Jump to content

themed32.dll problem, help!


Recommended Posts

c:\program files\Roxio\Easy CD Creator 6\AudioCentral\LibraryAudio.exe

c:\program files\Roxio\Easy CD Creator 6\DragToDisc\MRW\MRFINSTMRFINST.exe

c:\program files\Roxio\Easy CD Creator 6\DragToDisc\ScanDiscScanDisc.exe

c:\program files\Roxio\Easy CD Creator 6\Easy CD Creator\DiscEasy.exe

c:\program files\Roxio\Easy CD Creator 6\PMStudio\DzlSDKPMStudio.exe

c:\program files\Roxio\Easy CD Creator 6\Roxio Player\RoxioRoxioPlayer.exe

c:\program files\Sony\Content Transfer\ModuleContent.exe

c:\program files\Sony\Content Transfer\Resources\CHS\resourcefile.exe

c:\program files\Sony\Content Transfer\Resources\CHT\ContentTransferResourcefile.exe

c:\program files\Sony\Content Transfer\Resources\DEU\fileresource.exe

c:\program files\Sony\Content Transfer\Resources\ENU\resourceTransfer.exe

c:\program files\Sony\Content Transfer\Resources\ESP\resourcefile.exe

c:\program files\Sony\Content Transfer\Resources\filefile.exe

c:\program files\Sony\Content Transfer\Resources\FRA\ContentTransfer13023190.exe

c:\program files\Sony\Content Transfer\Resources\ITA\resourceContent13023190.exe

c:\program files\Sony\Content Transfer\Resources\JPN\resourceContentTransferResource.exe

c:\program files\Sony\Content Transfer\Resources\KOR\fileresource.exe

c:\program files\Sony\Content Transfer\Resources\PTB\Transferresource.exe

c:\program files\Sony\Content Transfer\Resources\PTG\fileresource.exe

c:\program files\Sony\Content Transfer\Resources\RUS\Transferfile.exe

c:\program files\Sony\Content Transfer\UpdateChecker\UwcGUILibraryUwcGUILibrary1.0.1.07100.exe

c:\program files\Sony\WALKMAN Guide\NWZ-E440\Backup\Install\InstallerApp\GuideTransfer1.2.0.07300.exe

c:\program files\Sony\WALKMAN Guide\NWZ-E440\Backup\Install\InstallLauncher\SetupLauncherSetupLauncher2.0.0.08040.exe

c:\program files\Sony\WALKMAN Guide\NWZ-E440\Backup\SetupSetup.exe

c:\program files\Sony\WALKMAN Guide\NWZ-E440\WALKMANWALKMANGuide.exe

c:\program files\Symantec AntiVirus\LuaWrapSymClnUp9.0.0.339.exe

c:\program files\Symantec AntiVirus\Virus Defs\naveng32Engine2003.03.0.11.exe

c:\program files\Symantec\LiveUpdate\S32LUHL1NetDetect.exe

c:\program files\Symantec\S32EVNT1SYMEVENT11.4.0.11.exe

c:\program files\WePrint\zlibzlib1.exe

c:\program files\Winamp\Plugins\avs\Community Picks\shitmixing.exe

c:\program files\Winamp\Plugins\avs\texercolormap.exe

c:\program files\Winamp\Plugins\avs\Winamp 5 Picks\skupersremix.exe

c:\program files\Winamp\Plugins\DSP_SPS\downcockos945.exe

c:\program files\Winamp\Plugins\Gracenote\ModuleCDDBControlNSWinamp.exe

c:\program files\Winamp\Plugins\Milkdrop2\presets\SciencemUnchained.exe

c:\program files\Winamp\Plugins\mlwireNowplaying7.10.3052.4.exe

c:\program files\Winamp\System\aacPlusDecoderomBrowser.exe

c:\program files\Winamp\VisualWinamp.exe

c:\program files\Windows Media Connect 2\WindowsSystem.exe

c:\program files\Windows Media Player\1033\DWIntlError.exe

c:\program files\Windows Media Player\Installer\WextractWEXTRACT.exe

c:\program files\Windows Media Player\Roxio\WindowsWMBurn.exe

c:\program files\Windows NT\Accessories\ImageVue\WindowsKodakPrv.exe

c:\program files\Windows NT\Accessories\OperatingMicrosoft5.1.2600.55843.0804211413.exe

c:\program files\Windows NT\Pinball\PINBALLPinball5.1.2600.5512.exe

c:\program files\YouTube Downloader\MSCOMCTLMSCOMCTL.exe

c:\program files\ZipCentral\unins000ZipDLL.exe

c:\winnt\$hf_mig$\KB867282\WindowsSystem.exe

c:\winnt\$hf_mig$\KB873333\update\UPDATEOperating5.5.0033.003.0311130918.exe

c:\winnt\$hf_mig$\KB873339\SP2QFE\WindowsWindows.exe

c:\winnt\$hf_mig$\KB885835\MicrosoftSystem.exe

c:\winnt\$hf_mig$\KB885835\update\UPDATEUPDATE.exe

c:\winnt\$hf_mig$\KB885836\SP2QFE\Documentmswrd632.exe

c:\winnt\$hf_mig$\KB886185\spmsgWindows.exe

c:\winnt\$hf_mig$\KB886185\update\UPDATEWindows.exe

c:\winnt\$hf_mig$\KB887472\SP2QFE\msmsgsmsmsgs.exe

c:\winnt\$hf_mig$\KB887472\update\UPDATEWindows.exe

c:\winnt\$hf_mig$\KB887742\SP2QFE\httphttp.exe

c:\winnt\$hf_mig$\KB887742\WindowsSPUNINST.exe

c:\winnt\$hf_mig$\KB888113\SP2QFE\hlinkhlink.exe

c:\winnt\$hf_mig$\KB888113\update\Windowsspcustom.exe

c:\winnt\$hf_mig$\KB888302\SP2QFE\OperatingWindows.exe

c:\winnt\$hf_mig$\KB890046\SP2QFE\WindowsAgentDpv.exe

c:\winnt\$hf_mig$\KB890047\Microsoftspmsg.exe

c:\winnt\$hf_mig$\KB890175\update\UPDATESystem.exe

c:\winnt\$hf_mig$\KB893756\SystemWindows6.1.0022.4.exe

c:\winnt\$hf_mig$\KB893756\update\SETUPAPIOperating6.1.0022.403.0311130918.exe

c:\winnt\$hf_mig$\KB894391\SP2QFE\WindowsWindows.exe

c:\winnt\$hf_mig$\KB894391\update\OperatingSETUPAPI.exe

c:\winnt\$hf_mig$\KB896358\update\Systemspcustom.exe

c:\winnt\$hf_mig$\KB899587\WindowsWindows.exe

c:\winnt\$hf_mig$\KB899591\update\spcustomWindows.exe

c:\winnt\$hf_mig$\KB900485\update\SETUPAPIUPDATE.exe

c:\winnt\$hf_mig$\KB900725\SP2QFE\OperatingMicrosoft.exe

c:\winnt\$hf_mig$\KB900725\update\WindowsSystem.exe

c:\winnt\$hf_mig$\KB901017\update\SETUPAPIOperating5.1.2600.27572.0509091512.exe

c:\winnt\$hf_mig$\KB901214\Systemspmsg.exe

c:\winnt\$hf_mig$\KB902400\spmsgWindows.exe

c:\winnt\$hf_mig$\KB902400\update\UPDATEUPDATE.exe

c:\winnt\$hf_mig$\KB904942\SP2QFE\OperatingWDIGEST5.1.2600.2874.0603231528.exe

c:\winnt\$hf_mig$\KB904942\SystemMicrosoft.exe

c:\winnt\$hf_mig$\KB905414\SP2QFE\Operatingnetman.exe

c:\winnt\$hf_mig$\KB905749\SP2QFE\WindowsWindows.exe

c:\winnt\$hf_mig$\KB908519\SP2QFE\T2EMBEDWindows.exe

c:\winnt\$hf_mig$\KB908519\spmsgSPUNINST.exe

c:\winnt\$hf_mig$\KB908531\SP2QFE\xpsp3resxpsp3res.exe

c:\winnt\$hf_mig$\KB908531\WindowsSystem6.2.0029.0.exe

c:\winnt\$hf_mig$\KB910437\SP2QFE\SystemOperating5.1.2600.2780.exe

c:\winnt\$hf_mig$\KB911280\SP2QFE\RasmansOperating5.1.2600.2936.exe

c:\winnt\$hf_mig$\KB911280\update\SystemUPDATE6.2.0029.0.exe

c:\winnt\$hf_mig$\KB911562\spmsgWindows.exe

c:\winnt\$hf_mig$\KB911562\update\WindowsUPDATE.exe

c:\winnt\$hf_mig$\KB911927\spmsgSystem6.2.0029.0.exe

c:\winnt\$hf_mig$\KB911927\update\OperatingSETUPAPI.exe

c:\winnt\$hf_mig$\KB913580\SP2QFE\TransactionMicrosoft.exe

c:\winnt\$hf_mig$\KB913580\spmsgSPUNINST.exe

c:\winnt\$hf_mig$\KB913580\update\Windowsspcustom.exe

c:\winnt\$hf_mig$\KB914388\update\SETUPAPIUPDATE.exe

c:\winnt\$hf_mig$\KB914389\Operatingspmsg.exe

c:\winnt\$hf_mig$\KB914389\update\WindowsWindows.exe

c:\winnt\$hf_mig$\KB915865\SystemSPUNINST.exe

c:\winnt\$hf_mig$\KB915865\update\SystemSETUPAPI.exe

c:\winnt\$hf_mig$\KB918118\Systemspmsg.exe

c:\winnt\$hf_mig$\KB918118\update\WindowsUPDATE.exe

c:\winnt\$hf_mig$\KB918439\spmsgSPUNINST.exe

c:\winnt\$hf_mig$\KB919007\SP2QFE\MicrosoftWindows.exe

c:\winnt\$hf_mig$\KB919007\spmsgSystem.exe

c:\winnt\$hf_mig$\KB920213\Microsoftspmsg.exe

c:\winnt\$hf_mig$\KB920213\SP2QFE\AnimationServer.exe

c:\winnt\$hf_mig$\KB920213\update\UPDATESystem.exe

c:\winnt\$hf_mig$\KB920670\WindowsSystem6.2.0029.003.0311130918.exe

c:\winnt\$hf_mig$\KB920685\SPUNINSTWindows.exe

c:\winnt\$hf_mig$\KB920685\update\SystemWindows6.2.0029.0.exe

c:\winnt\$hf_mig$\KB920872\update\UPDATESystem.exe

c:\winnt\$hf_mig$\KB921503\spmsgSystem6.2.0029.003.0311130918.exe

c:\winnt\$hf_mig$\KB922582\spmsgSystem.exe

c:\winnt\$hf_mig$\KB922582\update\UPDATEUPDATE.exe

c:\winnt\$hf_mig$\KB922819\spmsgWindows.exe

c:\winnt\$hf_mig$\KB922819\update\WindowsSystem6.2.0029.0.exe

c:\winnt\$hf_mig$\KB923414\update\Windowsspcustom.exe

c:\winnt\$hf_mig$\KB923561\SP3QFE\WindowsMicrosoft.exe

c:\winnt\$hf_mig$\KB923561\update\spcustomSETUPAPI.exe

c:\winnt\$hf_mig$\KB923980\SPUNINSTWindows.exe

c:\winnt\$hf_mig$\KB924270\SP2QFE\OperatingMicrosoft.exe

c:\winnt\$hf_mig$\KB924496\update\SystemWindows6.2.0029.003.0311130918.exe

c:\winnt\$hf_mig$\KB925902\SP2QFE\SystemSystem.exe

c:\winnt\$hf_mig$\KB925902\spmsgSystem.exe

c:\winnt\$hf_mig$\KB926436\SystemWindows.exe

c:\winnt\$hf_mig$\KB927802\SP2QFE\SystemWindows.exe

c:\winnt\$hf_mig$\KB927802\update\UPDATEspcustom6.2.0029.0.exe

c:\winnt\$hf_mig$\KB927891\update\WindowsWindows.exe

c:\winnt\$hf_mig$\KB927891\WindowsWindows.exe

c:\winnt\$hf_mig$\KB928255\SP2QFE\Windowsxpsp3res.exe

c:\winnt\$hf_mig$\KB928843\SP2QFE\HTMLHHCtrl.exe

c:\winnt\$hf_mig$\KB928843\update\spcustomSETUPAPI6.2.0029.0.exe

c:\winnt\$hf_mig$\KB929123\spmsgWindows6.2.0029.003.0311130918.exe

c:\winnt\$hf_mig$\KB930178\Microsoftspmsg6.2.0029.0.exe

c:\winnt\$hf_mig$\KB930916\SP2QFE\OperatingWindows5.1.2600.30812.0702090034.exe

c:\winnt\$hf_mig$\KB931261\SP2QFE\MicrosoftSystem.exe

c:\winnt\$hf_mig$\KB931784\SP2QFE\OperatingSystem.exe

c:\winnt\$hf_mig$\KB932168\SP2QFE\Dataxpsp3res.exe

c:\winnt\$hf_mig$\KB932823-v3\SP2QFE\WindowsOperating5.1.2600.3319.exe

c:\winnt\$hf_mig$\KB932823-v3\update\Operatingspcustom.exe

c:\winnt\$hf_mig$\KB933729\SP2QFE\rpcrt4rpcrt4.exe

c:\winnt\$hf_mig$\KB933729\WindowsWindows.exe

c:\winnt\$hf_mig$\KB935839\SP2QFE\Systemkernel32.exe

c:\winnt\$hf_mig$\KB935840\MicrosoftWindows6.2.0029.003.0311130918.exe

c:\winnt\$hf_mig$\KB935840\SP2QFE\OperatingWindows.exe

c:\winnt\$hf_mig$\KB936021\SP2QFE\MicrosoftRMSXML.exe

c:\winnt\$hf_mig$\KB937894\SP2QFE\MQISEMessage.exe

c:\winnt\$hf_mig$\KB938127-IE7\update\spcustomSystem.exe

c:\winnt\$hf_mig$\KB938127\update\SystemSETUPAPI6.2.0029.0.exe

c:\winnt\$hf_mig$\KB938464\Microsoftspmsg.exe

c:\winnt\$hf_mig$\KB938464\update\MicrosoftSystem.exe

c:\winnt\$hf_mig$\KB938828\update\spcustomWindows6.2.0029.0.exe

c:\winnt\$hf_mig$\KB938829\update\MicrosoftWindows.exe

c:\winnt\$hf_mig$\KB941202\Microsoftspmsg.exe

c:\winnt\$hf_mig$\KB941202\SP2QFE\WindowsMicrosoft.exe

c:\winnt\$hf_mig$\KB941202\update\WindowsWindows.exe

c:\winnt\$hf_mig$\KB941693\SP2QFE\Windowswin32k5.1.2600.33352.0803191242.exe

c:\winnt\$hf_mig$\KB942615-IE7\spmsgspmsg.exe

c:\winnt\$hf_mig$\KB942615\SP2QFE\Microsoftwininet.exe

c:\winnt\$hf_mig$\KB942763\SP2QFE\Operatingtzchange.exe

c:\winnt\$hf_mig$\KB942763\SystemSPUNINST.exe

c:\winnt\$hf_mig$\KB942763\update\UPDATEWindows6.2.0029.0.exe

c:\winnt\$hf_mig$\KB942840\Microsoftspmsg.exe

c:\winnt\$hf_mig$\KB942840\SP2QFE\JScriptMicrosoft.exe

c:\winnt\$hf_mig$\KB942840\update\spcustomWindows.exe

c:\winnt\$hf_mig$\KB943055\update\Systemspcustom.exe

c:\winnt\$hf_mig$\KB943485\SP2QFE\OperatingSystem.exe

c:\winnt\$hf_mig$\KB944533-IE7\Operatingspmsg.exe

c:\winnt\$hf_mig$\KB944653\SP2QFE\SECURITYDriver.exe

c:\winnt\$hf_mig$\KB945553\update\UPDATESystem6.2.0029.0.exe

c:\winnt\$hf_mig$\KB946026\spmsgMicrosoft.exe

c:\winnt\$hf_mig$\KB946648\Systemspmsg6.3.0013.0.exe

c:\winnt\$hf_mig$\KB947864-IE7\SP2QFE\IE4UINITWindows.exe

c:\winnt\$hf_mig$\KB947864-IE7\spmsgSystem.exe

c:\winnt\$hf_mig$\KB948590\SP2QFE\gdi32Microsoft5.1.2600.33162.0802191317.exe

c:\winnt\$hf_mig$\KB950749\SP2QFE\MSTEXT40DAO360.exe

c:\winnt\$hf_mig$\KB950749\update\WindowsSystem.exe

c:\winnt\$hf_mig$\KB950749\WindowsWindows.exe

c:\winnt\$hf_mig$\KB950759-IE7\SP2QFE\ExplorerMSHTMLED.exe

c:\winnt\$hf_mig$\KB950759-IE7\update\WindowsUPDATE.exe

c:\winnt\$hf_mig$\KB950760\update\WindowsSystem6.3.0013.0.exe

c:\winnt\$hf_mig$\KB950762\SP3GDR\rmcastrmcast.exe

c:\winnt\$hf_mig$\KB950974\spmsgOperating.exe

c:\winnt\$hf_mig$\KB951072-v2\SP3GDR\SystemOperating.exe

c:\winnt\$hf_mig$\KB951072-v2\spmsgSystem.exe

c:\winnt\$hf_mig$\KB951376\SP3QFE\OperatingSystem5.1.2600.5580.exe

c:\winnt\$hf_mig$\KB951376\update\spcustomUPDATE.exe

c:\winnt\$hf_mig$\KB951376\WindowsWindows.exe

c:\winnt\$hf_mig$\KB951698\update\SystemSystem6.3.0013.0.exe

c:\winnt\$hf_mig$\KB951748\SP3GDR\mswsockWindows.exe

c:\winnt\$hf_mig$\KB951748\update\WindowsSETUPAPI.exe

c:\winnt\$hf_mig$\KB952004\SP3QFE\TransactionServices.exe

c:\winnt\$hf_mig$\KB952287\SP2QFE\ComponentsData.exe

c:\winnt\$hf_mig$\KB952954\SP3QFE\WindowsWindows.exe

c:\winnt\$hf_mig$\KB952954\update\SystemMicrosoft6.3.0013.0.exe

c:\winnt\$hf_mig$\KB953838-IE7\update\spcustomWindows.exe

c:\winnt\$hf_mig$\KB953839\SPUNINSTWindows.exe

c:\winnt\$hf_mig$\KB953839\update\WindowsUPDATE.exe

c:\winnt\$hf_mig$\KB954211\SystemMicrosoft6.3.0013.0.exe

c:\winnt\$hf_mig$\KB954459\update\WindowsUPDATE.exe

c:\winnt\$hf_mig$\KB955069\SP3GDR\SP10SP10.exe

c:\winnt\$hf_mig$\KB955069\update\spcustomSETUPAPI.exe

c:\winnt\$hf_mig$\KB955759\SP3QFE\WindowsSystem.exe

c:\winnt\$hf_mig$\KB955759\SystemWindows.exe

c:\winnt\$hf_mig$\KB955839\OperatingSPUNINST.exe

c:\winnt\$hf_mig$\KB955839\SP2QFE\OperatingSystem.exe

c:\winnt\$hf_mig$\KB955839\SP3GDR\tzchangetzchange5.1.2600.5699.exe

c:\winnt\$hf_mig$\KB955839\SP3QFE\SystemOperating.exe

c:\winnt\$hf_mig$\KB955839\update\UPDATEspcustom.exe

c:\winnt\$hf_mig$\KB956391\SPUNINSTWindows.exe

c:\winnt\$hf_mig$\KB956391\update\spcustomSystem6.3.0013.0.exe

c:\winnt\$hf_mig$\KB956572\Windowsspmsg.exe

c:\winnt\$hf_mig$\KB956744\WindowsWindows.exe

c:\winnt\$hf_mig$\KB956802\SP3GDR\gdi32gdi32.exe

c:\winnt\$hf_mig$\KB956803\SP3GDR\WindowsOperating5.1.2600.56573.0808141236.exe

c:\winnt\$hf_mig$\KB956803\Systemspmsg.exe

c:\winnt\$hf_mig$\KB956803\update\WindowsMicrosoft.exe

c:\winnt\$hf_mig$\KB956841\SP2QFE\MicrosoftWindows.exe

c:\winnt\$hf_mig$\KB956841\SP3GDR\ntkrpampMicrosoft.exe

c:\winnt\$hf_mig$\KB956841\SP3QFE\ntoskrnlWindows.exe

c:\winnt\$hf_mig$\KB956841\spmsgspmsg6.3.0013.0.exe

c:\winnt\$hf_mig$\KB957095\OperatingSPUNINST.exe

c:\winnt\$hf_mig$\KB957095\SP2QFE\OperatingSystem.exe

c:\winnt\$hf_mig$\KB957095\SP3QFE\MicrosoftOperating.exe

c:\winnt\$hf_mig$\KB957095\update\SETUPAPIWindows6.3.0013.0.exe

c:\winnt\$hf_mig$\KB957097\SP3QFE\SystemOperating.exe

c:\winnt\$hf_mig$\KB958644\SP2QFE\OperatingSystem.exe

c:\winnt\$hf_mig$\KB958687\SP3QFE\MicrosoftOperating.exe

c:\winnt\$hf_mig$\KB958687\update\WindowsUPDATE.exe

c:\winnt\$hf_mig$\KB958690\SP3QFE\Microsoftwin32k.exe

c:\winnt\$hf_mig$\KB958690\Windowsspmsg.exe

c:\winnt\$hf_mig$\KB960225\SP3QFE\schannelschannel5.1.2600.5721.exe

c:\winnt\$hf_mig$\KB960225\update\spcustomWindows.exe

c:\winnt\$hf_mig$\KB960714-IE7\MicrosoftWindows6.2.0029.0.exe

c:\winnt\$hf_mig$\KB960714-IE7\update\OperatingSETUPAPI.exe

c:\winnt\$hf_mig$\KB960715\SystemWindows.exe

c:\winnt\$hf_mig$\KB960715\update\MicrosoftUPDATE.exe

c:\winnt\$hf_mig$\KB960803\SystemWindows.exe

c:\winnt\$hf_mig$\KB960803\update\SystemWindows.exe

c:\winnt\$hf_mig$\KB960859\MicrosoftOperating.exe

c:\winnt\$hf_mig$\KB960859\SP3QFE\telnetWindows5.1.2600.5829.exe

c:\winnt\$hf_mig$\KB960859\update\WindowsSystem6.3.0013.0.exe

c:\winnt\$hf_mig$\KB961260-IE7\SP2QFE\WindowsMSRATING7.00.6000.16730.exe

c:\winnt\$hf_mig$\KB961371\SP3QFE\Systemfontsub.exe

c:\winnt\$hf_mig$\KB961371\WindowsMicrosoft6.3.0013.0.exe

c:\winnt\$hf_mig$\KB961373\Windowsspmsg.exe

c:\winnt\$hf_mig$\KB961501\spmsgWindows6.3.0013.0.exe

c:\winnt\$hf_mig$\KB963027-IE7\MicrosoftOperating6.3.0013.0.exe

c:\winnt\$hf_mig$\KB963027-IE7\SP3QFE\WindowsIERNONCE.exe

c:\winnt\$hf_mig$\KB963027-IE7\update\UPDATESystem.exe

c:\winnt\$hf_mig$\KB967715\update\spcustomSETUPAPI.exe

c:\winnt\$hf_mig$\KB968389\SP3QFE\SystemWDIGEST5.1.2600.5834.exe

c:\winnt\$hf_mig$\KB968389\SystemWindows.exe

c:\winnt\$hf_mig$\KB968389\update\SystemWindows.exe

c:\winnt\$hf_mig$\KB968537\update\spcustomUPDATE.exe

c:\winnt\$hf_mig$\KB969059\SP3QFE\Windowsquery.exe

c:\winnt\$hf_mig$\KB969059\SystemWindows.exe

c:\winnt\$hf_mig$\KB969897-IE7\SP3QFE\WindowsInternet.exe

c:\winnt\$hf_mig$\KB969897-IE7\spmsgSPUNINST.exe

c:\winnt\$hf_mig$\KB969947\SP3QFE\WindowsSystem.exe

c:\winnt\$hf_mig$\KB969947\WindowsWindows.exe

c:\winnt\$hf_mig$\KB970238\Systemspmsg6.3.0013.0.exe

c:\winnt\$hf_mig$\KB970238\update\SystemUPDATE.exe

c:\winnt\$hf_mig$\KB970430\SP3QFE\Operatingstreamfilt.exe

c:\winnt\$hf_mig$\KB970430\update\Windowsspcustom.exe

c:\winnt\$hf_mig$\KB971486\SP3QFE\WindowsWindows.exe

c:\winnt\$hf_mig$\KB971486\update\SETUPAPIMicrosoft.exe

c:\winnt\$hf_mig$\KB971633\update\Systemspcustom6.3.0013.0.exe

c:\winnt\$hf_mig$\KB971633\WindowsSystem.exe

c:\winnt\$hf_mig$\KB971657\spmsgspmsg.exe

c:\winnt\$hf_mig$\KB971737\SP3QFE\MicrosoftWindows.exe

c:\winnt\$hf_mig$\KB971961-IE8\SP3QFE\jscriptMicrosoft.exe

c:\winnt\$hf_mig$\KB971961\SP3QFE\MicrosoftJScript5.7.6002.22145.exe

c:\winnt\$hf_mig$\KB971961\update\UPDATEMicrosoft.exe

c:\winnt\$hf_mig$\KB972260-IE7\spmsgSystem.exe

c:\winnt\$hf_mig$\KB972260-IE7\update\WindowsUPDATE.exe

c:\winnt\$hf_mig$\KB972260-IE8\SP3QFE\wininetieproxy.exe

c:\winnt\$hf_mig$\KB972270\spmsgSystem.exe

c:\winnt\$hf_mig$\KB972270\update\spcustomSystem.exe

c:\winnt\$hf_mig$\KB973346\WindowsSPUNINST.exe

c:\winnt\$hf_mig$\KB973354\Windowsspmsg.exe

c:\winnt\$hf_mig$\KB973507\WindowsSystem.exe

c:\winnt\$hf_mig$\KB973525\SPUNINSTSystem.exe

c:\winnt\$hf_mig$\KB973687\SP3QFE\MicrosoftRSP10.exe

c:\winnt\$hf_mig$\KB973687\spmsgSPUNINST6.3.0013.0.exe

c:\winnt\$hf_mig$\KB973687\update\SystemWindows6.3.0013.0.exe

c:\winnt\$hf_mig$\KB973869\MicrosoftSystem6.3.0013.0.exe

c:\winnt\$hf_mig$\KB973869\update\spcustomSystem6.3.0013.0.exe

c:\winnt\$hf_mig$\KB973904\SP3QFE\DocumentConverters.exe

c:\winnt\$hf_mig$\KB974318\SP3QFE\MicrosoftSystem.exe

c:\winnt\$hf_mig$\KB974318\spmsgWindows.exe

c:\winnt\$hf_mig$\KB974318\update\spcustomSETUPAPI.exe

c:\winnt\$hf_mig$\KB974392\update\WindowsUPDATE.exe

c:\winnt\$hf_mig$\KB974455-IE8\SP3QFE\Internetiepeers.exe

c:\winnt\$hf_mig$\KB974571\update\SETUPAPIWindows.exe

c:\winnt\$hf_mig$\KB974571\Windowsspmsg.exe

c:\winnt\$hf_mig$\KB975025\SP3QFE\Audiomsaud32.exe

c:\winnt\$hf_mig$\KB975025\SPUNINSTSystem.exe

c:\winnt\$hf_mig$\KB975025\update\MicrosoftUPDATE6.3.0013.0.exe

c:\winnt\$hf_mig$\KB975467\update\WindowsWindows.exe

c:\winnt\$hf_mig$\KB975560\spmsgSystem.exe

c:\winnt\$hf_mig$\KB975561\SP3QFE\WindowsWindows.exe

c:\winnt\$hf_mig$\KB975561\update\spcustomMicrosoft.exe

c:\winnt\$hf_mig$\KB975713\update\SystemSystem.exe

c:\winnt\$hf_mig$\KB976325-IE8\WindowsSystem.exe

c:\winnt\$hf_mig$\KB976662-IE8\SystemWindows.exe

c:\winnt\$hf_mig$\KB976662-IE8\update\spcustomspcustom.exe

c:\winnt\$hf_mig$\KB977165\spmsgspmsg6.3.0013.0.exe

c:\winnt\$hf_mig$\KB977165\update\UPDATEspcustom.exe

c:\winnt\$hf_mig$\KB977816\SP3QFE\MSACMLayer3.exe

c:\winnt\$hf_mig$\KB977816\WindowsSystem.exe

c:\winnt\$hf_mig$\KB977914\Systemspmsg.exe

c:\winnt\$hf_mig$\KB978037\SP3QFE\CSRSrvWindows.exe

c:\winnt\$hf_mig$\KB978037\spmsgspmsg.exe

c:\winnt\$hf_mig$\KB978207-IE8\update\SystemUPDATE.exe

c:\winnt\$hf_mig$\KB978251\update\MicrosoftWindows.exe

c:\winnt\$hf_mig$\KB978338\update\UPDATESystem.exe

c:\winnt\$hf_mig$\KB978601\SP3QFE\WINTRUSTMicrosoft.exe

c:\winnt\$hf_mig$\KB978706\SP3QFE\WindowsWindows5.1.2600.59183.0912162118.exe

c:\winnt\$hf_mig$\KB978706\update\Microsoftspcustom.exe

c:\winnt\$hf_mig$\KB979309\update\SETUPAPISystem6.3.0013.0.exe

c:\winnt\$hf_mig$\KB979683\spmsgspmsg.exe

c:\winnt\$hf_mig$\KB979683\update\SystemOperating.exe

c:\winnt\$hf_mig$\KB980182-IE8\Systemspmsg.exe

c:\winnt\$hf_mig$\KB980182-IE8\update\spcustomUPDATE.exe

c:\winnt\$hf_mig$\KB980232\SP3QFE\MRXSMBSystem.exe

c:\winnt\$hf_mig$\KB981332-IE8\SP3QFE\vbscriptvbscript.exe

c:\winnt\$MSI31Uninstall_KB893803v2$\WindowsMSISIP.exe

c:\winnt\$NtServicePackUninstall$\Microsoftappmgmts.exe

c:\winnt\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\SPUNINSTWindows.exe

c:\winnt\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\SPUNINSTMicrosoft.exe

c:\winnt\$NtUninstallKB867282$\spuninst\WindowsMicrosoft.exe

c:\winnt\$NtUninstallKB873339$\SystemWindows.exe

c:\winnt\$NtUninstallKB885250$\MRXSMBWindows.exe

c:\winnt\$NtUninstallKB885836$\ConvertersDocument.exe

c:\winnt\$NtUninstallKB885884$\spuninst\WindowsSystem.exe

c:\winnt\$NtUninstallKB886185$\WindowsIPNAT.exe

c:\winnt\$NtUninstallKB887472$\msmsgsmsmsgs.exe

c:\winnt\$NtUninstallKB887472$\spuninst\SPUNINSTWindows.exe

c:\winnt\$NtUninstallKB887742$\spuninst\OperatingSystem.exe

c:\winnt\$NtUninstallKB888113$\spuninst\SystemMicrosoft.exe

c:\winnt\$NtUninstallKB888302$\spuninst\WindowsSPUNINST5.5.0033.0.exe

c:\winnt\$NtUninstallKB891781$\spuninst\MicrosoftOperating5.5.0033.0.exe

c:\winnt\$NtUninstallKB893756$\TelephonyTAPISRV.exe

c:\winnt\$NtUninstallKB894391$\spuninst\SystemOperating.exe

c:\winnt\$NtUninstallKB894391$\SystemSystem5.1.2600.25952.0411301729.exe

c:\winnt\$NtUninstallKB896423$\WindowsSystem.exe

c:\winnt\$NtUninstallKB896428$\spuninst\WindowsSystem.exe

c:\winnt\$NtUninstallKB899587$\spuninst\SystemSystem.exe

c:\winnt\$NtUninstallKB899591$\spuninst\WindowsMicrosoft.exe

c:\winnt\$NtUninstallKB899591$\WindowsSystem.exe

c:\winnt\$NtUninstallKB900485$\SystemOperating.exe

c:\winnt\$NtUninstallKB901017$\CDOSYSMicrosoft.exe

c:\winnt\$NtUninstallKB901214$\WindowsWindows5.1.2600.21802.0408032158.exe

c:\winnt\$NtUninstallKB902400$\spuninst\SPUNINSTWindows.exe

c:\winnt\$NtUninstallKB904942$\MicrosoftSystem.exe

c:\winnt\$NtUninstallKB904942$\spuninst\SPUNINSTWindows.exe

c:\winnt\$NtUninstallKB905414$\Systemnetman.exe

c:\winnt\$NtUninstallKB908519$\spuninst\WindowsSPUNINST.exe

c:\winnt\$NtUninstallKB908531$\spuninst\OperatingSPUNINST.exe

c:\winnt\$NtUninstallKB910437$\spuninst\MicrosoftSystem.exe

c:\winnt\$NtUninstallKB910437$\WindowsOperating.exe

c:\winnt\$NtUninstallKB911280$\spuninst\SETUPAPIWindows.exe

c:\winnt\$NtUninstallKB911280$\WindowsWindows.exe

c:\winnt\$NtUninstallKB911562$\spuninst\SETUPAPIWindows.exe

c:\winnt\$NtUninstallKB911564$\WindowsWindows.exe

c:\winnt\$NtUninstallKB911927$\MicrosoftWindows.exe

c:\winnt\$NtUninstallKB914388$\MicrosoftWindows.exe

c:\winnt\$NtUninstallKB914388$\spuninst\SPUNINSTOperating.exe

c:\winnt\$NtUninstallKB914389$\spuninst\WindowsSystem.exe

c:\winnt\$NtUninstallKB914389$\WindowsWindows.exe

c:\winnt\$NtUninstallKB914440$\spuninst\SystemOperating.exe

c:\winnt\$NtUninstallKB914440$\SystemOperating.exe

c:\winnt\$NtUninstallKB915865$\spuninst\SPUNINSTOperating.exe

c:\winnt\$NtUninstallKB916595$\spuninst\WindowsWindows.exe

c:\winnt\$NtUninstallKB917344$\JScriptjscript.exe

c:\winnt\$NtUninstallKB917344$\spuninst\SystemSPUNINST.exe

c:\winnt\$NtUninstallKB918118$\RichEditControl.exe

c:\winnt\$NtUninstallKB918439$\spuninst\OperatingSETUPAPI6.2.0029.003.0311130918.exe

c:\winnt\$NtUninstallKB919007$\spuninst\SPUNINSTSystem.exe

c:\winnt\$NtUninstallKB920683$\rasadhlprasadhlp5.1.2600.2180.exe

c:\winnt\$NtUninstallKB920683$\spuninst\SystemMicrosoft6.2.0029.003.0311130918.exe

c:\winnt\$NtUninstallKB920685$\queryquery.exe

c:\winnt\$NtUninstallKB920685$\spuninst\SPUNINSTSPUNINST6.2.0029.0.exe

c:\winnt\$NtUninstallKB920872$\WDMAUDWDMAUD.exe

c:\winnt\$NtUninstallKB921503$\spuninst\MicrosoftSystem.exe

c:\winnt\$NtUninstallKB922582$\spuninst\WindowsWindows.exe

c:\winnt\$NtUninstallKB922819$\spuninst\SPUNINSTSPUNINST.exe

c:\winnt\$NtUninstallKB923191$\COMCTL32Operating6.00.2900.2180.exe

c:\winnt\$NtUninstallKB923191$\spuninst\SPUNINSTWindows.exe

c:\winnt\$NtUninstallKB923561$\spuninst\SETUPAPISPUNINST.exe

c:\winnt\$NtUninstallKB923561$\WindowsSystem.exe

c:\winnt\$NtUninstallKB923810$\TIFFLTTIFFLT.exe

c:\winnt\$NtUninstallKB923980$\spuninst\WindowsWindows.exe

c:\winnt\$NtUninstallKB924667$\spuninst\SystemWindows.exe

c:\winnt\$NtUninstallKB925902$\gdi32Operating5.1.2600.26222.0503011519.exe

c:\winnt\$NtUninstallKB926255$\spuninst\SPUNINSTSystem.exe

c:\winnt\$NtUninstallKB926436$\OLEDLGSupport.exe

c:\winnt\$NtUninstallKB926436$\spuninst\SystemOperating.exe

c:\winnt\$NtUninstallKB927779$\msado15Microsoft.exe

c:\winnt\$NtUninstallKB927779$\spuninst\SPUNINSTSystem.exe

c:\winnt\$NtUninstallKB927891$\WindowsUnicode.exe

c:\winnt\$NtUninstallKB928255$\spuninst\SystemSPUNINST.exe

c:\winnt\$NtUninstallKB929123$\spuninst\WindowsOperating.exe

c:\winnt\$NtUninstallKB929399$\Microsoftmsscp.exe

c:\winnt\$NtUninstallKB929399$\spuninst\OperatingSETUPAPI.exe

c:\winnt\$NtUninstallKB930178$\MicrosoftOperating.exe

c:\winnt\$NtUninstallKB931261$\MicrosoftOperating.exe

c:\winnt\$NtUninstallKB931261$\spuninst\WindowsMicrosoft.exe

c:\winnt\$NtUninstallKB932168$\AgentDataProviderData2.00.0.3424.exe

c:\winnt\$NtUninstallKB932168$\spuninst\SPUNINSTMicrosoft.exe

c:\winnt\$NtUninstallKB933729$\OperatingWindows.exe

c:\winnt\$NtUninstallKB933729$\spuninst\WindowsWindows6.2.0029.003.0311130918.exe

c:\winnt\$NtUninstallKB936021$\MicrosoftRMicrosoftR.exe

c:\winnt\$NtUninstallKB936782_WMP9$\spuninst\SystemMicrosoft.exe

c:\winnt\$NtUninstallKB938127$\spuninst\SETUPAPISystem.exe

c:\winnt\$NtUninstallKB938464$\spuninst\WindowsOperating.exe

c:\winnt\$NtUninstallKB938464_0$\spuninst\SPUNINSTSPUNINST.exe

c:\winnt\$NtUninstallKB938828$\Windowsexplorer.exe

c:\winnt\$NtUninstallKB938829$\Microsoftgdi32.exe

c:\winnt\$NtUninstallKB939683$\OperatingWindows.exe

c:\winnt\$NtUninstallKB939683$\spuninst\WindowsWindows.exe

c:\winnt\$NtUninstallKB941202$\MicrosoftINETCOMM6.00.2900.21802.0408032158.exe

c:\winnt\$NtUninstallKB941202$\spuninst\SPUNINSTWindows.exe

c:\winnt\$NtUninstallKB941569$\Serviceswmvcore9.00.00.32502.0408032158.exe

c:\winnt\$NtUninstallKB942615$\Windowsxpsp3res.exe

c:\winnt\$NtUninstallKB942615_0$\MicrosoftManager.exe

c:\winnt\$NtUninstallKB942615_0$\spuninst\WindowsSPUNINST6.2.0029.0.exe

c:\winnt\$NtUninstallKB942763$\spuninst\SPUNINSTSystem.exe

c:\winnt\$NtUninstallKB942840$\spuninst\SystemWindows.exe

c:\winnt\$NtUninstallKB943460$\xpsp3resMicrosoft.exe

c:\winnt\$NtUninstallKB944653$\spuninst\SPUNINSTSETUPAPI.exe

c:\winnt\$NtUninstallKB945553$\dnsrslvrMicrosoft.exe

c:\winnt\$NtUninstallKB946026$\MRxDavMRxDAV5.1.2600.21802.0408032158.exe

c:\winnt\$NtUninstallKB946026$\spuninst\WindowsMicrosoft.exe

c:\winnt\$NtUninstallKB946648$\spuninst\WindowsSETUPAPI.exe

c:\winnt\$NtUninstallKB948590$\spuninst\SystemOperating.exe

c:\winnt\$NtUninstallKB950749$\spuninst\SystemSystem.exe

c:\winnt\$NtUninstallKB950760$\spuninst\WindowsSPUNINST.exe

c:\winnt\$NtUninstallKB950762$\rmcastrmcast.exe

c:\winnt\$NtUninstallKB950762_0$\spuninst\SPUNINSTOperating.exe

c:\winnt\$NtUninstallKB950974$\spuninst\WindowsWindows6.3.0013.0.exe

c:\winnt\$NtUninstallKB950974_0$\spuninst\SPUNINSTWindows.exe

c:\winnt\$NtUninstallKB951066$\MicrosoftWindows.exe

c:\winnt\$NtUninstallKB951066_0$\spuninst\SETUPAPISPUNINST.exe

c:\winnt\$NtUninstallKB951066_0$\SystemOperating6.00.2900.31982.0708201448.exe

c:\winnt\$NtUninstallKB951376-v2_0$\bthportSystem.exe

c:\winnt\$NtUninstallKB951376$\spuninst\WindowsSPUNINST.exe

c:\winnt\$NtUninstallKB951376$\WindowsMicrosoft.exe

c:\winnt\$NtUninstallKB951376_0$\spuninst\WindowsSPUNINST.exe

c:\winnt\$NtUninstallKB951698$\spuninst\MicrosoftSPUNINST.exe

c:\winnt\$NtUninstallKB951748_0$\spuninst\WindowsSystem6.3.0013.0.exe

c:\winnt\$NtUninstallKB951748_0$\SystemMicrosoft.exe

c:\winnt\$NtUninstallKB951978$\vbscriptjscript.exe

c:\winnt\$NtUninstallKB952011$\spuninst\OperatingSystem.exe

c:\winnt\$NtUninstallKB952287$\AccessMicrosoft.exe

c:\winnt\$NtUninstallKB952287$\spuninst\SystemOperating6.3.0013.0.exe

c:\winnt\$NtUninstallKB952954$\MicrosoftSystem.exe

c:\winnt\$NtUninstallKB952954_0$\OperatingSystem.exe

c:\winnt\$NtUninstallKB954154_WM11$\spuninst\SETUPAPISystem.exe

c:\winnt\$NtUninstallKB954154_WM11$\wmpeffectswmpeffects.exe

c:\winnt\$NtUninstallKB954155_WM9$\OperatingMicrosoft11.0.5721.514511.0610182006.exe

c:\winnt\$NtUninstallKB954211$\kb954211Operating.exe

c:\winnt\$NtUninstallKB954211$\spuninst\SystemSystem.exe

c:\winnt\$NtUninstallKB954211_0$\MicrosoftWindows.exe

c:\winnt\$NtUninstallKB954211_0$\spuninst\WindowsSystem.exe

c:\winnt\$NtUninstallKB954459$\MSXML6MicrosoftR.exe

c:\winnt\$NtUninstallKB954600$\WindowsMicrosoft.exe

c:\winnt\$NtUninstallKB954600_0$\spuninst\WindowsMicrosoft6.3.0013.0.exe

c:\winnt\$NtUninstallKB955069$\spuninst\SystemMicrosoft.exe

c:\winnt\$NtUninstallKB955069_0$\spuninst\SystemSPUNINST6.3.0013.0.exe

c:\winnt\$NtUninstallKB955759$\MicrosoftOperating5.1.2600.5512.0804132105.exe

c:\winnt\$NtUninstallKB955839$\spuninst\SystemMicrosoft.exe

c:\winnt\$NtUninstallKB956391$\spuninst\OperatingWindows.exe

c:\winnt\$NtUninstallKB956802_0$\Microsoftgdi325.1.2600.33162.0802191316.exe

c:\winnt\$NtUninstallKB956803$\spuninst\SPUNINSTOperating.exe

c:\winnt\$NtUninstallKB956803_0$\MicrosoftWindows.exe

c:\winnt\$NtUninstallKB956803_0$\spuninst\SystemWindows6.3.0013.0.exe

c:\winnt\$NtUninstallKB956841$\spuninst\SPUNINSTSETUPAPI.exe

c:\winnt\$NtUninstallKB956844$\EditingComponent.exe

c:\winnt\$NtUninstallKB956844$\spuninst\SETUPAPISPUNINST.exe

c:\winnt\$NtUninstallKB957095$\spuninst\SystemSPUNINST.exe

c:\winnt\$NtUninstallKB957097$\Systemkb957097.exe

c:\winnt\$NtUninstallKB957097_0$\spuninst\WindowsWindows6.3.0013.0.exe

c:\winnt\$NtUninstallKB957097_0$\SystemMRxSmb5.1.2600.29022.0605050036.exe

c:\winnt\$NtUninstallKB958687$\spuninst\OperatingSPUNINST.exe

c:\winnt\$NtUninstallKB958687$\WindowsMicrosoft.exe

c:\winnt\$NtUninstallKB960715$\spuninst\WindowsMicrosoft.exe

c:\winnt\$NtUninstallKB960803$\WindowsOperating5.1.2600.5512.0804132105.exe

c:\winnt\$NtUninstallKB960859$\telnettelnetc.exe

c:\winnt\$NtUninstallKB961371$\SystemT2EMBED5.1.2600.5512.exe

c:\winnt\$NtUninstallKB961373$\spuninst\SETUPAPISPUNINST.exe

c:\winnt\$NtUninstallKB961501$\localsplMicrosoft.exe

c:\winnt\$NtUninstallKB967715$\spuninst\WindowsSPUNINST.exe

c:\winnt\$NtUninstallKB968389$\securityWindows.exe

c:\winnt\$NtUninstallKB968389$\spuninst\SETUPAPISPUNINST.exe

c:\winnt\$NtUninstallKB968537$\Microsoftwin32k.exe

c:\winnt\$NtUninstallKB968537$\spuninst\SPUNINSTWindows6.3.0013.0.exe

c:\winnt\$NtUninstallKB969947$\spuninst\SPUNINSTOperating.exe

c:\winnt\$NtUninstallKB969947$\WindowsSystem.exe

c:\winnt\$NtUninstallKB970238$\spuninst\SETUPAPISPUNINST.exe

c:\winnt\$NtUninstallKB970430$\spuninst\WindowsSystem6.3.0013.0.exe

c:\winnt\$NtUninstallKB971468$\spuninst\WindowsSystem.exe

c:\winnt\$NtUninstallKB971486$\ntkrnlmpntkrnlpa.exe

c:\winnt\$NtUninstallKB971557$\AVIFIL32Windows.exe

c:\winnt\$NtUninstallKB971557$\spuninst\OperatingWindows.exe

c:\winnt\$NtUninstallKB971657$\OperatingMicrosoft.exe

c:\winnt\$NtUninstallKB971737$\Microsoftwinhttp.exe

c:\winnt\$NtUninstallKB971961$\spuninst\SPUNINSTOperating.exe

c:\winnt\$NtUninstallKB973346$\spuninst\MicrosoftSPUNINST.exe

c:\winnt\$NtUninstallKB973507$\MicrosoftVisual3.05.2284.exe

c:\winnt\$NtUninstallKB973507$\spuninst\SETUPAPIWindows.exe

c:\winnt\$NtUninstallKB973540_WM9$\spuninst\SPUNINSTMicrosoft.exe

c:\winnt\$NtUninstallKB973540_WM9$\WMPDLLWindows9.00.00.4503.exe

c:\winnt\$NtUninstallKB973815$\DirectShowMSWebDVD.exe

c:\winnt\$NtUninstallKB974112$\spuninst\SPUNINSTSystem6.3.0013.0.exe

c:\winnt\$NtUninstallKB974392$\oakleySystem5.1.2600.5512.exe

c:\winnt\$NtUninstallKB974392$\spuninst\SPUNINSTSPUNINST.exe

c:\winnt\$NtUninstallKB975025$\spuninst\MicrosoftSPUNINST.exe

c:\winnt\$NtUninstallKB975467$\OperatingMSV10.exe

c:\winnt\$NtUninstallKB975560$\SystemWindowsR.exe

c:\winnt\$NtUninstallKB977816$\spuninst\WindowsSETUPAPI.exe

c:\winnt\$NtUninstallKB978037$\spuninst\SETUPAPIWindows.exe

c:\winnt\$NtUninstallKB978338$\spuninst\SystemSystem.exe

c:\winnt\$NtUninstallKB978601$\WindowsWindows.exe

c:\winnt\$NtUninstallKB978706$\MSPAINTWindows.exe

c:\winnt\$NtUninstallKB978706$\spuninst\SPUNINSTSETUPAPI.exe

c:\winnt\$NtUninstallKB979306$\SystemWindows.exe

c:\winnt\$NtUninstallKB979309$\OperatingMicrosoft.exe

c:\winnt\$NtUninstallKB979683$\WindowsWindows.exe

c:\winnt\$NtUninstallMSCompPackV1$\spuninst\SystemSPUNINST.exe

c:\winnt\$NtUninstallWMFDist11$\spuninst\SystemMicrosoft.exe

c:\winnt\$NtUninstallwmp11$\PlayerWMPDLL.exe

c:\winnt\$NtUninstallwmp11$\spuninst\WindowsSPUNINST.exe

c:\winnt\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\VisualVisual.exe

c:\winnt\assembly\GAC\Policy.11.0.Microsoft.Office.Interop.Access\12.0.0.0__71e9bce111e9429c\InteropOffice12.0.4518.1014.exe

c:\winnt\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\SystemSystem.exe

c:\winnt\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\FrameworkManagement.exe

c:\winnt\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\SystemFramework.exe

c:\winnt\ehome\Systemcustsat.exe

c:\winnt\ie7\OperatingWindows.exe

c:\winnt\ie7updates\KB938127-IE7\ExplorerInternet.exe

c:\winnt\ie7updates\KB938127-IE7\spuninst\SystemSystem.exe

c:\winnt\ie7updates\KB950759-IE7\spuninst\SPUNINSTSETUPAPI6.2.0029.003.0311130918.exe

c:\winnt\ie7updates\KB953838-IE7\MSHTMLEDInternet.exe

c:\winnt\ie7updates\KB960714-IE7\WindowsExplorer.exe

c:\winnt\ie7updates\KB961260-IE7\InternetInternet.exe

c:\winnt\ie7updates\KB961260-IE7\spuninst\SystemSPUNINST.exe

c:\winnt\ie7updates\KB963027-IE7\spuninst\WindowsWindows6.3.0013.0.exe

c:\winnt\ie7updates\KB969897-IE7\spuninst\SETUPAPISPUNINST.exe

c:\winnt\ie7updates\KB972260-IE7\spuninst\WindowsWindows.exe

c:\winnt\ie7updates\KB972260-IE7\wininetInternet7.00.6000.16850.0904230018.exe

c:\winnt\ie8\spuninst\WindowsSystem.exe

c:\winnt\ie8updates\KB971961-IE8\JScriptMicrosoft.exe

c:\winnt\ie8updates\KB972260-IE8\WindowsWindows8.00.6001.187028.0903080339.exe

c:\winnt\ie8updates\KB974455-IE8\spuninst\SPUNINSTMicrosoft6.3.0013.0.exe

c:\winnt\ie8updates\KB976325-IE8\InternetWindows.exe

c:\winnt\ie8updates\KB976662-IE8\spuninst\SystemSPUNINST.exe

c:\winnt\ie8updates\KB978207-IE8\spuninst\WindowsSPUNINST.exe

c:\winnt\ie8updates\KB980182-IE8\OCCACHEmsfeeds.exe

c:\winnt\ie8updates\KB980182-IE8\spuninst\WindowsSETUPAPI.exe

c:\winnt\ime\WindowsSPTIP.exe

c:\winnt\Installer\$PatchCache$\Managed\9040B30900063D11C8EF10054038389C\11.0.5614\ProjectWINPROJ.exe

c:\winnt\Installer\{11B569C2-4BF6-4ED0-9D17-A4273943CB24}\InstallShieldIsIcoRes.exe

c:\winnt\Installer\{848AC794-8B81-440A-81AE-6474337DB527}\IsIcoResInstallShield.exe

c:\winnt\Installer\{E96FF910-1BC9-4EE5-BC12-0A30D4E20F37}\IsIcoResIsIcoRes.exe

c:\winnt\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\MicrosoftWindows9.05.132.0000.exe

c:\winnt\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\MicrosoftWindows.exe

c:\winnt\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Direct3DXDirectX9.07.239.0000.exe

c:\winnt\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\WindowsDirectX.exe

c:\winnt\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\MicrosoftMicrosoft.exe

c:\winnt\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\MicrosoftWindows9.12.589.0000.exe

c:\winnt\Modio\SLAMR2KV\SlCleanSlClean.exe

c:\winnt\msagent\MicrosoftSpeech.exe

c:\winnt\network diagnostic\xpnetdiagSystem.exe

c:\winnt\PeerNet\SQLSE20SQLDB20.exe

c:\winnt\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMWindows.exe

c:\winnt\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMMedia10.0.3790.3802.exe

c:\winnt\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\SystemWPDConns.exe

c:\winnt\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmodwmvdmod9.00.00.4503.exe

c:\winnt\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2cltdrmstor.exe

c:\winnt\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2cltdrmclien.exe

c:\winnt\Resources\Themes\Luna\Shell\Homestead\WindowsSHELLSTYLE.exe

c:\winnt\Resources\Themes\Luna\Shell\Metallic\WindowsSHELLSTYLE5.1.2600.0.0108171148.exe

c:\winnt\ServicePackFiles\i386\lang\MicrosoftPINTLPHR5.1.2600.5512.0804132105.exe

c:\winnt\ServicePackFiles\i386\Windowsadv01w2k.exe

c:\winnt\ServicePackFiles\ServicePackCache\i386\msgslangmsgslang4.7.3001.exe

c:\winnt\SoftwareDistribution\Download\WindowsWindowsKB890830V2.exe

c:\winnt\Speech\VCmdvtext4.0.4.3405.exe

c:\winnt\system32\Adobe\Shockwave 11\Xtras\DynamiksHavokXtra.exe

c:\winnt\system32\bits\qmgrSystem.exe

c:\winnt\system32\config\systemprofile\Start Menu\Programs\Accessories\PromptCommand.exe

c:\winnt\system32\DRVSTORE\netaapl_3A00C5601D92D37DDCB0AE45518D6B42BE1588E6\SystemWindows.exe

c:\winnt\system32\DRVSTORE\usbaapl_3822718F9E2E86C3752D30561ECA5A855A4A3F7D\MobileApple1.49.0.0.exe

c:\winnt\system32\en\ResourcesMMCEx5.2.3790.2560.exe

c:\winnt\system32\export\dssenhWindows5.00.2195.1391.exe

c:\winnt\system32\inetsrv\Internetsmtpadm.exe

c:\winnt\system32\Macromed\Flash\FlashWindows.exe

c:\winnt\system32\Macromed\Shockwave 10\Xtras\NetFileSpeak.exe

c:\winnt\system32\mui\0401\OperatingWindows.exe

c:\winnt\system32\mui\0402\Operatingxpsp1res.exe

c:\winnt\system32\mui\0406\Windowsxpsp3res.exe

c:\winnt\system32\mui\0408\xpob2resxpsp2res.exe

c:\winnt\system32\mui\0409\Frameworkmscorees.exe

c:\winnt\system32\mui\040C\Windowsxpsp1res5.1.2600.5512.0804132113.exe

c:\winnt\system32\mui\040D\Windowsxpsp1res.exe

c:\winnt\system32\mui\0410\WindowsWindows5.1.2600.5512.0804132113.exe

c:\winnt\system32\mui\0411\Systemxpsp2res.exe

c:\winnt\system32\mui\0413\Windowsbesturingssysteemxpob2res.exe

c:\winnt\system32\mui\0414\xpsp2resxpsp3res.exe

c:\winnt\system32\mui\0415\xpsp3resxpsp2res5.1.2600.5512.0804132113.exe

c:\winnt\system32\mui\0419\xpsp1resxpsp3res.exe

c:\winnt\system32\mui\041a\Windowsxpsp1res.exe

c:\winnt\system32\mui\041b\xpob2resxpsp3res5.1.2600.5512.exe

c:\winnt\system32\mui\0425\Windowsxpsp1res.exe

c:\winnt\system32\mui\0804\xpsp2resxpsp1res5.1.2600.5512.0804132113.exe

c:\winnt\system32\PreInstall\WinSE\wxp_x86_0409_v1\spmsgUPDATE6.1.0022.403.0311130918.exe

c:\winnt\system32\ReinstallBackups\0005\DriverFiles\i386\OperatingWindows.exe

c:\winnt\system32\ReinstallBackups\0006\DriverFiles\i386\isapnpSystem.exe

c:\winnt\system32\Setup\OperatingInformation.exe

c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\WindowsMicrosoft.exe

c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wupsMicrosoft.exe

c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wupswups.exe

c:\winnt\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2Windows.exe

c:\winnt\system32\spool\drivers\w32x86\3\WindowsOperating.exe

c:\winnt\system32\URTTemp\StudioMicrosoft7.10.3052.4.exe

c:\winnt\twain_32\hpsj_0000\Twainhpqgends.exe

c:\winnt\twain_32\OperatingWIATWAIN.exe

c:\winnt\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\MicrosoftVisual6.00.8972.0.exe

c:\winnt\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\StudioVisual.exe

c:\winnt\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\VisualVisual.exe

c:\winnt\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MicrosoftStudio.exe

c:\winnt\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MicrosoftStudio.exe

c:\winnt\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\StudioMicrosoft.exe

c:\winnt\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\VisualVisual8.00.50727.4053.0507274000.exe

c:\winnt\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\StudioMicrosoft9.00.21022.08.exe

c:\winnt\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\MicrosoftStudio.exe

c:\winnt\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\VisualMFC90KOR.exe

c:\winnt\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\VisualVCOMP90.exe

c:\winnt\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\VisualVisual.exe

c:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\Systemcomctl326.02.0408032158.exe

c:\winnt\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\Windowscomctl32.exe

c:\winnt\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\OperatingWindows.exe

c:\winnt\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\WindowsWindows.exe

c:\winnt\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\Microsoftmsvcirt.exe

c:\winnt\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\WindowsSystem.exe

.

.

((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))

.

2010-11-04 20:13 . 2010-11-13 19:11 -------- d-----w- c:\program files\AVIConverter

2010-11-04 18:21 . 2010-11-04 18:21 47104 ----a-w- c:\winnt\system32\NarratorSrv.exe

2010-11-04 18:09 . 2010-11-04 18:15 95744 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iKernelSrv.exe

2010-11-03 18:22 . 2010-11-03 18:23 95744 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapisvrSrv.exe

2010-11-03 16:05 . 2010-11-13 14:25 95744 ----a-w- c:\program files\Windows Media Player\wmplayerSrv.exe

2010-11-01 18:12 . 2010-11-11 18:44 -------- d-----w- c:\program files\UK Truck Simulator

2010-10-31 21:25 . 2010-10-31 21:28 47104 ----a-w- c:\winnt\system32\mshtaSrv.exe

2010-10-31 16:05 . 2008-04-14 00:12 221184 ----a-w- c:\winnt\system32\wmpns.dll

2010-10-31 15:42 . 2010-10-31 15:42 -------- d-----w- C:\32788R22FWJFW.1.tmp

2010-10-31 11:53 . 2010-10-31 11:53 47104 ----a-w- c:\winnt\system32\sstext3dSrv.exe

2010-10-30 12:22 . 2008-04-14 00:12 218624 ----a-w- C:\uxtheme.dll

2010-10-30 11:38 . 2010-11-03 16:16 47104 ----a-w- c:\winnt\system32\verclsidSrv.exe

2010-10-29 20:48 . 2010-10-31 12:07 -------- d-----w- c:\documents and settings\Megs

2010-10-27 16:53 . 2010-10-27 16:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\documents and settings\standalone\Application Data\Xiinpa

2010-10-27 16:47 . 2010-11-13 14:36 -------- d-----w- c:\program files\windows

2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\program files\riv87

2010-10-27 15:28 . 2007-04-04 18:53 81768 ----a-w- c:\winnt\system32\xinput1_3.dll

2010-10-27 15:26 . 2010-11-07 14:52 -------- d-----w- c:\winnt\Logs

2010-10-23 12:09 . 2009-02-26 12:06 521080 ----a-w- C:\POWERPNT.EXE

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-29 18:08 . 2004-08-04 12:00 120192 ----a-w- c:\winnt\system32\drivers\pcmcia.sys

2010-10-21 18:47 . 2009-10-03 13:47 210944 ----a-w- C:\UNWISE.EXE

2010-10-03 23:43 . 2010-10-03 23:43 59240 ----a-w- c:\winnt\system32\drivers\RapportKELL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [2008-04-14 143360]

"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2010-10-14 114688]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-10-21 471040]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]

"vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2004-07-20 124112]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

"SoundMan"="SOUNDMAN.EXE" [2003-03-27 53248]

"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2010-10-21 917504]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"internat.exe"="internat.exe" [2002-07-24 20752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]

"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

bihyc.exe [2010-11-4 202752]

ekqo.exe [2010-11-10 107008]

kegi.exe [2010-11-11 107008]

oqir.exe [2010-11-13 107008]

ydzue.exe [2010-11-7 202752]

yztoy.exe [2010-11-12 107008]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

aquzy.exe [2010-11-12 107008]

haavol.exe [2010-11-10 107008]

iwxaka.exe [2010-11-11 107008]

ohpu.exe [2010-11-4 202752]

ubax.exe [2010-11-7 202752]

wyipe.exe [2010-11-13 107008]

c:\documents and settings\standalone\Start Menu\Programs\Startup\

cuumus.exe [2010-11-4 202752]

cuumusSrv.exe [2010-11-10 95744]

foune.exe [2010-11-7 202752]

founeSrv.exe [2010-11-10 95744]

himopo.exe [2010-11-10 107008]

ohweib.exe [2010-11-11 107008]

puywiv.exe [2010-11-12 107008]

utraar.exe [2010-11-13 107008]

WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-7-2 2268672]

c:\documents and settings\Megs\Start Menu\Programs\Startup\

ekel.exe [2010-11-11 107008]

qifur.exe [2010-11-12 107008]

ryli.exe [2010-11-13 107008]

ykkawu.exe [2010-11-10 107008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 196608]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\WePrint\\WePrint Server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 RapportKELL;RapportKELL;c:\winnt\system32\drivers\RapportKELL.sys [10/3/2010 23:43 59240]

R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [10/3/2010 23:54 34792]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 23:43 169320]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/3/2010 23:43 767208]

R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\winnt\system32\drivers\A311.sys [7/6/2004 08:12 33335]

R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\winnt\system32\drivers\A310.sys [7/6/2004 08:12 33335]

S1 mkh2de0;mkh2de0;c:\winnt\system32\drivers\mkh2de0.sys [2/13/2010 15:00 0]

S1 pmk70ea;pmk70ea;c:\winnt\system32\drivers\pmk70ea.sys [2/5/2010 17:52 0]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/26/2009 16:34 135664]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 14:18 169192]

S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/6/2004 07:48 49776]

.

Contents of the 'Scheduled Tasks' folder

2010-11-10 c:\winnt\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-11-13 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34]

2010-11-13 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34]

2010-11-13 c:\winnt\Tasks\Norton Security Scan for Megs.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 00:51]

2010-11-13 c:\winnt\Tasks\Norton Security Scan for standalone.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 00:51]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-13 19:16

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(492)

c:\winnt\system32\igfxsrvc.dll

c:\winnt\system32\hccutils.DLL

.

Completion time: 2010-11-13 19:21:34

ComboFix-quarantined-files.txt 2010-11-13 19:21

ComboFix2.txt 2010-11-03 22:29

Pre-Run: 1,870,058,496 bytes free

Post-Run: 3,241,280,000 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINNT

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - BCF94064FEA737C1D6BCF1188D6E097F

Link to post
Share on other sites
  • Replies 149
  • Created
  • Last Reply

Top Posters In This Topic

I don't know where you've been on the net but these are all bad

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

bihyc.exe [2010-11-4 202752]

ekqo.exe [2010-11-10 107008]

kegi.exe [2010-11-11 107008]

oqir.exe [2010-11-13 107008]

ydzue.exe [2010-11-7 202752]

yztoy.exe [2010-11-12 107008]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

aquzy.exe [2010-11-12 107008]

haavol.exe [2010-11-10 107008]

iwxaka.exe [2010-11-11 107008]

ohpu.exe [2010-11-4 202752]

ubax.exe [2010-11-7 202752]

wyipe.exe [2010-11-13 107008]

c:\documents and settings\standalone\Start Menu\Programs\Startup\

cuumus.exe [2010-11-4 202752]

cuumusSrv.exe [2010-11-10 95744]

foune.exe [2010-11-7 202752]

founeSrv.exe [2010-11-10 95744]

himopo.exe [2010-11-10 107008]

ohweib.exe [2010-11-11 107008]

puywiv.exe [2010-11-12 107008]

utraar.exe [2010-11-13 107008]

c:\documents and settings\Megs\Start Menu\Programs\Startup\

ekel.exe [2010-11-11 107008]

qifur.exe [2010-11-12 107008]

ryli.exe [2010-11-13 107008]

ykkawu.exe [2010-11-10 107008]

Link to post
Share on other sites

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Check each listed Startup folder for each user listed for the files listed

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

c:\documents and settings\Default User\Start Menu\Programs\Startup\

c:\documents and settings\standalone\Start Menu\Programs\Startup\

c:\documents and settings\Megs\Start Menu\Programs\Startup\

Link to post
Share on other sites

It's not letting me delete any of them in C:\Documents and Settings\Megs\Start Menu\Programs\Startup. It keeps coming up with: Cannot delete ekel: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use.

Link to post
Share on other sites

I deleted all the infections that you listed successfully, I ran MBAM but it came up with the same three infections again.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5065

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/14/2010 16:23:18

mbam-log-2010-11-14 (16-23-18).txt

Scan type: Quick scan

Objects scanned: 173046

Time elapsed: 37 minute(s), 42 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\program files\microsoft\desktoplayer.exe -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (c:\winnt\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\Microsoft\desktoplayer.exe (Trojan.Agent) -> Delete on reboot.

Link to post
Share on other sites
The spyware doctor has found over 300 infections but to delete them I need to buy the software but I can't buy the software.
That's bogus and as bad as these fake anti-virus programs.

Run a new combofix scan

Link to post
Share on other sites

Log from combofix:

ComboFix 10-11-19.04 - Megs 11/20/2010 13:10:02.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1007.480 [GMT 0:00]

Running from: c:\documents and settings\Megs\Desktop\ComboFix.exe

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Megs\Application Data\Buym

c:\documents and settings\Megs\Application Data\Buym\kidy.vae

c:\documents and settings\Megs\Application Data\Daehyr

c:\documents and settings\Megs\Application Data\Daehyr\ceaz.exe

c:\documents and settings\Megs\Application Data\Elikf

c:\documents and settings\Megs\Application Data\Elikf\pyso.ref

c:\documents and settings\Megs\Application Data\Ensy

c:\documents and settings\Megs\Application Data\Ensy\piwa.rui

c:\documents and settings\Megs\Application Data\Ewuz

c:\documents and settings\Megs\Application Data\Ewuz\uwawo.exe

c:\documents and settings\Megs\Application Data\Fuyg

c:\documents and settings\Megs\Application Data\Fuyg\axciw.exe

c:\documents and settings\Megs\Application Data\Fyfua

c:\documents and settings\Megs\Application Data\Fyfua\lidiq.exe

c:\documents and settings\Megs\Application Data\Heuvxo

c:\documents and settings\Megs\Application Data\Heuvxo\iqov.exe

c:\documents and settings\Megs\Application Data\Igbox

c:\documents and settings\Megs\Application Data\Igbox\fenao.tao

c:\documents and settings\Megs\Application Data\Isitty

c:\documents and settings\Megs\Application Data\Isitty\fyow.yxa

c:\documents and settings\Megs\Application Data\Kuuck

c:\documents and settings\Megs\Application Data\Kuuck\komip.wix

c:\documents and settings\Megs\Application Data\Meqoy

c:\documents and settings\Megs\Application Data\Meqoy\pura.exe

c:\documents and settings\Megs\Application Data\Moere

c:\documents and settings\Megs\Application Data\Moere\akqy.uhi

c:\documents and settings\Megs\Application Data\Owroyr

c:\documents and settings\Megs\Application Data\Owroyr\anax.exe

c:\documents and settings\Megs\Application Data\Quacbi

c:\documents and settings\Megs\Application Data\Quacbi\ucvy.exe

c:\documents and settings\Megs\Application Data\Somu

c:\documents and settings\Megs\Application Data\Somu\ospu.vyy

c:\documents and settings\Megs\Application Data\Tievuq

c:\documents and settings\Megs\Application Data\Tievuq\sedys.ebi

c:\documents and settings\Megs\Application Data\Ubep

c:\documents and settings\Megs\Application Data\Ubep\avox.exe

c:\documents and settings\Megs\Application Data\Udyw

c:\documents and settings\Megs\Application Data\Udyw\woihv.exe

c:\documents and settings\Megs\Application Data\Uhby

c:\documents and settings\Megs\Application Data\Uhby\wimae.lyx

c:\documents and settings\Megs\Application Data\Uqxiu

c:\documents and settings\Megs\Application Data\Uqxiu\geuw.tya

c:\documents and settings\Megs\Application Data\Usze

c:\documents and settings\Megs\Application Data\Usze\geyh.exe

c:\documents and settings\Megs\Application Data\Wyuh

c:\documents and settings\Megs\Application Data\Wyuh\gaaz.exe

c:\documents and settings\Megs\Application Data\Xutuyh

c:\documents and settings\Megs\Application Data\Xutuyh\pimo.azh

c:\documents and settings\Megs\Application Data\Yquz

c:\documents and settings\Megs\Application Data\Yquz\yvsay.zut

c:\documents and settings\Megs\Application Data\Ysudfu

c:\documents and settings\Megs\Application Data\Ysudfu\ebymr.exe

c:\program files\Acoustica Mixcraft 4\mixcraft4srvSrv.exe

c:\program files\Belkin\Belkin Wireless Network Utility\PCARmDrvSrv.exe

c:\program files\Common Files\Roxio Shared\System\EngUtilSrv.exe

c:\program files\Internet Explorer\complete.dat

c:\program files\Internet Explorer\dmlconf.dat

c:\program files\Internet Explorer\iexploreSrv.exe

c:\program files\Microsoft\DesktopLayer.exe

c:\program files\quicktime\qttasksrv.exe

c:\winnt\ExplorerSrv.exe

c:\winnt\system32\rundll32Srv.exe

.

((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))

.

2010-11-17 19:40 . 2010-11-17 19:40 -------- d-----w- c:\program files\NCH Software

2010-11-17 19:38 . 2010-11-17 19:38 -------- d-----w- c:\program files\NCH Swift Sound

2010-11-15 18:44 . 2010-11-15 18:55 95744 ----a-w- c:\program files\Movie Maker\moviemkSrv.exe

2010-11-14 18:06 . 2010-01-22 09:55 767952 ----a-w- c:\winnt\BDTSupport.dll

2010-11-14 18:06 . 2010-01-22 09:56 149456 ----a-w- c:\winnt\SGDetectionTool.dll

2010-11-14 18:06 . 2010-01-22 09:56 165840 ----a-w- c:\winnt\PCTBDRes.dll

2010-11-14 18:06 . 2010-01-22 09:56 1652688 ----a-w- c:\winnt\PCTBDCore.dll

2010-11-14 17:44 . 2010-02-05 09:17 233136 ----a-w- c:\winnt\system32\drivers\pctgntdi.sys

2010-11-14 17:44 . 2010-11-14 18:34 218592 ----a-w- c:\winnt\system32\drivers\PCTCore.sys

2010-11-14 17:44 . 2009-11-23 13:54 88040 ----a-w- c:\winnt\system32\drivers\PCTAppEvent.sys

2010-11-14 17:44 . 2010-11-14 18:34 63360 ----a-w- c:\winnt\system32\drivers\pctplsg.sys

2010-11-14 17:43 . 2010-11-14 19:39 -------- d-----w- c:\program files\Spyware Doctor

2010-11-14 17:43 . 2010-11-14 18:06 -------- d-----w- c:\program files\Common Files\PC Tools

2010-11-14 17:43 . 2010-11-14 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools

2010-11-14 17:43 . 2010-11-20 13:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-11-04 20:13 . 2010-11-13 19:11 -------- d-----w- c:\program files\AVIConverter

2010-11-04 18:21 . 2010-11-04 18:21 47104 ----a-w- c:\winnt\system32\NarratorSrv.exe

2010-11-04 18:09 . 2010-11-04 18:15 95744 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iKernelSrv.exe

2010-11-03 18:22 . 2010-11-03 18:23 95744 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapisvrSrv.exe

2010-11-03 16:05 . 2010-11-15 16:35 95744 ----a-w- c:\program files\Windows Media Player\wmplayerSrv.exe

2010-11-01 18:12 . 2010-11-11 18:44 -------- d-----w- c:\program files\UK Truck Simulator

2010-10-31 21:25 . 2010-10-31 21:28 47104 ----a-w- c:\winnt\system32\mshtaSrv.exe

2010-10-31 16:05 . 2008-04-14 00:12 221184 ----a-w- c:\winnt\system32\wmpns.dll

2010-10-31 15:42 . 2010-10-31 15:42 -------- d-----w- C:\32788R22FWJFW.1.tmp

2010-10-31 11:53 . 2010-10-31 11:53 47104 ----a-w- c:\winnt\system32\sstext3dSrv.exe

2010-10-30 12:22 . 2008-04-14 00:12 218624 ----a-w- C:\uxtheme.dll

2010-10-30 11:38 . 2010-11-03 16:16 47104 ----a-w- c:\winnt\system32\verclsidSrv.exe

2010-10-29 20:48 . 2010-10-31 12:07 -------- d-----w- c:\documents and settings\Megs

2010-10-27 16:53 . 2010-10-27 16:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\documents and settings\standalone\Application Data\Xiinpa

2010-10-27 16:47 . 2010-11-19 20:43 -------- d-----w- c:\program files\windows

2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\program files\riv87

2010-10-27 15:28 . 2007-04-04 18:53 81768 ----a-w- c:\winnt\system32\xinput1_3.dll

2010-10-27 15:26 . 2010-11-07 14:52 -------- d-----w- c:\winnt\Logs

2010-10-23 12:09 . 2009-02-26 12:06 521080 ----a-w- C:\POWERPNT.EXE

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-29 18:08 . 2004-08-04 12:00 120192 ----a-w- c:\winnt\system32\drivers\pcmcia.sys

2010-10-21 18:47 . 2009-10-03 13:47 210944 ----a-w- C:\UNWISE.EXE

2010-10-03 23:43 . 2010-10-03 23:43 59240 ----a-w- c:\winnt\system32\drivers\RapportKELL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [2008-04-14 143360]

"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2010-10-14 114688]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-10-21 471040]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]

"vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2004-07-20 124112]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

"SoundMan"="SOUNDMAN.EXE" [2003-03-27 53248]

"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2010-10-21 917504]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"internat.exe"="internat.exe" [2002-07-24 20752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]

"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

ipso.exe [2010-11-19 152576]

uqanyc.exe [2010-11-15 202752]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

odli.exe [2010-11-19 152576]

yhto.exe [2010-11-15 202752]

c:\documents and settings\standalone\Start Menu\Programs\Startup\

opmier.exe [2010-11-19 152576]

WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-7-2 2268672]

xiufm.exe [2010-11-15 202752]

c:\documents and settings\Megs\Start Menu\Programs\Startup\

napion.exe [2010-11-15 154112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 196608]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\WePrint\\WePrint Server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 PCTCore;PCTools KDS;c:\winnt\system32\drivers\PCTCore.sys [11/14/2010 17:44 218592]

R0 RapportKELL;RapportKELL;c:\winnt\system32\drivers\RapportKELL.sys [10/3/2010 23:43 59240]

R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [10/3/2010 23:54 34792]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 23:43 169320]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/14/2010 18:06 112592]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/3/2010 23:43 767208]

R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\winnt\system32\drivers\A311.sys [7/6/2004 08:12 33335]

R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\winnt\system32\drivers\A310.sys [7/6/2004 08:12 33335]

S1 mkh2de0;mkh2de0;c:\winnt\system32\drivers\mkh2de0.sys [2/13/2010 15:00 0]

S1 pmk70ea;pmk70ea;c:\winnt\system32\drivers\pmk70ea.sys [2/5/2010 17:52 0]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/26/2009 16:34 135664]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 14:18 169192]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [11/14/2010 17:43 366840]

S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/6/2004 07:48 49776]

.

Contents of the 'Scheduled Tasks' folder

2010-11-17 c:\winnt\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-11-20 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34]

2010-11-20 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34]

2010-11-13 c:\winnt\Tasks\Norton Security Scan for Megs.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 00:51]

2010-11-13 c:\winnt\Tasks\Norton Security Scan for standalone.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 00:51]

2010-11-17 c:\winnt\Tasks\switchShakeIcon.job

- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-11-17 19:38]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-20 13:47

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(500)

c:\winnt\system32\igfxsrvc.dll

c:\winnt\system32\hccutils.DLL

.

Completion time: 2010-11-20 14:00:24

ComboFix-quarantined-files.txt 2010-11-20 14:00

ComboFix2.txt 2010-11-13 19:21

ComboFix3.txt 2010-11-03 22:29

Pre-Run: 558,296,064 bytes free

Post-Run: 890,355,712 bytes free

- - End Of File - - 8BDCBACBCE774EB8696602C14BE0D056

Link to post
Share on other sites

You're running 2 Anti-Virus programs now

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

1.Click Start > Settings > Control Panel.

2.Next, open Add/Remove Programs and remove either:

Spyware Doctor

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\documents and settings\Administrator\Start Menu\Programs\Startup\ipso.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\uqanyc.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\odli.exe
c:\documents and settings\Administrator\Start Menu\Programs\Startup\yhto.exe
c:\documents and settings\standalone\Start Menu\Programs\Startup\opmier.exe
c:\documents and settings\standalone\Start Menu\Programs\Startup\xiufm.exe
c:\documents and settings\Megs\Start Menu\Programs\Startup\napion.exe


Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"=-

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

ComboFix 10-11-19.04 - Megs 11/20/2010 15:20:07.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1007.462 [GMT 0:00]

Running from: c:\documents and settings\Megs\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Megs\Desktop\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

* Created a new restore point

FILE ::

"c:\documents and settings\Administrator\Start Menu\Programs\Startup\ipso.exe"

"c:\documents and settings\Administrator\Start Menu\Programs\Startup\odli.exe"

"c:\documents and settings\Administrator\Start Menu\Programs\Startup\uqanyc.exe"

"c:\documents and settings\Administrator\Start Menu\Programs\Startup\yhto.exe"

"c:\documents and settings\Megs\Start Menu\Programs\Startup\napion.exe"

"c:\documents and settings\standalone\Start Menu\Programs\Startup\opmier.exe"

"c:\documents and settings\standalone\Start Menu\Programs\Startup\xiufm.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Megs\Application Data\Lyec

c:\documents and settings\Megs\Application Data\Lyec\ydpuu.evd

c:\documents and settings\Megs\Application Data\Orohq

c:\documents and settings\Megs\Application Data\Orohq\oxpyk.exe

c:\documents and settings\Megs\Application Data\Orohq\oxpykSrv.exe

c:\documents and settings\Megs\Application Data\Ryda

c:\documents and settings\Megs\Application Data\Ryda\qoer.exe

c:\documents and settings\Megs\Application Data\Upinp

c:\documents and settings\Megs\Application Data\Upinp\ewox.bia

c:\program files\Belkin\Belkin Wireless Network Utility\PCARmDrvSrv.exe

c:\program files\Internet Explorer\iexploreSrv.exe

c:\winnt\ExplorerSrv.exe

.

((((((((((((((((((((((((( Files Created from 2010-10-20 to 2010-11-20 )))))))))))))))))))))))))))))))

.

2010-11-17 19:40 . 2010-11-17 19:40 -------- d-----w- c:\program files\NCH Software

2010-11-17 19:38 . 2010-11-17 19:38 -------- d-----w- c:\program files\NCH Swift Sound

2010-11-15 18:44 . 2010-11-15 18:55 95744 ----a-w- c:\program files\Movie Maker\moviemkSrv.exe

2010-11-14 17:43 . 2010-11-20 15:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-11-04 20:13 . 2010-11-13 19:11 -------- d-----w- c:\program files\AVIConverter

2010-11-04 18:21 . 2010-11-04 18:21 47104 ----a-w- c:\winnt\system32\NarratorSrv.exe

2010-11-04 18:09 . 2010-11-04 18:15 95744 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iKernelSrv.exe

2010-11-03 18:22 . 2010-11-03 18:23 95744 ----a-w- c:\program files\Common Files\Microsoft Shared\Speech\sapisvrSrv.exe

2010-11-03 16:05 . 2010-11-15 16:35 95744 ----a-w- c:\program files\Windows Media Player\wmplayerSrv.exe

2010-11-01 18:12 . 2010-11-11 18:44 -------- d-----w- c:\program files\UK Truck Simulator

2010-10-31 21:25 . 2010-10-31 21:28 47104 ----a-w- c:\winnt\system32\mshtaSrv.exe

2010-10-31 16:05 . 2008-04-14 00:12 221184 ----a-w- c:\winnt\system32\wmpns.dll

2010-10-31 15:42 . 2010-10-31 15:42 -------- d-----w- C:\32788R22FWJFW.1.tmp

2010-10-31 11:53 . 2010-10-31 11:53 47104 ----a-w- c:\winnt\system32\sstext3dSrv.exe

2010-10-30 12:22 . 2008-04-14 00:12 218624 ----a-w- C:\uxtheme.dll

2010-10-30 11:38 . 2010-11-03 16:16 47104 ----a-w- c:\winnt\system32\verclsidSrv.exe

2010-10-29 20:48 . 2010-10-31 12:07 -------- d-----w- c:\documents and settings\Megs

2010-10-27 16:53 . 2010-10-27 16:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\documents and settings\standalone\Application Data\Xiinpa

2010-10-27 16:47 . 2010-11-20 15:11 -------- d-----w- c:\program files\windows

2010-10-27 16:47 . 2010-10-27 16:47 -------- d-----w- c:\program files\riv87

2010-10-27 15:28 . 2007-04-04 18:53 81768 ----a-w- c:\winnt\system32\xinput1_3.dll

2010-10-27 15:26 . 2010-11-07 14:52 -------- d-----w- c:\winnt\Logs

2010-10-23 12:09 . 2009-02-26 12:06 521080 ----a-w- C:\POWERPNT.EXE

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-29 18:08 . 2004-08-04 12:00 120192 ----a-w- c:\winnt\system32\drivers\pcmcia.sys

2010-10-21 18:47 . 2009-10-03 13:47 210944 ----a-w- C:\UNWISE.EXE

2010-10-03 23:43 . 2010-10-03 23:43 59240 ----a-w- c:\winnt\system32\drivers\RapportKELL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Synchronization Manager"="mobsync.exe" [2008-04-14 143360]

"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2010-10-14 114688]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-10-21 471040]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]

"vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2004-07-20 124112]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]

"SoundMan"="SOUNDMAN.EXE" [2003-03-27 53248]

"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2010-10-21 917504]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2008-04-14 214528]

"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

ipso.exe [2010-11-19 152576]

uqanyc.exe [2010-11-15 202752]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

odli.exe [2010-11-19 152576]

yhto.exe [2010-11-15 202752]

c:\documents and settings\standalone\Start Menu\Programs\Startup\

opmier.exe [2010-11-19 152576]

WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2010-7-2 2268672]

xiufm.exe [2010-11-15 202752]

c:\documents and settings\Megs\Start Menu\Programs\Startup\

napion.exe [2010-11-20 202752]

napionSrv.exe [2010-11-20 95744]

napionSrvSrv.exe [2010-11-20 47104]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 196608]

hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="c:\winnt\system32\userinit.exe,,c:\program files\belkin\belkin wireless network utility\pcarmdrvsrv.exe,c:\program files\microsoft\desktoplayer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\WePrint\\WePrint Server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 RapportKELL;RapportKELL;c:\winnt\system32\drivers\RapportKELL.sys [10/3/2010 23:43 59240]

R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [10/3/2010 23:54 34792]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [10/3/2010 23:43 169320]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [10/3/2010 23:43 767208]

R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\winnt\system32\drivers\A311.sys [7/6/2004 08:12 33335]

R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\winnt\system32\drivers\A310.sys [7/6/2004 08:12 33335]

S1 mkh2de0;mkh2de0;c:\winnt\system32\drivers\mkh2de0.sys [2/13/2010 15:00 0]

S1 pmk70ea;pmk70ea;c:\winnt\system32\drivers\pmk70ea.sys [2/5/2010 17:52 0]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/26/2009 16:34 135664]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/12/2004 14:18 169192]

S3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [7/6/2004 07:48 49776]

.

Contents of the 'Scheduled Tasks' folder

2010-11-17 c:\winnt\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2010-11-20 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34]

2010-11-20 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-26 16:34]

2010-11-13 c:\winnt\Tasks\Norton Security Scan for Megs.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 00:51]

2010-11-13 c:\winnt\Tasks\Norton Security Scan for standalone.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-07-03 00:51]

2010-11-17 c:\winnt\Tasks\switchShakeIcon.job

- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-11-17 19:38]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-20 15:37

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2772)

c:\winnt\system32\WININET.dll

c:\program files\Trusteer\Rapport\bin\rooksbas.dll

c:\winnt\system32\ieframe.dll

c:\winnt\system32\webcheck.dll

c:\winnt\system32\WPDShServiceObj.dll

c:\winnt\system32\PortableDeviceTypes.dll

c:\winnt\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Belkin\Belkin Wireless Network Utility\WLService.exe

c:\program files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\winnt\system32\MsPMSPSv.exe

c:\winnt\SOUNDMAN.EXE

c:\winnt\system32\rundll32.exe

c:\program files\Microsoft ActiveSync\wcescomm.exe

c:\progra~1\MICROS~4\rapimgr.exe

c:\winnt\system32\msiexec.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-11-20 15:44:18 - machine was rebooted

ComboFix-quarantined-files.txt 2010-11-20 15:44

ComboFix2.txt 2010-11-20 14:00

ComboFix3.txt 2010-11-13 19:21

ComboFix4.txt 2010-11-03 22:29

Pre-Run: 3,061,159,936 bytes free

Post-Run: 3,044,570,112 bytes free

- - End Of File - - D3CB3DDBD026F839AB07F98C22319502

Link to post
Share on other sites

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\program files\Movie Maker\moviemkSrv.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Do the same for these:

c:\winnt\system32\NarratorSrv.exe

c:\winnt\system32\mshtaSrv.exe

c:\winnt\system32\sstext3dSrv.exe

c:\winnt\system32\verclsidSrv.exe

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

Link to post
Share on other sites

c:\program files\Movie Maker\moviemkSrv.exe

AhnLab-V3 2010.11.20.00 2010.11.19 Win32/Ramnit

AntiVir 7.10.14.55 2010.11.19 W32/Ramnit.A

Antiy-AVL 2.0.3.7 2010.11.20 Packed/Win32.Krap.gen

Avast 4.8.1351.0 2010.11.20 Win32:Quolko

Avast5 5.0.594.0 2010.11.20 Win32:Quolko

AVG 9.0.0.851 2010.11.20 SHeur3.AMQX

BitDefender 7.2 2010.11.20 Win32.Ramnit

CAT-QuickHeal 11.00 2010.11.09 -

ClamAV 0.96.4.0 2010.11.20 W32.Ramnit-1

Command 5.2.11.5 2010.11.20 W32/Ramnit.B

Comodo 6785 2010.11.20 Packed.Win32.MUPX.Gen

DrWeb 5.0.2.03300 2010.11.20 Win32.Rmnet

Emsisoft 5.0.0.50 2010.11.20 Virus.Win32.Ramnit!IK

eSafe 7.0.17.0 2010.11.18 -

eTrust-Vet 36.1.7989 2010.11.20 Win32/Ramnit.A

F-Prot 4.6.2.117 2010.11.19 W32/Ramnit.B

F-Secure 9.0.16160.0 2010.11.20 Win32.Ramnit

Fortinet 4.2.254.0 2010.11.20 W32/Ramnit.A

GData 21 2010.11.20 Win32.Ramnit

Ikarus T3.1.1.90.0 2010.11.20 Virus.Win32.Ramnit

Jiangmin 13.0.900 2010.11.20 Win32/PatchFile.et

K7AntiVirus 9.68.3041 2010.11.20 Virus

Kaspersky 7.0.0.125 2010.11.20 Virus.Win32.Nimnul.a

McAfee 5.400.0.1158 2010.11.20 W32/Ramnit.a

McAfee-GW-Edition 2010.1C 2010.11.20 W32/Ramnit.a

Microsoft 1.6402 2010.11.19 Virus:Win32/Ramnit.A

NOD32 5634 2010.11.19 Win32/Ramnit.A

Norman 6.06.10 2010.11.20 W32/Ramnit.A

nProtect 2010-11-20.01 2010.11.20 Trojan/W32.Agent.95744.FT

Panda 10.0.2.7 2010.11.20 W32/Cosmu.gen

PCTools 7.0.3.5 2010.11.20 Malware.Ramnit

Prevx 3.0 2010.11.20 Medium Risk Malware

Rising 22.74.04.00 2010.11.20 Win32.Ramnit.a

Sophos 4.59.0 2010.11.20 W32/Patched-I

SUPERAntiSpyware 4.40.0.1006 2010.11.20 Trojan.Agent/Gen-Falleg

Symantec 20101.2.0.161 2010.11.20 W32.Ramnit!inf

TheHacker 6.7.0.1.087 2010.11.20 -

TrendMicro 9.120.0.1004 2010.11.20 PE_RAMNIT.H

TrendMicro-HouseCall 9.120.0.1004 2010.11.20 PE_RAMNIT.H

VBA32 3.12.14.2 2010.11.19 Virus.Win32.Nimnul.a

VIPRE 7362 2010.11.20 Virus.Win32.Ramnit.a (v)

ViRobot 2010.11.20.4158 2010.11.20 -

VirusBuster 13.6.51.0 2010.11.20 Win32.Ramnit.Gen

Link to post
Share on other sites

c:\winnt\system32\NarratorSrv.exe

AhnLab-V3 2010.11.20.00 2010.11.19 Win-Trojan/Krap.47104.DE

AntiVir 7.10.14.55 2010.11.19 TR/Dropper.Gen

Antiy-AVL 2.0.3.7 2010.11.20 Packed/Win32.Krap.gen

Avast 4.8.1351.0 2010.11.20 Win32:Rootkit-gen

Avast5 5.0.594.0 2010.11.20 Win32:Rootkit-gen

AVG 9.0.0.851 2010.11.20 SHeur3.AMRA

BitDefender 7.2 2010.11.20 Backdoor.Generic.504880

CAT-QuickHeal 11.00 2010.11.09 -

ClamAV 0.96.4.0 2010.11.20 Trojan.Small-8978

Command 5.2.11.5 2010.11.20 W32/Trojan2.NAVC

Comodo 6785 2010.11.20 Heur.Packed.Unknown

DrWeb 5.0.2.03300 2010.11.20 -

Emsisoft 5.0.0.50 2010.11.20 Packed.Win32.Krap!IK

eSafe 7.0.17.0 2010.11.18 Win32.TRDropper

eTrust-Vet 36.1.7989 2010.11.20 Win32/Zbot.M!generic

F-Prot 4.6.2.117 2010.11.19 W32/Trojan2.NAVC

F-Secure 9.0.16160.0 2010.11.20 Packed:W32/Xorfus.A

Fortinet 4.2.254.0 2010.11.20 -

GData 21 2010.11.20 Backdoor.Generic.504880

Ikarus T3.1.1.90.0 2010.11.20 Packed.Win32.Krap

Jiangmin 13.0.900 2010.11.20 Packed.Krap.czla

K7AntiVirus 9.68.3041 2010.11.20 Trojan

Kaspersky 7.0.0.125 2010.11.20 Packed.Win32.Krap.hm

McAfee 5.400.0.1158 2010.11.20 Generic.dx!tfi

McAfee-GW-Edition 2010.1C 2010.11.20 Generic.dx!tfi

Microsoft 1.6402 2010.11.19 VirTool:Win32/Obfuscator.KH

NOD32 5634 2010.11.19 a variant of Win32/Kryptik.FSD

Norman 6.06.10 2010.11.20 W32/Suspicious_Gen2.BSEEU

nProtect 2010-11-20.01 2010.11.20 Backdoor.Generic.504880

Panda 10.0.2.7 2010.11.20 Trj/Krap.Y

PCTools 7.0.3.5 2010.11.20 Trojan.Gen

Prevx 3.0 2010.11.20 Medium Risk Malware

Rising 22.74.04.00 2010.11.20 Trojan.Win32.Generic.52210879

Sophos 4.59.0 2010.11.20 Mal/Zbot-U

SUPERAntiSpyware 4.40.0.1006 2010.11.20 Trojan.Agent/Gen-Falleg

Symantec 20101.2.0.161 2010.11.20 Trojan.Gen

TheHacker 6.7.0.1.087 2010.11.20 -

TrendMicro 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4

TrendMicro-HouseCall 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4

VBA32 3.12.14.2 2010.11.19 Malware-Cryptor.Win32.073

VIPRE 7362 2010.11.20 LooksLike.Win32.Malware!C (v)

ViRobot 2010.11.20.4158 2010.11.20 -

VirusBuster 13.6.51.0 2010.11.20 Trojan.Krap!707iKaIDjwA

Link to post
Share on other sites

c:\winnt\system32\mshtaSrv.exe

AhnLab-V3 2010.11.20.00 2010.11.19 Win-Trojan/Krap.47104.DE

AntiVir 7.10.14.55 2010.11.19 TR/Dropper.Gen

Antiy-AVL 2.0.3.7 2010.11.20 Packed/Win32.Krap.gen

Avast 4.8.1351.0 2010.11.20 Win32:Rootkit-gen

Avast5 5.0.594.0 2010.11.20 Win32:Rootkit-gen

AVG 9.0.0.851 2010.11.20 SHeur3.AMRA

BitDefender 7.2 2010.11.20 Backdoor.Generic.504880

CAT-QuickHeal 11.00 2010.11.09 -

ClamAV 0.96.4.0 2010.11.20 Trojan.Small-8978

Command 5.2.11.5 2010.11.20 W32/Trojan2.NAVC

Comodo 6785 2010.11.20 Heur.Packed.Unknown

DrWeb 5.0.2.03300 2010.11.20 -

Emsisoft 5.0.0.50 2010.11.20 Packed.Win32.Krap!IK

eSafe 7.0.17.0 2010.11.18 Win32.TRDropper

eTrust-Vet 36.1.7989 2010.11.20 Win32/Zbot.M!generic

F-Prot 4.6.2.117 2010.11.19 W32/Trojan2.NAVC

F-Secure 9.0.16160.0 2010.11.20 Packed:W32/Xorfus.A

Fortinet 4.2.254.0 2010.11.20 -

GData 21 2010.11.20 Backdoor.Generic.504880

Ikarus T3.1.1.90.0 2010.11.20 Packed.Win32.Krap

Jiangmin 13.0.900 2010.11.20 Packed.Krap.czla

K7AntiVirus 9.68.3041 2010.11.20 Trojan

Kaspersky 7.0.0.125 2010.11.20 Packed.Win32.Krap.hm

McAfee 5.400.0.1158 2010.11.20 Generic.dx!tfi

McAfee-GW-Edition 2010.1C 2010.11.20 Generic.dx!tfi

Microsoft 1.6402 2010.11.19 VirTool:Win32/Obfuscator.KH

NOD32 5634 2010.11.19 a variant of Win32/Kryptik.FSD

Norman 6.06.10 2010.11.20 W32/Suspicious_Gen2.BSEEU

nProtect 2010-11-20.01 2010.11.20 Backdoor.Generic.504880

Panda 10.0.2.7 2010.11.20 Trj/Krap.Y

PCTools 7.0.3.5 2010.11.20 Trojan.Gen

Prevx 3.0 2010.11.20 Medium Risk Malware

Rising 22.74.04.00 2010.11.20 Trojan.Win32.Generic.52210879

Sophos 4.59.0 2010.11.20 Mal/Zbot-U

SUPERAntiSpyware 4.40.0.1006 2010.11.20 Trojan.Agent/Gen-Falleg

Symantec 20101.2.0.161 2010.11.20 Trojan.Gen

TheHacker 6.7.0.1.087 2010.11.20 -

TrendMicro 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4

TrendMicro-HouseCall 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4

VBA32 3.12.14.2 2010.11.19 Malware-Cryptor.Win32.073

VIPRE 7362 2010.11.20 LooksLike.Win32.Malware!C (v)

ViRobot 2010.11.20.4158 2010.11.20 -

VirusBuster 13.6.51.0 2010.11.20 Trojan.Krap!707iKaIDjwA

Link to post
Share on other sites

c:\winnt\system32\sstext3dSrv.exe

AhnLab-V3 2010.11.20.00 2010.11.19 Win-Trojan/Krap.47104.DE

AntiVir 7.10.14.55 2010.11.19 TR/Dropper.Gen

Antiy-AVL 2.0.3.7 2010.11.20 Packed/Win32.Krap.gen

Avast 4.8.1351.0 2010.11.20 Win32:Rootkit-gen

Avast5 5.0.594.0 2010.11.20 Win32:Rootkit-gen

AVG 9.0.0.851 2010.11.20 SHeur3.AMRA

BitDefender 7.2 2010.11.20 Backdoor.Generic.504880

CAT-QuickHeal 11.00 2010.11.09 -

ClamAV 0.96.4.0 2010.11.20 Trojan.Small-8978

Command 5.2.11.5 2010.11.20 W32/Trojan2.NAVC

Comodo 6785 2010.11.20 Heur.Packed.Unknown

DrWeb 5.0.2.03300 2010.11.20 -

Emsisoft 5.0.0.50 2010.11.20 Packed.Win32.Krap!IK

eSafe 7.0.17.0 2010.11.18 Win32.TRDropper

eTrust-Vet 36.1.7989 2010.11.20 Win32/Zbot.M!generic

F-Prot 4.6.2.117 2010.11.19 W32/Trojan2.NAVC

F-Secure 9.0.16160.0 2010.11.20 Packed:W32/Xorfus.A

Fortinet 4.2.254.0 2010.11.20 -

GData 21 2010.11.20 Backdoor.Generic.504880

Ikarus T3.1.1.90.0 2010.11.20 Packed.Win32.Krap

Jiangmin 13.0.900 2010.11.20 Packed.Krap.czla

K7AntiVirus 9.68.3041 2010.11.20 Trojan

Kaspersky 7.0.0.125 2010.11.20 Packed.Win32.Krap.hm

McAfee 5.400.0.1158 2010.11.20 Generic.dx!tfi

McAfee-GW-Edition 2010.1C 2010.11.20 Generic.dx!tfi

Microsoft 1.6402 2010.11.19 VirTool:Win32/Obfuscator.KH

NOD32 5634 2010.11.19 a variant of Win32/Kryptik.FSD

Norman 6.06.10 2010.11.20 W32/Suspicious_Gen2.BSEEU

nProtect 2010-11-20.01 2010.11.20 Backdoor.Generic.504880

Panda 10.0.2.7 2010.11.20 Trj/Krap.Y

PCTools 7.0.3.5 2010.11.20 Trojan.Gen

Prevx 3.0 2010.11.20 Medium Risk Malware

Rising 22.74.04.00 2010.11.20 Trojan.Win32.Generic.52210879

Sophos 4.59.0 2010.11.20 Mal/Zbot-U

SUPERAntiSpyware 4.40.0.1006 2010.11.20 Trojan.Agent/Gen-Falleg

Symantec 20101.2.0.161 2010.11.20 Trojan.Gen

TheHacker 6.7.0.1.087 2010.11.20 -

TrendMicro 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4

TrendMicro-HouseCall 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4

VBA32 3.12.14.2 2010.11.19 Malware-Cryptor.Win32.073

VIPRE 7362 2010.11.20 LooksLike.Win32.Malware!C (v)

ViRobot 2010.11.20.4158 2010.11.20 -

VirusBuster 13.6.51.0 2010.11.20 Trojan.Krap!707iKaIDjwA

Link to post
Share on other sites

Ramnit

This infection can not be cured.

You're only option is a FULL reformat of the hard drive and and a reinstall of the OS.

As for any Data such as music, pictures etc., I do not know if those are safe to save or not.

You also have a backdoor infection:

backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps

Link to post
Share on other sites

c:\winnt\system32\verclsidSrv.exe

AhnLab-V3 2010.11.20.00 2010.11.19 Win-Trojan/Krap.47104.DE

AntiVir 7.10.14.55 2010.11.19 TR/Dropper.Gen

Antiy-AVL 2.0.3.7 2010.11.20 Packed/Win32.Krap.gen

Avast 4.8.1351.0 2010.11.20 Win32:Rootkit-gen

Avast5 5.0.594.0 2010.11.20 Win32:Rootkit-gen

AVG 9.0.0.851 2010.11.20 SHeur3.AMRA

BitDefender 7.2 2010.11.20 Backdoor.Generic.504880

CAT-QuickHeal 11.00 2010.11.09 -

ClamAV 0.96.4.0 2010.11.20 Trojan.Small-8978

Command 5.2.11.5 2010.11.20 W32/Trojan2.NAVC

Comodo 6785 2010.11.20 Heur.Packed.Unknown

DrWeb 5.0.2.03300 2010.11.20 -

eSafe 7.0.17.0 2010.11.18 Win32.TRDropper

eTrust-Vet 36.1.7989 2010.11.20 Win32/Zbot.M!generic

F-Prot 4.6.2.117 2010.11.19 W32/Trojan2.NAVC

F-Secure 9.0.16160.0 2010.11.20 Packed:W32/Xorfus.A

Fortinet 4.2.254.0 2010.11.20 -

GData 21 2010.11.20 Backdoor.Generic.504880

Ikarus T3.1.1.90.0 2010.11.20 Packed.Win32.Krap

Jiangmin 13.0.900 2010.11.20 Packed.Krap.czla

K7AntiVirus 9.68.3041 2010.11.20 Trojan

McAfee 5.400.0.1158 2010.11.20 Generic.dx!tfi

McAfee-GW-Edition 2010.1C 2010.11.20 Generic.dx!tfi

Microsoft 1.6402 2010.11.19 VirTool:Win32/Obfuscator.KH

NOD32 5634 2010.11.19 a variant of Win32/Kryptik.FSD

Norman 6.06.10 2010.11.20 W32/Suspicious_Gen2.BSEEU

nProtect 2010-11-20.01 2010.11.20 Backdoor.Generic.504880

Panda 10.0.2.7 2010.11.20 Trj/Krap.Y

PCTools 7.0.3.5 2010.11.20 Trojan.Gen

Prevx 3.0 2010.11.20 Medium Risk Malware

Rising 22.74.04.00 2010.11.20 Trojan.Win32.Generic.52210879

Sophos 4.59.0 2010.11.20 Mal/Zbot-U

SUPERAntiSpyware 4.40.0.1006 2010.11.20 Trojan.Agent/Gen-Falleg

Symantec 20101.2.0.161 2010.11.20 Trojan.Gen

TheHacker 6.7.0.1.087 2010.11.20 -

TrendMicro 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4

TrendMicro-HouseCall 9.120.0.1004 2010.11.20 TROJ_GEN.R1BE1H4

VBA32 3.12.14.2 2010.11.19 Malware-Cryptor.Win32.073

VIPRE 7362 2010.11.20 LooksLike.Win32.Malware!C (v)

ViRobot 2010.11.20.4158 2010.11.20 -

VirusBuster 13.6.51.0 2010.11.20 Trojan.Krap!707iKaIDjwA

Link to post
Share on other sites

Ramnit

This infection can not be cured.

You're only option is a FULL reformat of the hard drive and and a reinstall of the OS.

As for any Data such as music, pictures etc., I do not know if those are safe to save or not.

You also have a backdoor infection:

backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:

  • Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.
  • Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.
  • Consider what other private information could possibly have been taken from your computer and take appropriate steps

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.


Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.