\Reader\plug_ins\ImageViewer\SVGCoreSVGCore.exe c:\program files\Adobe\Acrobat 7.0\Reader\plug_ins\PictureTasks\OLS\AdobeOnlineServices.exe c:\program files\Adobe\Acrobat 7.0\Reader\plug_ins3d\SystemsRight.exe c:\program files\Adobe\Acrobat 7.0\Reader\SPPlugins\DialogManager3.1030.exe c:\program files\Adobe\Acrobat 7.0\Reader\Updater\Acroaumacroaum.exe c:\program files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\UnicodeReader.exe c:\program files\Adobe\Photoshop Album Starter Edition\2.0\Apps\PluginEdition.exe c:\program files\Adobe\Photoshop Album Starter Edition\2.0\Apps\plugins\ImageReadyPhotoshopAdapter.exe c:\program files\Adobe\Photoshop Album Starter Edition\2.0\Shared_Assets\locales\en_us\olsplugins\OnlineOnlineServicesEL.exe c:\program files\alot\ALOTToolbar.exe c:\program files\alot\bin\alotalot.exe c:\program files\alot\bin\BHO\alotToolbar2.5.9000.490.exe c:\program files\AnvSoft\Any Video Converter\codecs\DRV33260wmspdmod.exe c:\program files\AnvSoft\Any Video Converter\Counteravcres.exe c:\program files\Apple Software Update\Plugins\AppleUpdate.exe c:\program files\Apple Software Update\SoftwareSoftwareUpdate.exe c:\program files\Apple Software Update\SoftwareUpdate.Resources\de.lproj\AppleUpdate.exe c:\program files\Apple Software Update\SoftwareUpdate.Resources\en.lproj\AppleUpdate.exe c:\program files\Apple Software Update\SoftwareUpdate.Resources\ru.lproj\SoftwareUpdate.exe c:\program files\Apple Software Update\SoftwareUpdate.Resources\UpdatetSoftware26507.exe c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\de.lproj\UpdateApple.exe c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\en.lproj\UpdateApple2.1.2.exe c:\program files\Apple Software Update\SoftwareUpdateFiles.Resources\ru.lproj\UpdateSoftwareUpdateFilesLocalized2.1.2.exe c:\program files\Auran\Trainz Paint Shed\Logos\ATSFwindow130608.exe c:\program files\Auran\Trainz Paint Shed\TrainzPaint.exe c:\program files\Auran\Trainz\Bin\ijl10Window3D1.0.2.exe c:\program files\Auran\Trainz\ContentManager\AuranContent.exe c:\program files\Auran\Trainz\TrainzKernelStandard.exe c:\program files\AVIConverter\cook3260Windows.exe c:\program files\BBC iPlayer Desktop\iPlayerDesktop2078.exe c:\program files\Belkin\Belkin Wireless Network Utility\0004\mdc8021xAEGIS.exe c:\program files\Belkin\Belkin Wireless Network Utility\ProcNICsWLanCfg.exe c:\program files\Bonjour\Bonjour.Resources\da.lproj\BonjourAbout.exe c:\program files\Bonjour\Bonjour.Resources\de.lproj\BonjourAbout24639.exe c:\program files\Bonjour\Bonjour.Resources\en.lproj\AboutBonjour.exe c:\program files\Bonjour\Bonjour.Resources\en.lproj\scannerSoftWare2.4.5600.0.exe c:\program files\Bonjour\Bonjour.Resources\en_GB.lproj\AboutBonjour.exe c:\program files\Bonjour\Bonjour.Resources\es.lproj\BonjourAbout.exe c:\program files\Bonjour\Bonjour.Resources\fi.lproj\BonjourAbout.exe c:\program files\Bonjour\Bonjour.Resources\fr.lproj\BonjourAbout.exe c:\program files\Bonjour\Bonjour.Resources\it.lproj\AboutBonjour.exe c:\program files\Bonjour\Bonjour.Resources\ja.lproj\AboutBonjour.exe c:\program files\Bonjour\Bonjour.Resources\ko.lproj\AboutBonjour.exe c:\program files\Bonjour\Bonjour.Resources\nb.lproj\AboutBonjour.exe c:\program files\Bonjour\Bonjour.Resources\nl.lproj\BonjourAbout931.exe c:\program files\Bonjour\Bonjour.Resources\pl.lproj\BonjourAbout.exe c:\program files\Bonjour\Bonjour.Resources\pt.lproj\BonjourAbout.exe c:\program files\Bonjour\Bonjour.Resources\pt_PT.lproj\BonjourAbout.exe c:\program files\Bonjour\Bonjour.Resources\ru.lproj\BonjourAbout.exe c:\program files\Bonjour\Bonjour.Resources\sv.lproj\AboutBonjour17461.exe c:\program files\Bonjour\Bonjour.Resources\zh_CN.lproj\AboutBonjour.exe c:\program files\Bonjour\Bonjour.Resources\zh_TW.lproj\BonjourAbout.exe c:\program files\Bonjour\mdnsNSPmdnsNSP.exe c:\program files\Common Files\Adobe AIR\Versions\1.0\InstallerAdobe.exe c:\program files\Common Files\Adobe AIR\Versions\1.0\Resources\AdobeCPLink.exe c:\program files\Common Files\Apple\Apple Application Support\libdispatchSupport.exe c:\program files\Common Files\Apple\CoreFP\CoreFPCoreFP.exe c:\program files\Common Files\Apple\Mobile Device Support\Drivers\MobileDevice.exe c:\program files\Common Files\Apple\Mobile Device Support\MDCrashReportToolssleay3217.17.14.38.exe c:\program files\Common Files\Apple\Mobile Device Support\NetDrivers\OperatingSystem.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.IE\isRegisteredapple.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Outlook\isRegisteredOutlook.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.Safari\Safariapple.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.WindowsContacts\WindowsContactsisRegistered.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.apple.WindowsMail\isRegisteredapple.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.google.ContactSync\isRegisteredContactSync.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncServices\Clients\com.yahoo.go.sync\isRegisteredyahoo.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\da.lproj\MobileMeSyncUICoreLocalized.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\de.lproj\MobileMeSyncUICoreRessource.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\en.lproj\MobileMeSyncUICore.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\es.lproj\SyncUICoreLocalizedMobileMe.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\fi.lproj\SyncUICoreLocalizedMobileMe.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\fr.lproj\SyncUICoreMobileMe.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\it.lproj\MobileMeSyncUICoreLocalized.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\ja.lproj\SyncUICoreSyncUICoreLocalized3.0.0.0.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\ko.lproj\SyncUICoreLocalizedMobileMe.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\nb.lproj\MobileMeSyncUICoreressurs.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\nl.lproj\resourceSyncUICore.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\pl.lproj\MobileMeresource16.1.6.14.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\pt_PT.lproj\MobileMerecurso3.0.0.0.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\ru.lproj\SyncUICoreLocalizedMobileMe.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\sv.lproj\SyncUICoreresursSyncUICoreLocalized.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\zh_CN.lproj\SyncUICoreLocalizedresource3.0.0.0.exe c:\program files\Common Files\Apple\Mobile Device Support\SyncUICore.resources\zh_TW.lproj\SyncUICoreLocalizedSyncUICore.exe c:\program files\Common Files\Designer\ObjectLibrary.exe c:\program files\Common Files\Hewlett-Packard\Scanjet\hpgscnsvhpgscnsv.exe c:\program files\Common Files\InstallShield\Driver\7\Intel 32\IUserobjectps.exe c:\program files\Common Files\InstallShield\Engine\6\Intel 32\KernelModule.exe c:\program files\Common Files\InstallShield\IScript\EngineInstallShield.exe c:\program files\Common Files\InstallShield\Professional\RunTime\0700\Intel32\Setupctor.exe c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\Enginedotnetinstaller.exe c:\program files\Common Files\InstallShield\Professional\RunTime\InstallShieldObject7011001261.exe c:\program files\Common Files\L&H\SpeechEngines\1033\TTS\TTS3000\enutemppenutstpp7001.exe c:\program files\Common Files\L&H\SpeechEngines\ttscorettscore.exe c:\program files\Common Files\Microsoft Shared\DAO\MicrosoftMicrosoft03.60.9512.0.exe c:\program files\Common Files\Microsoft Shared\Dashboard Components\10\ServerMSDDSC2000.00.1010.0.exe c:\program files\Common Files\Microsoft Shared\Dashboard Components\10\SoftWareMSDDSC.exe c:\program files\Common Files\Microsoft Shared\DW\1033\ReportingMicrosoft.exe c:\program files\Common Files\Microsoft Shared\DW\dwtrig20DW2012.0.4518.1014.exe c:\program files\Common Files\Microsoft Shared\Equation\1033\EditorMicrosoft3.1.exe c:\program files\Common Files\Microsoft Shared\Equation\MicrosoftEquation00110900.exe c:\program files\Common Files\Microsoft Shared\EURO\MsoEurosystem.exe c:\program files\Common Files\Microsoft Shared\Filters\systemofffiltx.exe c:\program files\Common Files\Microsoft Shared\Grphflt\gifimp32Office.exe c:\program files\Common Files\Microsoft Shared\Help\1028\HXDSUIMicrosoft.exe c:\program files\Common Files\Microsoft Shared\Help\1031\HelpHXDSUI.exe c:\program files\Common Files\Microsoft Shared\Help\1033\HelpHXDSUI.exe c:\program files\Common Files\Microsoft Shared\Help\1036\Helpscanner.exe c:\program files\Common Files\Microsoft Shared\Help\1036\HXDSUIMicrosoft.exe c:\program files\Common Files\Microsoft Shared\Help\1040\MicrosoftMicrosoft2.05.50727.210.0507272100.exe c:\program files\Common Files\Microsoft Shared\Help\1041\HelpMicrosoftR.exe c:\program files\Common Files\Microsoft Shared\Help\1042\HelpMicrosoftR.exe c:\program files\Common Files\Microsoft Shared\Help\1046\HXDSUIHelp.exe c:\program files\Common Files\Microsoft Shared\Help\1049\MicrosoftHXDSUI.exe c:\program files\Common Files\Microsoft Shared\Help\2052\MicrosoftHXDSUI.exe c:\program files\Common Files\Microsoft Shared\Help\3082\MicrosoftHXDSUI2.05.50727.210.0507272100.exe c:\program files\Common Files\Microsoft Shared\Help\MicrosoftRStorage5.50.50727.198.exe c:\program files\Common Files\Microsoft Shared\Help\scannerscanner.exe c:\program files\Common Files\Microsoft Shared\Information Retrieval\WindowsOperating.exe c:\program files\Common Files\Microsoft Shared\Ink\HandwritingInput.exe c:\program files\Common Files\Microsoft Shared\Microsoft Office Project 11\1033\LibraryWindowsTM11.1.2004.1707.15.exe c:\program files\Common Files\Microsoft Shared\Microsoft Office Project 11\UtilityWindowsTM11.1.2004.1707.15.exe c:\program files\Common Files\Microsoft Shared\MSDesigners7\MSVCP71Studio7.10.3052.4.exe c:\program files\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\MicrosoftExtensibility.exe c:\program files\Common Files\Microsoft Shared\MSEnv\vshelp80vsmso.exe c:\program files\Common Files\Microsoft Shared\MSORUN\MSORUNMSORun.exe c:\program files\Common Files\Microsoft Shared\NoteSync Forms\formdllinkres.exe c:\program files\Common Files\Microsoft Shared\Office10\Unauthorizedcopy.exe c:\program files\Common Files\Microsoft Shared\OFFICE11\1033\MsoIntlMSXML.exe c:\program files\Common Files\Microsoft Shared\OFFICE11\msoxevMsftEdit.exe c:\program files\Common Files\Microsoft Shared\OFFICE12\1033\aceintlAlrtIntl12.0.4518.1014.exe c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\Office.en-us\systemosetupui.exe c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\osetuposetup.exe c:\program files\Common Files\Microsoft Shared\OFFICE12\OfficeModHelp.exe c:\program files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\1033\EnvironmentHTMDlgsUI.exe c:\program files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\ObjectOperating.exe c:\program files\Common Files\Microsoft Shared\Portal\SharePointPortalConnect11.0.5510.0.exe c:\program files\Common Files\Microsoft Shared\Proof\1033\msgr3enComponents.exe c:\program files\Common Files\Microsoft Shared\Proof\1036\ComponentsLanguage.exe c:\program files\Common Files\Microsoft Shared\Proof\3082\Languagemsgr3es.exe c:\program files\Common Files\Microsoft Shared\Proof\hyphenatorThesaurus.exe c:\program files\Common Files\Microsoft Shared\Smart Tag\1033\Officesystem12.0.4518.1014.exe c:\program files\Common Files\Microsoft Shared\Smart Tag\systemietag12.0.4518.1014.exe c:\program files\Common Files\Microsoft Shared\Source Engine\SourceEngine.exe c:\program files\Common Files\Microsoft Shared\Speech\1033\MicrosoftSystem.exe c:\program files\Common Files\Microsoft Shared\Speech\SAPISVR5SAPI5.exe c:\program files\Common Files\Microsoft Shared\SpeechEngines\TTS\WTTSS22Speech4.0.4.2903.exe c:\program files\Common Files\Microsoft Shared\TextConv\WKWPQDConverters.exe c:\program files\Common Files\Microsoft Shared\Translat\ESEN\MicrosoftDictionaries.exe c:\program files\Common Files\Microsoft Shared\Translat\FREN\TranslationOffice.exe c:\program files\Common Files\Microsoft Shared\Translat\msb1starmsb1core.exe c:\program files\Common Files\Microsoft Shared\Triedit\ComponentDHTML.exe c:\program files\Common Files\Microsoft Shared\Triedit\DHTMLSoftWare.exe c:\program files\Common Files\Microsoft Shared\VBA\VBA6\1033\EnvironmentBasic.exe c:\program files\Common Files\Microsoft Shared\VBA\VBA6\VBACV20VBACV202.0.exe c:\program files\Common Files\Microsoft Shared\VC\MicrosoftVisual.exe c:\program files\Common Files\Microsoft Shared\VGX\WindowsExplorer8.00.6001.187028.0903080339.exe c:\program files\Common Files\Microsoft Shared\Visual Database Tools\VisualStudio7.10.3077.0.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\1033\mdmuimdmui.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\msdbgvs7jit.exe c:\program files\Common Files\Microsoft Shared\Web Components\10\1033\ComponentsOffice.exe c:\program files\Common Files\Microsoft Shared\Web Components\10\OfficeOffice10.0.6712.exe c:\program files\Common Files\Microsoft Shared\Web Components\11\1033\OfficeOffice.exe c:\program files\Common Files\Microsoft Shared\Web Components\11\OfficeMicrosoft.exe c:\program files\Common Files\Microsoft Shared\Web Folders\1033\Microsoftnsextint.exe c:\program files\Common Files\Microsoft Shared\web server extensions\12\BIN\systemsystem.exe c:\program files\Common Files\Microsoft Shared\web server extensions\40\bin\fp4AwecFrontPage.exe c:\program files\Common Files\Microsoft Shared\web server extensions\50\bin\1033\TCPTESTMicrosoft.exe c:\program files\Common Files\Microsoft Shared\web server extensions\50\bin\OfficeMicrosoft10.0.2623.exe c:\program files\Common Files\Microsoft Shared\web server extensions\50\bots\vinavbar\VINAVBARMicrosoft10.0.3103.exe c:\program files\Common Files\Microsoft Shared\web server extensions\50\isapi\_vti_adm\MicrosoftADMIN.exe c:\program files\Common Files\Microsoft Shared\web server extensions\50\isapi\_vti_aut\MicrosoftOffice.exe c:\program files\Common Files\Microsoft Shared\web server extensions\50\isapi\OfficeOffice.exe c:\program files\Common Files\Microsoft Shared\web server extensions\50\servsupp\OfficeFP30MSFT.exe c:\program files\Common Files\Microsoft Shared\web server extensions\60\BIN\DocumentConverters.exe c:\program files\Common Files\MSSoap\Binaries\Resources\1033\MicrosoftMSSOAPR.exe c:\program files\Common Files\MSSoap\Binaries\SoapMicrosoft.exe c:\program files\Common Files\Roxio Shared\CDEngine\EngineEasy6.1.1.48.exe c:\program files\Common Files\Roxio Shared\CreatorAPI\ISO9660Creator.exe c:\program files\Common Files\Roxio Shared\DLLShared\WMADLLPhotoSuite.exe c:\program files\Common Files\Roxio Shared\DragonBurningEngine\EngineDragon.exe c:\program files\Common Files\Roxio Shared\floatingFX\ModuleFloatingEffects.exe c:\program files\Common Files\Roxio Shared\Homeutils\HOMEUTILSrcsl.exe c:\program files\Common Files\Roxio Shared\Label Creator\LTFIL12NWin3212.1.0.026.exe c:\program files\Common Files\Roxio Shared\Label Creator\Page files\RingSizeAPLI.exe c:\program files\Common Files\Roxio Shared\Project Selector\Easyprojselector.exe c:\program files\Common Files\Roxio Shared\SharedCom\WNASPI32TreeCtrl.exe c:\program files\Common Files\Roxio Shared\Support\Scannerroxiscan.exe c:\program files\Common Files\Roxio Shared\System\UninstallerEngUtil6.1.0.7.exe c:\program files\Common Files\Roxio Shared\Upgrade\OBFWrapCreator.exe c:\program files\Common Files\Sony Shared\MusicAnalysis\mmlib\MMLib11MMLib11.exe c:\program files\Common Files\SpeechEngines\Microsoft\SPCOMMONMicrosoft.exe c:\program files\Common Files\SpeechEngines\Microsoft\SR61\1033\MicrosoftSpeech.exe c:\program files\Common Files\SpeechEngines\Microsoft\SR61\SpeechSPSRENG.exe c:\program files\Common Files\SpeechEngines\Microsoft\TTS\1033\WindowsTMSAPI5.exe c:\program files\Common Files\Symantec Shared\ccProSubccDec2.2.0.577.exe c:\program files\Common Files\Symantec Shared\Decomposers\DEC2CABFile.exe c:\program files\Common Files\Symantec Shared\IDSDefs\SymantecSecurity.exe c:\program files\Common Files\Symantec Shared\SSC\SymantecSymantec9.0.0.1400.exe c:\program files\Common Files\Symantec Shared\VirusDefs\20090404.003\navengServer.exe c:\program files\Common Files\Symantec Shared\VirusDefs\20100608.004\ECOMAntivirus.exe c:\program files\Common Files\Symantec Shared\VirusDefs\20100612.003\navex32aServer.exe c:\program files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15Antivirus.exe c:\program files\Common Files\Symantec Shared\VirusDefs\tmp22.tmp\navengSymantec20081.3.1.11.exe c:\program files\Common Files\Symantec Shared\VirusDefs\tmpA.tmp\ccEraserECOMSRVR.exe c:\program files\Common Files\System\msadc\msdaprstmsdarem.exe c:\program files\Common Files\System\MSMAPI\1033\Microsoftmsmapi32.exe c:\program files\Common Files\System\Ole DB\msdmineMicrosoft.exe c:\program files\Common Files\System\Ole DB\resources\1033\scannerSoftWare.exe c:\program files\Common Files\System\Ole DB\resources\1033\ServicesConnection.exe c:\program files\CyberLink\PowerDVD\DVDRESAppBarComRES.exe c:\program files\CyberLink\Shared Files\AudioFilter\Playerclwo.exe c:\program files\CyberLink\Shared Files\NavFilter\CyberLinkFilter.exe c:\program files\CyberLink\Shared Files\VideoFilter\CLLine21PowerDVD.exe c:\program files\Google\Common\Google Updater\UpdaterGoogle.exe c:\program files\Google\Google Earth\client\MSVCR80MSVCP80.exe c:\program files\Google\Google Earth\plugin\ie\5.2.1.1588\Microsoftgeexpat.exe c:\program files\Google\Google Earth\plugin\MSVCP80MSVCR80.exe c:\program files\Google\Google Toolbar\GoogleToolbarUserExplorer.exe c:\program files\Google\GoogleToolbarNotifier\5.4.4525.1752\GoogleToolbarNotifierGoogleToolbarNotifier.exe c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifierGoogleToolbarNotifier.exe c:\program files\Google\GoogleToolbarNotifier\swg-5.3.4501.1418\GoogleToolbarNotifierGoogleToolbarNotifier.exe c:\program files\Google\GoogleToolbarNotifier\swg-5.4.4525.1752\GoogleToolbarNotifierGoogleToolbarNotifier.exe c:\program files\Google\Picasa3\cdautorun\Picasa CD Slideshow.app\Contents\MacOS\PicasaSlides.exe c:\program files\Google\Picasa3\cdautorun\Picasa Restore.app\Contents\MacOS\PicasaRest.exe c:\program files\Google\Picasa3\cdautorun\PicasaPicasa.exe c:\program files\Google\Picasa3\PicasaPicasa.exe c:\program files\Google\Picasa3\plugins\CDVDR\PxWavePrassi4.4.46.500.exe c:\program files\Google\Picasa3\plugins\expwebsites\PicasaPicasa.exe c:\program files\Google\Update\1.2.183.23\GoogleGoopdateres.exe c:\program files\Google\Update\GoogleUpdateUpdate.exe c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Drivers\dot4\Win2000\PmlRtlHPPTPTS.exe c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Drivers\Scanner\Moduleallinone.exe c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\enu\drivers\com_lang\HPOJFAXHPOFAX07.exe c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\enu\drivers\win9x_me\usbmonDot4Mon.exe c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\MSVCRTimaging.exe c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\setup\UninstallerHPZscr01.exe c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\AiO\OfficeJetOfficeJet.exe c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\common\DeskJetDeskJet214000.exe c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\WindowsSystem.exe c:\program files\Hewlett-Packard\Digital Imaging\Album\Artwork\VersionRepository2.0.0.126.exe c:\program files\Hewlett-Packard\Digital Imaging\Album\Help\RepositoryVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\Album\LinkLibrary.exe c:\program files\Hewlett-Packard\Digital Imaging\Album\Templates\VersionRepository.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\common\css\VersionRepository.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\common\htc\RepositoryVersion2.0.0.309.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\common\img\RepositoryVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\common\js\RepositoryVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\director\js\imaginghpq08.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\css\RepositoryVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\img\VersionRepository.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\js\RepositoryVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\loc\VersionRepository.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\instantshare\VersionRepository.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\phunload\css\VersionRepository.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\phunload\img\VersionRepository.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\phunload\js\VersionRepository.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\phunload\loc\RepositoryVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\phunload\RepositoryVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\scan\css\RepositoryVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\scan\img\RepositoryVersion2.0.0.309.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\scan\js\RepositoryVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\scan\loc\RepositoryVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\bbfe\scan\RepositoryVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\seriesdigital.exe c:\program files\Hewlett-Packard\Digital Imaging\data\bmp\VersionVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\data\RepositoryVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\Diagnostics\Loggingdiagnostics.exe c:\program files\Hewlett-Packard\Digital Imaging\DocProc\DPCprojectpsfmtcp8.exe c:\program files\Hewlett-Packard\Digital Imaging\Help\imagingdigital.exe c:\program files\Hewlett-Packard\Digital Imaging\hp psc 1100 series\help\SupportWebsite.exe c:\program files\Hewlett-Packard\Digital Imaging\Migrate\hpgwiamdhpgtpusd.exe c:\program files\Hewlett-Packard\Digital Imaging\Unload\ModuleVersion.exe c:\program files\Hewlett-Packard\Digital Imaging\Unload\VersionHpqUnld.exe c:\program files\Hewlett-Packard\hpis\bin\clientmotktmotivede.exe c:\program files\Hewlett-Packard\hpis\common\SystemSystem.exe c:\program files\Hewlett-Packard\Memories Disc\audio\AmericanFolk.exe c:\program files\Hewlett-Packard\Memories Disc\Softwarehpodxml.exe c:\program files\InstallShield Installation Information\{6202DCFE-2F03-445C-9885-CB54B062BC0F}\setup7Setup.exe c:\program files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SetupSetup.exe c:\program files\InstallShield Installation Information\{7C21EEE0-E6FD-11D4-BD19-00D0B702AEC0}\SetupInstallShield.exe c:\program files\InstallShield Installation Information\{8A708DD8-A5E6-11D4-A706-000629E95E20}\LauncherInstallShield.exe c:\program files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\SetupSetup.exe c:\program files\InstallShield Installation Information\{CFA887E7-1FE7-4DD0-86AB-CACD6B0531CE}\InstallShieldSetup701.exe c:\program files\InstallShield Installation Information\{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}\setup7setup7.exe c:\program files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\InstallShieldSetup.exe c:\program files\Internet Explorer\1033\ErrorReporting.exe c:\program files\Internet Explorer\Connection Wizard\OperatingICWCONN2.exe c:\program files\Internet Explorer\en-US\jsdebuggerideWindows.exe c:\program files\Internet Explorer\IE Uninstall\MicrosoftW2KExcp.exe c:\program files\Internet Explorer\MUI\0409\FrameworkMSCORIER.exe c:\program files\Internet Explorer\W2K\OperatingSystem.exe c:\program files\Internet Explorer\W2K\OperatingW2KExcp.exe c:\program files\iPod\bin\iPodService.Resources\da.lproj\iPodServiceLocalizediTunes.exe c:\program files\iPod\bin\iPodService.Resources\de.lproj\iPodServiceLocalizediTunes9.2.0.47.exe c:\program files\iPod\bin\iPodService.Resources\en.lproj\iTunesiPodServiceLocalized.exe c:\program files\iPod\bin\iPodService.Resources\en_GB.lproj\iTunesiTunes9.2.0.47.exe c:\program files\iPod\bin\iPodService.Resources\es.lproj\iTunesiTunes.exe c:\program files\iPod\bin\iPodService.Resources\fi.lproj\iPodServiceLocalizediTunes.exe c:\program files\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalizediTunes.exe c:\program files\iPod\bin\iPodService.Resources\iPodServiceiTunes.exe c:\program files\iPod\bin\iPodService.Resources\it.lproj\iPodServiceLocalizediTunes.exe c:\program files\iPod\bin\iPodService.Resources\ja.lproj\iTunesiPodServiceLocalized9.2.0.47.exe c:\program files\iPod\bin\iPodService.Resources\ko.lproj\iTunesiPodServiceLocalized.exe c:\program files\iPod\bin\iPodService.Resources\nb.lproj\iPodServiceLocalizediTunes.exe c:\program files\iPod\bin\iPodService.Resources\nl.lproj\iTunesiTunes.exe c:\program files\iPod\bin\iPodService.Resources\pl.lproj\iTunesiPodServiceLocalized.exe c:\program files\iPod\bin\iPodService.Resources\pt.lproj\iTunesiPodServiceLocalized.exe c:\program files\iPod\bin\iPodService.Resources\pt_PT.lproj\iPodServiceLocalizediTunes.exe c:\program files\iPod\bin\iPodService.Resources\ru.lproj\iTunesiPodServiceLocalized.exe c:\program files\iPod\bin\iPodService.Resources\sv.lproj\iTunesiPodServiceLocalized.exe c:\program files\iPod\bin\iPodService.Resources\zh_CN.lproj\iTunesiPodServiceLocalized.exe c:\program files\iPod\bin\iPodService.Resources\zh_TW.lproj\iTunesiPodServiceLocalized.exe c:\program files\iPod\bin\iTunesiTunes.exe c:\program files\iTunes\iTunes.Resources\da.lproj\iTunesLocalizediTunes.exe c:\program files\iTunes\iTunes.Resources\de.lproj\iTunesLocalizediTunes.exe c:\program files\iTunes\iTunes.Resources\en.lproj\iTunesLocalizediTunes.exe c:\program files\iTunes\iTunes.Resources\en_GB.lproj\iTunesiTunesLocalized.exe c:\program files\iTunes\iTunes.Resources\es.lproj\iTunesLocalizediTunesLocalized.exe c:\program files\iTunes\iTunes.Resources\fi.lproj\iTunesLocalizediTunesLocalized.exe c:\program files\iTunes\iTunes.Resources\fr.lproj\iTunesLocalizediTunes.exe c:\program files\iTunes\iTunes.Resources\it.lproj\iTunesiTunesLocalized.exe c:\program files\iTunes\iTunes.Resources\iTunesRegistryiTunes.exe c:\program files\iTunes\iTunes.Resources\ja.lproj\iTunesLocalizediTunes.exe c:\program files\iTunes\iTunes.Resources\ko.lproj\iTunesLocalizediTunes.exe c:\program files\iTunes\iTunes.Resources\nb.lproj\iTunesiTunesLocalized.exe c:\program files\iTunes\iTunes.Resources\nl.lproj\iTunesiTunesLocalized9.2.0.47.exe c:\program files\iTunes\iTunes.Resources\pl.lproj\iTunesLocalizediTunesLocalized9.2.0.47.exe c:\program files\iTunes\iTunes.Resources\pt.lproj\iTunesiTunesLocalized9.2.0.47.exe c:\program files\iTunes\iTunes.Resources\pt_PT.lproj\iTunesLocalizediTunes.exe c:\program files\iTunes\iTunes.Resources\ru.lproj\iTunesiTunesLocalized.exe c:\program files\iTunes\iTunes.Resources\sv.lproj\iTunesLocalizediTunesLocalized.exe c:\program files\iTunes\iTunes.Resources\zh_CN.lproj\iTunesLocalizediTunesLocalized.exe c:\program files\iTunes\iTunes.Resources\zh_TW.lproj\iTunesLocalizediTunes.exe c:\program files\iTunes\iTunesHelper.Resources\da.lproj\iTunesHelperLocalizediTunesHelperLocalized.exe c:\program files\iTunes\iTunesHelper.Resources\de.lproj\iTunesHelperLocalizediTunesHelperLocalized.exe c:\program files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalizediTunesHelperLocalized.exe c:\program files\iTunes\iTunesHelper.Resources\en_GB.lproj\iTunesHelperLocalizediTunesHelperLocalized.exe c:\program files\iTunes\iTunesHelper.Resources\es.lproj\iTunesiTunesHelperLocalized9.2.0.47.exe c:\program files\iTunes\iTunesHelper.Resources\fi.lproj\iTunesiTunesHelperLocalized.exe c:\program files\iTunes\iTunesHelper.Resources\fr.lproj\iTunesiTunesHelperLocalized.exe c:\program files\iTunes\iTunesHelper.Resources\it.lproj\iTunesHelperLocalizediTunes.exe c:\program files\iTunes\iTunesHelper.Resources\iTunesHelperiTunesHelper.exe c:\program files\iTunes\iTunesHelper.Resources\ja.lproj\iTunesHelperLocalizediTunes9.2.0.47.exe c:\program files\iTunes\iTunesHelper.Resources\ko.lproj\iTunesHelperLocalizediTunesHelperLocalized.exe c:\program files\iTunes\iTunesHelper.Resources\nb.lproj\iTunesHelperLocalizediTunesHelperLocalized9.2.0.47.exe c:\program files\iTunes\iTunesHelper.Resources\nl.lproj\iTunesiTunesHelperLocalized.exe c:\program files\iTunes\iTunesHelper.Resources\pl.lproj\iTunesHelperLocalizediTunes.exe c:\program files\iTunes\iTunesHelper.Resources\pt.lproj\iTunesHelperLocalizediTunesHelperLocalized.exe c:\program files\iTunes\iTunesHelper.Resources\pt_PT.lproj\iTunesHelperLocalizediTunes.exe c:\program files\iTunes\iTunesHelper.Resources\ru.lproj\iTunesHelperLocalizediTunesHelperLocalized9.2.0.47.exe c:\program files\iTunes\iTunesHelper.Resources\sv.lproj\iTunesHelperLocalizediTunes.exe c:\program files\iTunes\iTunesHelper.Resources\zh_CN.lproj\iTunesiTunesHelperLocalized9.2.0.47.exe c:\program files\iTunes\iTunesHelper.Resources\zh_TW.lproj\iTunesHelperLocalizediTunes.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\da.lproj\iTunesiTunesMiniPlayerLocalized.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\de.lproj\iTunesMiniPlayerLocalizediTunesMiniPlayerLocalized.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalizediTunes.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\en_GB.lproj\iTunesMiniPlayerLocalizediTunesMiniPlayerLocalized.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\es.lproj\iTunesiTunesMiniPlayerLocalized.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\fi.lproj\iTunesMiniPlayerLocalizediTunes.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalizediTunes.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\it.lproj\iTunesiTunesMiniPlayerLocalized.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayeriTunes.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\ja.lproj\iTunesMiniPlayerLocalizediTunesMiniPlayerLocalized.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\ko.lproj\iTunesiTunesMiniPlayerLocalized.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\nb.lproj\iTunesMiniPlayerLocalizediTunesMiniPlayerLocalized.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\nl.lproj\iTunesMiniPlayerLocalizediTunesMiniPlayerLocalized.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\pl.lproj\iTunesMiniPlayerLocalizediTunes9.2.0.47.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\pt.lproj\iTunesiTunesMiniPlayerLocalized9.2.0.47.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\pt_PT.lproj\iTunesiTunesMiniPlayerLocalized.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\ru.lproj\iTunesiTunesMiniPlayerLocalized9.2.0.47.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\sv.lproj\iTunesiTunesMiniPlayerLocalized.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\zh_CN.lproj\iTunesMiniPlayerLocalizediTunesMiniPlayerLocalized.exe c:\program files\iTunes\iTunesMiniPlayer.Resources\zh_TW.lproj\iTunesiTunesMiniPlayerLocalized9.2.0.47.exe c:\program files\iTunes\UniversaliTunes.exe c:\program files\Java\jre6\bin\client\JavaTMPlatform14.3.0.01.exe c:\program files\Java\jre6\bin\new_plugin\Javanpdeploytk.exe c:\program files\Java\jre6\bin\Pluginjavarmi.exe c:\program files\Java\jre6\lib\deploy\jqs\ie\JavaTMPlatform.exe c:\program files\Malwarebytes' Anti-Malware\Malwarebytesmbam.exe c:\program files\Messenger\msmsgsmsmsgsc9.0.2600.5512.0804132105.exe c:\program files\Microsoft ActiveSync\Drivers\SFXCABSFXCAB.exe c:\program files\Microsoft ActiveSync\pwoffcnvminshell.exe c:\program files\Microsoft Office\media\cagcat10\1033\OrganizerMicrosoft.exe c:\program files\Microsoft Office\media\cagcat10\MediaStoreElements12.0.4518.1014.exe c:\program files\Microsoft Office\media\OFFICE11\1033\MicrosoftClip10.0.5100.exe c:\program files\Microsoft Office\media\OFFICE11\AUTOSHAP\versionMicrosoft.exe c:\program files\Microsoft Office\media\OFFICE11\LINES\Clipversion.exe c:\program files\Microsoft Office\media\OFFICE11\Organizerversion.exe c:\program files\Microsoft Office\media\OFFICE12\1033\Office10Clip.exe c:\program files\Microsoft Office\media\OFFICE12\AUTOSHAP\AutoShapOffice.exe c:\program files\Microsoft Office\media\OFFICE12\ElementsOffice10.exe c:\program files\Microsoft Office\media\OFFICE12\LINES\OfficeGlobal.exe c:\program files\Microsoft Office\OFFICE11\1033\CopyOffice.exe c:\program files\Microsoft Office\OFFICE11\1033\DataServices\ConnectSource.exe c:\program files\Microsoft Office\OFFICE11\1036\WWASumOffice.exe c:\program files\Microsoft Office\OFFICE11\3082\WW9ASumWW9ASum9.0.2506.exe c:\program files\Microsoft Office\OFFICE11\inputWindowsTM.exe c:\program files\Microsoft Office\OFFICE11\Migration\MIGRATEMicrosoft.exe c:\program files\Microsoft Office\OFFICE11\VS Runtime\1033\VSBrowseUIEnvironment7.00.9064.9112.exe c:\program files\Microsoft Office\OFFICE11\VS Runtime\VSDebugvsbrowse.exe c:\program files\Microsoft Office\Office12\1033\ACCVDTUIViewer.exe c:\program files\Microsoft Office\Office12\1033\DataServices\ConnectData.exe c:\program files\Microsoft Office\Office12\1036\MicrosoftWWASum10.0.2411.exe c:\program files\Microsoft Office\Office12\3082\WW9ASumOffice.exe c:\program files\Microsoft Office\Office12\ADDINS\StudioVisual7.10.2179.0.exe c:\program files\Microsoft Office\Office12\CONVERT\1033\localdvtransmrr.exe c:\program files\Microsoft Office\Office12\CONVERT\transmgrtransmgr.exe c:\program files\Microsoft Office\Office12\Document Parts\1033\BuildingBlocksd.exe c:\program files\Microsoft Office\Office12\mlcfg32Microsoft.exe c:\program files\Microsoft Office\Office12\QUERIES\InvestorMoneyCentral.exe c:\program files\Microsoft Works\1033\WorksWKImgLng.exe c:\program files\Microsoft Works\LFGIF13NWin3213.0.0.086.exe c:\program files\Microsoft.NET\Primary Interop Assemblies\fromtype.exe c:\program files\Movie Maker\WMM2EXTWMM2FXB2.1.4026.0.exe c:\program files\MSN Gaming Zone\Windows\ZoneHearts.exe c:\program files\msn\msncorefiles\install\msn9components\MicrosoftROperating.exe c:\program files\msn\msncorefiles\install\WEXTRACTOperating.exe c:\program files\msn\msncorefiles\oobe\SystemSystem.exe c:\program files\Norton Security Scan\Engine\2.7.3.34\SAUpdtStandalone.exe c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\ComponentsStandalone.exe c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.7.3.34\Microsoft.VC80.CRT\MicrosoftStudio.exe c:\program files\OfficeUpdate11\OfficeMicrosoft.exe c:\program files\Online Services\Servicemore.exe c:\program files\Pan Vision\Springdale\BuildingBlocks\VRimmersiveVirtools.exe c:\program files\Pan Vision\Springdale\InterfacePlugins\ActionEditorVirtools.exe c:\program files\Pan Vision\Springdale\Managers\VirtoolsWebserverManager3.0.0.97.exe c:\program files\Pan Vision\Springdale\plugins\VirtoolsXLoader.exe c:\program files\Pan Vision\Springdale\renderengines\RuntimeCK23D.exe c:\program files\Pan Vision\Springdale\renderengines\VirtoolsVirtools.exe c:\program files\Pan Vision\Springdale\VirtoolsVirtools.exe c:\program files\QuickTime\PictureViewer.Resources\da.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\PictureViewer.Resources\de.lproj\QuickTimePictureViewer7.6.61660.exe c:\program files\QuickTime\PictureViewer.Resources\en.lproj\PictureViewerQuickTime.exe c:\program files\QuickTime\PictureViewer.Resources\es.lproj\PictureViewerQuickTime.exe c:\program files\QuickTime\PictureViewer.Resources\fi.lproj\PictureViewerQuickTime.exe c:\program files\QuickTime\PictureViewer.Resources\fr.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\PictureViewer.Resources\fr.lproj\SoftWarescanner.exe c:\program files\QuickTime\PictureViewer.Resources\it.lproj\QuickTimePictureViewer.exe c:\program files\QuickTime\PictureViewer.Resources\ja.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\PictureViewer.Resources\ko.lproj\PictureViewerQuickTime.exe c:\program files\QuickTime\PictureViewer.Resources\ko.lproj\scannerscanner.exe c:\program files\QuickTime\PictureViewer.Resources\nb.lproj\QuickTimePictureViewer.exe c:\program files\QuickTime\PictureViewer.Resources\nl.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\PictureViewer.Resources\pl.lproj\QuickTimePictureViewer.exe c:\program files\QuickTime\PictureViewer.Resources\pt.lproj\QuickTimePictureViewer.exe c:\program files\QuickTime\PictureViewer.Resources\pt_PT.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\PictureViewer.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\PictureViewer.Resources\ru.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\PictureViewer.Resources\sv.lproj\PictureViewerQuickTime7.6.6.exe c:\program files\QuickTime\PictureViewer.Resources\zh_CN.lproj\QuickTimePictureViewer.exe c:\program files\QuickTime\PictureViewer.Resources\zh_TW.lproj\QuickTimePictureViewer.exe c:\program files\QuickTime\Plugins\QuickTimeQuickTime.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\da.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\de.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\en.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\es.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\fi.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\fr.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\it.lproj\QuickTimeQuickTimeResources7.6.6.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\ja.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\ko.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\nb.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\nl.lproj\QuickTimeResourcesQuickTimeResources7.6.61660.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\nl.lproj\scannerscanner.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\pl.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\pt.lproj\RecursosQuickTimeRecursosQuickTime.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\pt_PT.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\QuickTimeResourcesQuickTime7.6.61673.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\ru.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\sv.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_CN.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\PropertyPanels\PanelHelperBase.Resources\zh_TW.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\da.lproj\QuickTimeQuickTimeResources7.6.6.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\de.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\en.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\es.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\fi.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\fr.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\it.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ja.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ko.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\nb.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\nl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pt.lproj\RecursosQuickTimeRecursosQuickTime7.6.6.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\pt_PT.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\ru.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\sv.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_CN.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\PropPanelHelpers.Resources\zh_TW.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\PropertyPanels\QuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\da.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\de.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\en.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\es.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\fi.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\fr.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\it.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\ja.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\ko.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\nb.lproj\QuickTimeQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\nl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\pl.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\pt.lproj\RecursosQuickTimeRecursosQuickTime.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\pt_PT.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\ru.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\sv.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\zh_CN.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\CoreVideo.Resources\zh_TW.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\da.lproj\QuickTimeQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\de.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\es.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\fi.lproj\QuickTimeQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\fr.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\it.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\ja.lproj\QuickTimeQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\ko.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\nb.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\nl.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\pl.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\pt.lproj\QuickTimeQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\pt_PT.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\ru.lproj\QuickTimeQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\sv.lproj\QuickTimeQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\zh_CN.lproj\QuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime.Resources\zh_TW.lproj\QuickTimeQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\da.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\de.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\es.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\fi.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\fr.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\it.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\ja.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\ko.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\nb.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\nl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\pl.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\pt.lproj\RecursosQuickTimeRecursosQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\pt_PT.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\ru.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\sv.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_CN.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime3GPP.Resources\zh_TW.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\da.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\de.lproj\QuickTimeResourcesQuickTime7.6.61660.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\en.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\es.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\fi.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\fr.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\it.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\ja.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\ko.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\nb.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\nl.lproj\QuickTimeQuickTimeResources7.6.61660.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pt.lproj\QuickTimeRecursosQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\pt_PT.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\ru.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\sv.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_CN.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTime3GPPAuthoring.Resources\zh_TW.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\CoreAudioResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\da.lproj\QuickTimeAudioSupportQuickTimeAudioSupport.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\de.lproj\QuickTimeAudioSupportQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\es.lproj\QuickTimeAudioSupportQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\fi.lproj\QuickTimeAudioSupportQuickTime7.9.2.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\fr.lproj\QuickTimeQuickTimeAudioSupport.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\it.lproj\QuickTimeAudioSupportQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ja.lproj\QuickTimeAudioSupportQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ko.lproj\QuickTimeAudioSupportQuickTimeAudioSupport.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nb.lproj\QuickTimeQuickTimeAudioSupport.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\nl.lproj\QuickTimeQuickTimeAudioSupport.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pl.lproj\QuickTimeAudioSupportQuickTime7.9.2.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt.lproj\QuickTimeSuporteudioQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\pt_PT.lproj\QuickTimeQuickTimeAudioSupport.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\ru.lproj\QuickTimeAudioSupportQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\sv.lproj\QuickTimeQuickTimeAudioSupport7.9.2.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_CN.lproj\QuickTimeQuickTimeAudioSupport.exe c:\program files\QuickTime\QTSystem\QuickTimeAudioSupport.Resources\zh_TW.lproj\QuickTimeAudioSupportQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\da.lproj\QuickTimeAuthoringQuickTimeAuthoring7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\de.lproj\QuickTimeQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\en.lproj\QuickTimeQuickTimeAuthoring7.6.61673.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\es.lproj\QuickTimeQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fi.lproj\QuickTimeAuthoringQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\fr.lproj\QuickTimeAuthoringQuickTimeAuthoring7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\it.lproj\QuickTimeAuthoringQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ja.lproj\QuickTimeQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ko.lproj\QuickTimeQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\nb.lproj\QuickTimeQuickTimeAuthoring7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\nl.lproj\QuickTimeQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pl.lproj\QuickTimeQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt.lproj\QuickTimeAuthoringQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\pt_PT.lproj\QuickTimeQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\ru.lproj\QuickTimeQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\sv.lproj\QuickTimeQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_CN.lproj\QuickTimeQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeAuthoring.Resources\zh_TW.lproj\QuickTimeAuthoringQuickTimeAuthoring.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\da.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\de.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\en.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\es.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\fi.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\fr.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\it.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\ja.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\ko.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\nb.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\nl.lproj\QuickTimeResourcesQuickTime7.6.61660.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\pl.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\pt.lproj\RecursosQuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\pt_PT.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\ru.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\sv.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\sv.lproj\scannerSoftWare.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\zh_CN.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeCapture.Resources\zh_TW.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\da.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\de.lproj\QuickTimeResourcesQuickTime7.6.61660.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\en.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\es.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\fi.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\fr.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\it.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\ja.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\ko.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\nb.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\nl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\pl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\pt.lproj\RecursosQuickTimeRecursosQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\pt_PT.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\ru.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\sv.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\zh_CN.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeEffects.Resources\zh_TW.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\da.lproj\QuickTimeQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\de.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\es.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\fi.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\fr.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\it.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ja.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ko.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\nb.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\nl.lproj\QuickTimeResourcesQuickTimeResources7.6.61660.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\pl.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\pt.lproj\RecursosQuickTimeRecursosQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\pt_PT.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\ru.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\sv.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_CN.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeEssentials.Resources\zh_TW.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\da.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\de.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\es.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\fi.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\fr.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\it.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\ja.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\ko.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\nb.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\nl.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\nl.lproj\scannerSoftWare.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\pl.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\pt.lproj\RecursosQuickTimeQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\pt_PT.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\QuickTimeResourcesQuickTime7.6.61673.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\ru.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\sv.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\zh_CN.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeH264.Resources\zh_TW.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\da.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\de.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\en.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\es.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\fi.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\fr.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\it.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\ja.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\ko.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\nb.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\nl.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\pl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\pt.lproj\RecursosQuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\pt_PT.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\ru.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\sv.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\zh_CN.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\zh_TW.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeImage.Resources\zh_TW.lproj\scannerscanner.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\da.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\de.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\es.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\fi.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\fr.lproj\QuickTimeQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\it.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ja.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ko.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\nb.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\nl.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pt.lproj\RecursosQuickTimeRecursosQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\pt_PT.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\ru.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\sv.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\zh_CN.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeInternetExtras.Resources\zh_TW.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\da.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\de.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\en.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\es.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\fi.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\fr.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\it.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\ja.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\ko.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\nb.lproj\QuickTimeQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\nl.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\pl.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\pt.lproj\RecursosQuickTimeRecursosQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\pt_PT.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\ru.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\sv.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\zh_CN.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG.Resources\zh_TW.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\da.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\de.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\en.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\es.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\fi.lproj\QuickTimeQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\fr.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\it.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ja.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ko.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\nb.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\nl.lproj\QuickTimeResourcesQuickTime7.6.61660.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pt.lproj\QuickTimeRecursosQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\pt_PT.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\ru.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\sv.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\zh_CN.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\zh_TW.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4.Resources\zh_TW.lproj\scannerscanner.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\da.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\de.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\en.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\es.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\fi.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\fr.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\it.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ja.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ko.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\nb.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\nl.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pl.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pt.lproj\RecursosQuickTimeRecursosQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\pt_PT.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\ru.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\sv.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_CN.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeMPEG4Authoring.Resources\zh_TW.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\da.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\de.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\en.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\es.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\fi.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\fr.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\it.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\ja.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\ko.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\nb.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\nl.lproj\QuickTimeResourcesQuickTimeResources7.6.61660.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\pl.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\pt.lproj\RecursosQuickTimeQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\pt_PT.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\ru.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\sv.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\sv.lproj\scannerSoftWare.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\zh_CN.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeMusic.Resources\zh_TW.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\da.lproj\QuickTimeQuickTimeStreaming.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\de.lproj\StreamingQuickTimeStreaming.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\en.lproj\StreamingStreaming.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\es.lproj\StreamingQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\fi.lproj\QuickTimeStreamingQuickTimelhetys.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\fr.lproj\EnchanementQuickTimeStreaming.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\it.lproj\QuickTimeQuickTimeStreaming.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\ja.lproj\QuickTimeStreamingQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\ko.lproj\QuickTimeQuickTimeStreaming7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\nb.lproj\StreamingQuickTimeStreaming.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\nl.lproj\QuickTimestreamingQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\pl.lproj\StrumieniowanieQuickTimeStreaming.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt.lproj\StreamingQuickTimeStreaming7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\pt_PT.lproj\SequnciaQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\ru.lproj\StreamingQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\sv.lproj\QuickTimeStreaming.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_CN.lproj\QuickTimeStreamingQuickTimeStreaming.exe c:\program files\QuickTime\QTSystem\QuickTimeStreaming.Resources\zh_TW.lproj\QuickTimeStreamingQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\da.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\de.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\en.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\es.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\fi.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\fr.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\it.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ja.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ko.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\nb.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\nl.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\pl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\pt.lproj\QuickTimeRecursosQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\pt_PT.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\ru.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\sv.lproj\QuickTimeQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_CN.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingAuthoring.Resources\zh_TW.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\da.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\de.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\es.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\fi.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\fr.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\it.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ja.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ko.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\nb.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\nl.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\pl.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\pt.lproj\QuickTimeRecursosQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\pt_PT.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\ru.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\sv.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_CN.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeStreamingExtras.Resources\zh_TW.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\da.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\de.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\en.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\es.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\fi.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\fr.lproj\QuickTimeQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\it.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\ja.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\ko.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\nb.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\nl.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\pl.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\pt.lproj\RecursosQuickTimeRecursosQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\pt_PT.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\QuickTimeQuickTimeResources7.6.61673.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\ru.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\sv.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\zh_CN.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVR.Resources\zh_TW.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\da.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\de.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\en.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\es.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\fi.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\fr.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\it.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\ja.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\ko.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\nb.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\nl.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pt.lproj\RecursosQuickTimeQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\pt_PT.lproj\QuickTimeResourcesQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\ru.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\sv.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\zh_CN.lproj\QuickTimeQuickTimeResources7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeVRAuthoring.Resources\zh_TW.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\da.lproj\QuickTimeQuickTimeWebHelper7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\de.lproj\QuickTimeQuickTimeWebHelper.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\en.lproj\QuickTimeWebHelperQuickTimeWebHelper.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\es.lproj\QuickTimeWebHelperQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\fi.lproj\QuickTimeWebHelperQuickTime7.6.6.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\fr.lproj\QuickTimeWebHelperQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\it.lproj\QuickTimeWebHelperQuickTimeWebHelper.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ja.lproj\QuickTimeWebHelperQuickTimeWebHelper.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ko.lproj\QuickTimeQuickTimeWebHelper.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nb.lproj\QuickTimeWebHelperQuickTimeWebHelper.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\nl.lproj\QuickTimeWebHelperQuickTimeWebHelper.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pl.lproj\QuickTimeQuickTimeWebHelper.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt.lproj\QuickTimeWebHelperQuickTimeWebHelper.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\pt_PT.lproj\QuickTimeWebHelperQuickTimeWebHelper.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\QuickTimeResourcesQuickTimeResources7.6.61673.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\ru.lproj\QuickTimeWebHelperQuickTime.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\sv.lproj\QuickTimeWebHelperQuickTimeWebHelper.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_CN.lproj\QuickTimeQuickTimeWebHelper.exe c:\program files\QuickTime\QTSystem\QuickTimeWebHelper.Resources\zh_TW.lproj\QuickTimeWebHelperQuickTime.exe c:\program files\QuickTime\QTSystem\UpdateHelperQuickTime.exe c:\program files\QuickTime\QuickTimePlayer.Resources\da.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QuickTimePlayer.Resources\de.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QuickTimePlayer.Resources\en.lproj\QuickTimeResourcesQuickTimeResources7.6.61673.exe c:\program files\QuickTime\QuickTimePlayer.Resources\es.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QuickTimePlayer.Resources\fi.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QuickTimePlayer.Resources\fr.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QuickTimePlayer.Resources\it.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QuickTimePlayer.Resources\ja.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QuickTimePlayer.Resources\ko.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QuickTimePlayer.Resources\nb.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QuickTimePlayer.Resources\nl.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QuickTimePlayer.Resources\pl.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QuickTimePlayer.Resources\pt.lproj\RecursosQuickTimeQuickTime.exe c:\program files\QuickTime\QuickTimePlayer.Resources\pt_PT.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QuickTimePlayer.Resources\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QuickTimePlayer.Resources\ru.lproj\QuickTimeQuickTimeResources.exe c:\program files\QuickTime\QuickTimePlayer.Resources\sv.lproj\QuickTimeResourcesQuickTimeResources.exe c:\program files\QuickTime\QuickTimePlayer.Resources\zh_CN.lproj\QuickTimeResourcesQuickTime.exe c:\program files\QuickTime\QuickTimePlayer.Resources\zh_TW.lproj\QuickTimeResourcesQuickTime7.6.6.exe c:\program files\QuickTime\QuickTimePlayerQuickTimePlayer.exe -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
Do you want me to post the whole log or is there one part in specific that you need because it's rather long. -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
It still comes up with the three infections all the time. -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5065 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/7/2010 16:07:29 mbam-log-2010-11-07 (16-07-29).txt Scan type: Quick scan Objects scanned: 172902 Time elapsed: 24 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\winnt\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Delete on reboot. -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
When I scan it tells me that not all of the infections could be deleted but when I check the log after rebooting, it says that they have been deleted successfully. How do I know that they have been properly deleted? The same thing happens every time I scan. -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
-
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5065 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/7/2010 13:54:53 mbam-log-2010-11-07 (13-54-53).txt Scan type: Quick scan Objects scanned: 171845 Time elapsed: 16 minute(s), 9 second(s) Memory Processes Infected: 5 Memory Modules Infected: 1 Registry Keys Infected: 3 Registry Values Infected: 4 Registry Data Items Infected: 2 Folders Infected: 1 Files Infected: 98 Memory Processes Infected: C:\Documents and Settings\Megs\Local Settings\temp\m.2A1.tmp.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\Documents and Settings\Megs\Application Data\AntiVirus 2010\AntiVirus_Studio_2010.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\Documents and Settings\Megs\Application Data\AntiVirus 2010\securitycenter.exe (Trojan.FakeAlert) -> Unloaded process successfully. C:\Documents and Settings\Megs\Start Menu\Programs\Startup\kuyg.exe (Spyware.Passwords.XGen) -> Unloaded process successfully. C:\Documents and Settings\Megs\Application Data\Epwyit\cuze.exe (Spyware.Passwords.XGen) -> Unloaded process successfully. Memory Modules Infected: C:\Documents and Settings\Megs\Application Data\AntiVirus 2010\taskmgr.dll (Rogue.AntiVirus2010) -> Delete on reboot. Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tfqbujuvudfc (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus 2010 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{d9d3bd0e-300a-65fa-f4ca-3c0608a74d96} (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\winnt\system32\userinit.exe,c:\program files\microsoft\desktoplayer.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\Megs\Application Data\AntiVirus 2010 (Rogue.AntiVirus2010) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Megs\Local Settings\temp\m.2A1.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Application Data\AntiVirus 2010\AntiVirus_Studio_2010.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Application Data\AntiVirus 2010\securitycenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Start Menu\Programs\Startup\kuyg.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Application Data\Epwyit\cuze.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Microsoft Shared\MSInfo\OInfo12system.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Common Files\Microsoft Shared\Web Folders\pkmwsServer12.0.4518.1014.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Common Files\System\SystemSystem.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Common Files\System\ado\MSADOMDJRO21.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\SystemOperating.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\PLUGINS\QuickTimeQuickTime.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\NetMeeting\MST120conf5.1.2600.5512.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\outlook Express\MSIMNOEMIG506.00.2900.5512.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Windows Media Player\WMPNSSCIWindows.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Windows NT\HYPERTRMSystem5.1.2600.0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\system32\Com\ServicesServices.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\system32\spool\prtprocs\w32x86\OfficeMicrosoft.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Local Settings\temp\pdfupd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\EXPLORERalcrmv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\SystemSystem.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\WindowsFramework.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\SystemWindows1.1.4322.2032.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\MicrosoftAccessibility.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\MicrosoftMicrosoft.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\MicrosoftVisual.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgdcscompmgd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgdcscompmgd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalersFramework.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\VisualStudio.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\FrameworkMicrosoft.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\fromIIEHost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\ipdmctrl\11.0.0.0__71e9bce111e9429c\OfficeOffice.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\MicrosoftMicrosoft5.04.00.2904.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\MicrosoftMicrosoft9.05.132.0000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\MicrosoftMicrosoft.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\DirectXMicrosoft9.07.239.0000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\DirectXMicrosoft.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\MicrosoftMicrosoft.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\libraryimported.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.Office.InfoPath.Permission\12.0.0.0__71e9bce111e9429c\MicrosoftOffice.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\mscomctl\10.0.4504.0__31bf3856ad364e35\mscomctlOffice.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\VisualMicrosoft.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\office\12.0.0.0__71e9bce111e9429c\Interopsystem12.0.4518.1014.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Graph\12.0.0.0__71e9bce111e9429c\PolicyPolicy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.InfoPath\12.0.0.0__71e9bce111e9429c\MicrosoftPolicy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\SmartTagPrimary.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\systemInterop.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.Vbe.Interop.Forms\11.0.0.0__71e9bce111e9429c\OfficeForms.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\MicrosoftVisual.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\MicrosoftStudio.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\VisualBasicVisual.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\VisualMicrosoft.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\MicrosoftStudio.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\SystemMicrosoft.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\SystemMicrosoft1.0.3705.6018.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\InstallMicrosoft1.1.4322.573.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\DataSystem.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\SystemSystem1.1.4322.2032.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\SystemSystem1.0.3705.6018.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\MicrosoftSystem.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\MicrosoftDirectoryServices.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\DrawingMicrosoft.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\ThunkThunk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\SystemMicrosoft.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\SystemSystem1.0.3705.6018.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\SystemMessaging.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\SystemRemoting.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\FormattersSoap.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\SystemSystem1.1.4322.2032.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\SecuritySystem.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\MicrosoftFramework1.1.4322.2032.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\MicrosoftVsavbMicrosoftVsaVb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\VisualStudio.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\MicrosoftAccess.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\codedomprocessorCodeDOMProcessor.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Outlook\12.0.0.0__71e9bce111e9429c\OfficePolicy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\FrameworkMicrosoft.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\SystemFramework.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.PowerPoint\12.0.0.0__71e9bce111e9429c\PowerPointOffice12.0.4518.1014.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Publisher\12.0.0.0__71e9bce111e9429c\OfficeOffice.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.SmartTag\12.0.0.0__71e9bce111e9429c\MicrosoftSmartTag.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\assembly\GAC\Policy.11.0.office\12.0.0.0__71e9bce111e9429c\Microsoftoffice.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\Fonts\OEMFONTSSystem.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\Microsoft.NET\Framework\sbssystemsbssystem1.0.0.0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\Microsoft.NET\Framework\v1.0.3705\Updates\MSDDHotfixMSDDHotfix.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW3596\aspnetisapimscorsvr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Application Data\AntiVirus 2010\securityhelper.exe (Rogue.AntiVirus2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Application Data\AntiVirus 2010\taskmgr.dll (Rogue.AntiVirus2010) -> Quarantined and deleted successfully. C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Megs\Start Menu\Programs\AntiVirus 2010.lnk (Rogue.AntiVirus2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Local Settings\temp\kilslmd.exex (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Local Settings\temp\ppddfcfux.exxe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Local Settings\temp\test.exe (Trojan.Zlob) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Local Settings\temp\w32rim_mem.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Local Settings\temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Application Data\Deolcy\rymy.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Local Settings\temp\dfcensored.exe (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Megs\Local Settings\temp\dwl_bqz.exe (Malware.Trace) -> Quarantined and deleted successfully. -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
I have two antivirus security programs that keep pestering me but none of them look familiar. Does AntiVirus Studio 2010 actually exist because when I click exit it comes up with a pop-up that has lots of spelling mistakes in it? I just don't want to do anything until asking you just incase I get rid of something important! -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
I didn't get a list, shold that come up in a new window or do I need to find it somewhere? -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
When I type in iexplore /Uninstall in the run box it comes up with an internet window which says: Internet explorer cannot display the webpage. -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
The day that posted you the log, I have been using a clean computer for a while. -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
Yes I have an internet connection now. -
themed32.dll problem, help!
14luvmusic replied to 14luvmusic's topic in Resolved Malware Removal Logs
ComboFix 10-10-30.09 - Megs 11/03/2010 22:02:05.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1007.334 [GMT 0:00] Running from: c:\documents and settings\Megs\Desktop\iexplore.exe.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Internet Explorer\complete.dat c:\program files\Internet Explorer\dmlconf.dat c:\program files\Internet Explorer\iexploreSrv.exe c:\program files\Microsoft\DesktopLayer.exe c:\program files\Microsoft\DesktopLayerSrv.exe c:\winnt\ExplorerSrv.exe c:\winnt\system\oeminfo.ini c:\winnt\system32\NOTEPADSrv.exe c:\winnt\system32\rundll32Srv.exe c:\winnt\system32\taskmgrSrv.exe c:\winnt\Web\default.htt . ---- Previous Run ------- . C:\~GLHTTP1.TMP c:\documents and settings\standalone\Application Data\alot\Resources\BrowserSearch\images\favicon.ico c:\documents and settings\standalone\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Button_0\images\alot_logo_button.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Button_1\images\alot_image_search.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Button_1\images\alot_news_search.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Button_1\images\alot_search_button.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Button_1\images\alot_shop_search.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Button_1\images\alot_videos_search.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Button_1\images\alot_web_search.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_10\images\3272_icon.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_2\images\alot_configure.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Button_2\images\alot_configure.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_3\images\default_4106_default_2088_mrkt_hot_topic.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Button_3\images\default_4106_default_2088_mrkt_hot_topic.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_4\images\3998_icon.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_5\images\3995_icon.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_6\images\3999_icon.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_7\images\2531_icon.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_8\images\2718_icon.png c:\documents and settings\standalone\Application Data\alot\Resources\Button_9\images\3970_icon.png c:\documents and settings\standalone\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp c:\documents and settings\standalone\Application Data\alot\Resources\contextMenu\images\alot_icon.png c:\documents and settings\standalone\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp c:\documents and settings\standalone\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png c:\documents and settings\standalone\Application Data\alot\Resources\Shared\domains.dat c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\alot_brand.png c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\alot_splitter.png c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\discover.png c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\intro_popup.png c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\spinner.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\widget_bottom.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\widget_caption.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\widget_error_close.bmp c:\documents and settings\standalone\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp c:\documents and settings\standalone\Application Data\alot\toolbar.xml c:\documents and settings\standalone\Application Data\alot\toolbar.xml.backup c:\documents and settings\standalone\Application Data\Apuhzi\abani.exe c:\documents and settings\standalone\Application Data\Duva\awmy.exe c:\documents and settings\standalone\Application Data\Gyud\qyeq.tmp c:\documents and settings\standalone\Application Data\Gyud\qyeq.wed c:\program files\Microsoft\DesktopLayer.exe c:\winnt\system32\drivers\gsmlem.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_IAS -------\Legacy_swvcgxpo -------\Service_swvcgxpo ((((((((((((((((((((((((( Files Created from 2010-10-03 to 2010-11-03 ))))))))))))))))))))))))))))))) . 2010-11-03 18:22 . 2010-11-03 18:23 95744 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapisvrSrv.exe 2010-11-03 16:05 . 2010-11-03 16:56 95744 ----a-w- c:\program files\Windows Media Player\wmplayerSrv.exe 2010-11-01 18:12 . 2010-11-01 18:14 -------- d-----w- c:\program files\UK Truck Simulator 2010-10-31 21:25 . 2010-10-31 21:28 47104 ----a-w- c:\winnt\system32\mshtaSrv.exe 2010-10-31 16:05 . 2008-04-14 00:12 221184 ----a-w- c:\winnt\system32\wmpns.dll 2010-10-31 15:42 . 2010-10-31 15:42 -------- d-----w- C:\32788R22FWJFW.1.tmp 2010-10-31 11:53 . 2010-10-31 11:53 47104 ----a-w- c:\winnt\system32\sstext3dSrv.exe 2010-10-30 12:22 . 2008-04-14 00:12 218624 ----a-w- C:\uxtheme.dll 2010-10-30 11:38 . 2010-11-03 16:16 47104 ----a-w- c:\winnt\system32\verclsidSrv.exe 2010-10-29 20:48 . 2010-10-31 12:07 -------- d-----w- c:\documents and settings\Megs 2010-10-27 16:53 . 2010-10-27 16:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\documents and settings\standalone\Application Data\Xiinpa 2010-10-27 16:47 . 2010-10-27 16:48 -------- d-----w- c:\program files\windows 2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\program files\riv87 2010-10-27 15:28 . 2007-04-04 18:53 81768 ----a-w- c:\winnt\system32\xinput1_3.dll 2010-10-27 15:26 . 2010-10-27 15:26 -------- d-----w- c:\winnt\Logs 2010-10-25 18:32 . 2010-10-25 18:32 -------- d-----w- c:\program files\NCH Swift Sound 2010-10-23 12:09 . 2009-02-26 12:06 521080 ----a-w- C:\POWERPNT.EXE . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-29 18:08 . 2004-08-04 12:00 120192 ----a-w- c:\winnt\system32\drivers\pcmcia.sys 2010-10-21 18:47 . 2009-10-03 13:47 210944 ----a-w- C:\UNWISE.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Synchronization Manager"="mobsync.exe" [2008-04-14 143360] "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2010-10-14 114688] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-10-21 471040] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680] "vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2004-07-20 124112] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888] "SoundMan"="SOUNDMAN.EXE" [2003-03-27 53248] "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2010-10-21 917504] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "internat.exe"="internat.exe" [2002-07-24 20752] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528] "tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\standalone\Start Menu\Programs\Startup\ WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-7-2 2268672] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 196608] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 77824] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\WePrint\\WePrint Server.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [7/1/2010 11:07 59240] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [7/1/2010 11:07 166632] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [7/1/2010 11:07 840936] R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\winnt\system32\drivers\A311.sys [7/6/2004 08:12 33335] R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\winnt\system32\drivers\A310.sys [7/6/2004 08:12 33335] S1 mkh2de0;mkh2de0;c:\winnt\system32\drivers\mkh2de0.sys [2/13/2010 15:00 0] S1 pmk70ea;pmk70ea;c:\winnt\system32\drivers\pmk70ea.sys [2/5/2010 17:52 0] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/26/2009 16:34 135664] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 14:18 169192] S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/6/2004 07:48 49776] . Contents of the 'Scheduled Tasks' folder 2010-11-03 c:\winnt\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50] 2010-11-03 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34] 2010-11-03 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34] 2010-11-02 c:\winnt\Tasks\Norton Security Scan for standalone.job - c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 08:48] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.viglen.co.uk IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) HKLM-Run-Malwarebytes Anti-Malware (rootkit-scan) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe SafeBoot-klmdb.sys AddRemove-Macromedia Shockwave Player - c:\winnt\system32\Macromed\SHOCKW~1\UNWISE.EXE ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-03 22:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(432) c:\winnt\system32\igfxsrvc.dll c:\winnt\system32\hccutils.DLL . Completion time: 2010-11-03 22:29:50 ComboFix-quarantined-files.txt 2010-11-03 22:29 Pre-Run: 3,701,819,392 bytes free Post-Run: 3,649,264,128 bytes free - - End Of File - - 78D7CB8D06323C2843C25A4B4C3EDBBC