|
|
#1
13th Mar 2009, 19:54
|
|||
|
|||
|
Whatever I do I can't get rid of TROJAN.VUNDO.H
i'VE TRIED MALWAREBYTES, FIX-IT utilities 8, spybot, and advanced system care. they all say that it was removed, yet it is always there when I reboot. my paietence is wearing thin, lol. any help would be wonderful! |
|
#2
14th Mar 2009, 00:17
|
||||||||||||
|
||||||||||||
|
Hi there
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/comb...o-use-combofix Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. Download GMER Rootkit Scanner from here or here.
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
__________________
__________________
Proud member of ASAP & UNITE My System: Steves Rig
|
|
#3
14th Mar 2009, 01:58
|
||||||||||||
|
||||||||||||
|
Do not spam the rest of the forum with your problem.
__________________
My System: Hybr!d
|
|
#4
14th Mar 2009, 04:40
|
|||
|
|||
|
Quote:
|
|
#5
14th Mar 2009, 04:45
|
|||
|
|||
|
Quote:
|
|
#6
14th Mar 2009, 04:45
|
|||
|
|||
|
anway, thanks for the assistance here 007... it is much appreciated. Ive ran the 2 programs you mentioned, here are the following logs...
{combofix} ComboFix 09-03-13.02 - Chuck 2009-03-14 6:27:17.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.718 [GMT -4:00] Running from: c:\documents and settings\Chuck\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\afoyomuh.ini c:\windows\system32\idumomir.ini c:\windows\system32\IRtvCcfe.ini c:\windows\system32\opopemur.ini c:\windows\system32\orutikay.ini c:\windows\system32\TutvDcdd.ini c:\windows\system32\XEgNnnmp.ini E:\Autorun.inf ----- BITS: Possible infected sites ----- hxxp://77.74.48.105 . ((((((((((((((((((((((((( Files Created from 2009-02-14 to 2009-03-14 ))))))))))))))))))))))))))))))) . 2009-03-13 23:21 . 2009-03-13 23:21 <DIR> d-------- c:\program files\iTunes 2009-03-13 23:21 . 2009-03-13 23:21 <DIR> d-------- c:\program files\iPod 2009-03-13 23:21 . 2009-03-13 23:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-13 23:18 . 2009-03-13 23:19 <DIR> d-------- c:\program files\QuickTime 2009-03-13 22:19 . 2009-03-13 22:19 <DIR> d-------- c:\program files\Trend Micro 2009-03-03 07:36 . 2009-03-09 16:33 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-03 07:36 . 2009-03-03 07:36 <DIR> d-------- c:\documents and settings\Chuck\Application Data\Malwarebytes 2009-03-03 07:36 . 2009-03-03 07:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-03 07:36 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-03 07:36 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-02-28 09:53 . 2009-01-09 15:19 1,089,593 -----c--- c:\windows\system32\dllcache\ntprint.cat 2009-02-28 09:49 . 2009-02-28 09:49 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Avanquest 2009-02-28 08:11 . 2009-03-02 08:54 385 --a------ c:\windows\wininit.ini 2009-02-27 22:46 . 2009-02-27 22:46 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit 2009-02-27 22:44 . 2009-02-27 22:44 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Avanquest 2009-02-23 04:37 . 2009-02-28 00:58 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-02-23 04:37 . 2009-02-28 07:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-02-22 19:02 . 2009-02-22 19:02 <DIR> d-------- c:\documents and settings\Chuck\Application Data\CyberLink 2009-02-22 18:57 . 2009-02-22 18:57 <DIR> d-------- c:\program files\CyberLink 2009-02-18 19:49 . 2009-02-27 08:17 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-02-18 19:49 . 2009-02-18 19:49 <DIR> d-------- c:\program files\MSECACHE 2009-02-14 00:34 . 2009-02-14 00:34 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-02-14 00:19 . 2009-02-14 00:19 <DIR> d-------- c:\windows\ERUNT 2009-02-14 00:14 . 2009-02-27 22:43 <DIR> d-------- c:\documents and settings\Administrator 2009-02-14 00:08 . 2009-02-17 23:20 <DIR> d-------- C:\SDFix . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-03-14 03:21 --------- d-----w c:\program files\Common Files\Apple 2009-03-03 13:19 --------- d-----w c:\program files\Common Files\mfzk 2009-02-27 12:17 --------- d-----w c:\program files\DVD Shrink 2009-02-24 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-02-22 22:57 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-19 04:31 --------- d-----w c:\program files\TVUPlayer 2009-02-19 00:36 --------- d-----w c:\program files\jZip 2009-02-18 03:21 --------- d-----w c:\program files\Yahoo! 2009-02-16 00:56 --------- d-----w c:\documents and settings\Chuck\Application Data\Move Networks 2009-02-08 07:38 --------- d-----w c:\documents and settings\Chuck\Application Data\Yahoo! 2009-02-08 05:17 --------- d-----w c:\program files\Passware 2009-02-04 21:47 --------- d-----w c:\program files\MSBuild 2009-02-04 21:46 --------- d-----w c:\program files\Reference Assemblies 2009-02-03 04:07 --------- d-----w c:\program files\Common Files\Adobe 2009-02-03 03:44 --------- d-----w c:\program files\MarkAny 2009-01-27 02:10 --------- d-----w c:\program files\SopCast 2009-01-25 22:32 --------- d-----w c:\program files\VideoLAN 2009-01-19 11:00 --------- d-----w c:\program files\MSXML 4.0 2009-01-18 04:49 --------- d-----w c:\documents and settings\All Users\Application Data\Kodak 2009-01-18 04:48 --------- d-----w c:\program files\Kodak 2009-01-18 04:47 --------- d-----w c:\program files\Common Files\Kodak 2009-01-15 16:19 23,848 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ctmp3"= c:\windows\System32\ctmp3.acm HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VnrPack23 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 06:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3] --a------ 2009-02-22 14:45 2272592 c:\program files\IObit\Advanced SystemCare 3\AWC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 20:12 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] --a------ 2002-04-03 05:01 135264 c:\program files\Creative\SBLive\Diagnostics\diagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2008-04-13 20:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] -rahs---- 2009-01-26 16:31 2144088 c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2008-08-29 21:11 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] --------- 2000-05-11 05:00 90112 c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S3 MailScan;MailScan;\??\c:\progra~1\AVANQU~1\Fix-It\MailScan.sys --> c:\progra~1\AVANQU~1\Fix-It\MailScan.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-03-01 c:\windows\Tasks\EasyShare Registration Task.job - c:\docume~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup \$REGIS~1\Registration_7.2.20.2.sxt _RegistrationOffer@16 [] . - - - - ORPHANS REMOVED - - - - BHO-{14c9c3a5-e79f-4973-b1ad-4ad92766ad89} - (no file) BHO-{182f9056-a43a-4835-9a5f-f2fe43ad7504} - (no file) BHO-{CEAEACF8-3619-4C07-9B06-74CFE44CA0E8} - (no file) Notify-ljJARlME - ljJARlME.dll MSConfigStartUp-505e7242 - c:\windows\system32\tagusoka.dll MSConfigStartUp-CPM536d41de - c:\windows\system32\pujosove.dll MSConfigStartUp-kogozemige - c:\windows\system32\sayawoha.dll MSConfigStartUp-VirusScannerPro - c:\progra~1\AVANQU~1\Fix-It\MemCheck.exe MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.myembarq.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-14 06:30:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(680) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.EXE c:\windows\system32\MsPMSPSv.exe c:\windows\system32\wscntfy.exe . ************************************************** ************************ . Completion time: 2009-03-14 6:33:15 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-14 10:33:12 Pre-Run: 29,404,770,304 bytes free Post-Run: 29,528,436,736 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptIn 180 --- E O F --- 2009-03-11 02:52:38 [gmer.txt] GMER 1.0.15.14939 - http://www.gmer.net Rootkit scan 2009-03-14 07:35:30 Windows 5.1.2600 Service Pack 3 ---- Kernel code sections - GMER 1.0.15 ---- ? Combo-Fix.sys The system cannot find the file specified. ! ? C:\ComboFix\catchme.sys The system cannot find the file specified. ! ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. ! ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x4c8ed45 size 0x1ae Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.15 ---- paietence may very well be a virtue, but doesnt that make impaitence a vise? lol. again thanks for the assist!++ |
|
#7
14th Mar 2009, 04:53
|
|||
|
|||
|
Quote:
|
|
#8
14th Mar 2009, 10:09
|
|||
|
|||
|
Hi there
I want you to run a different tool for me so I can check an area of your hard disc. Download this tool to desktop: http://www2.gmer.net/mbr/mbr.exe Double click it & post the log it creates on desktop. (mbr.log) Download and scan with CCleaner Slim 1.Double click the file and install ccleaner 2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours" 3. Then select the items you wish to clean up. In the Windows Tab:
In the Applications Tab:
4. Click the "Run Cleaner" button. 5. A pop up box will appear advising this process will permanently delete files from your system. 6. Click "OK" and it will scan and clean your system. 7. Click "exit" when done. ================================================ Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner. Click Accept, when prompted to download and install the program files and database of malware definitions.
This animation will guide you through the process:  **Note** To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
__________________
Proud member of ASAP & UNITE |
|
#9
15th Mar 2009, 08:05
|
|||
|
|||
|
hey there 007, thanks again for the help. here are the next logs you wanted....
mbr.... Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK malicious code @ sector 0x4c8ed45 size 0x1ae ! copy of MBR has been found in sector 62 ! ccleaner.txt CLEANING COMPLETE - (739.122 secs) ------------------------------------------------------------------------------------------ 312.0MB removed. ------------------------------------------------------------------------------------------ Details of files deleted ------------------------------------------------------------------------------------------ IE Temporary Internet Files (2213 files) 235.5MB C:\Documents and Settings\Chuck\Cookies\chuck@intellitxt[2].txt 125 bytes C:\Documents and Settings\Chuck\Cookies\chuck@www.majorgeeks[1].txt 91 bytes C:\Documents and Settings\Chuck\Cookies\chuck@synacor[2].txt 276 bytes C:\Documents and Settings\Chuck\Cookies\chuck@groups.google[2].txt 470 bytes C:\Documents and Settings\Chuck\Cookies\chuck@embarq[1].txt 112 bytes C:\Documents and Settings\Chuck\Cookies\chuck@ebayrtm[2].txt 192 bytes C:\Documents and Settings\Chuck\Cookies\chuck@ebay[2].txt 1.72KB C:\Documents and Settings\Chuck\Cookies\chuck@myembarq[1].txt 512 bytes C:\Documents and Settings\Chuck\Cookies\chuck@main.ebayrtm[2].txt 799 bytes C:\Documents and Settings\Chuck\Cookies\chuck@bluekai[2].txt 473 bytes C:\Documents and Settings\Chuck\Cookies\chuck@computer-juice[2].txt 964 bytes C:\Documents and Settings\Chuck\Cookies\chuck@quantserve[2].txt 203 bytes C:\Documents and Settings\Chuck\Cookies\chuck@google[1].txt 131 bytes C:\Documents and Settings\Chuck\Cookies\chuck@www.computer-juice[1].txt 296 bytes C:\Documents and Settings\Chuck\Cookies\chuck@majorgeeks[1].txt 528 bytes C:\Documents and Settings\Chuck\Cookies\chuck@www.yahoo[2].txt 164 bytes C:\Documents and Settings\Chuck\Cookies\chuck@yahoo[1].txt 495 bytes C:\Documents and Settings\Chuck\Cookies\chuck@ebaymotors.ebayrtm[1].txt 754 bytes Marked for deletion: C:\Documents and Settings\Chuck\Local Settings\Temporary Internet Files\Content.IE5\index.dat Marked for deletion: C:\Documents and Settings\Chuck\Cookies\index.dat Marked for deletion: C:\Documents and Settings\Chuck\Local Settings\History\History.IE5\index.dat Marked for deletion: C:\Documents and Settings\Chuck\Local Settings\History\History.IE5\MSHist012009031420090 315\index.dat C:\Documents and Settings\Chuck\Recent\mbr.lnk 452 bytes Emptied Recycle Bin (3 files) 1.37KB C:\Documents and Settings\Chuck\Local Settings\temp\f399_appcompat.txt 47.29KB C:\Documents and Settings\Chuck\Local Settings\temp\jZip\jZip3280\jZip37290\gmer.exe 0.27MB C:\Documents and Settings\Chuck\Local Settings\temp\jZip\jZip3280\jZipA7D\gmer.exe 0.27MB C:\Documents and Settings\Chuck\Local Settings\temp\log.txt 10.93KB C:\WINDOWS\imsins.BAK 1.34KB C:\WINDOWS\ntbtlog.txt 0.27MB C:\WINDOWS\OEWABLog.txt 1.49KB C:\WINDOWS\setuplog.txt 0.77MB C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 0.62MB C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 33.37KB C:\WINDOWS\Debug\UserMode\userenv.log 0.14MB C:\WINDOWS\$NtUninstallKB842773$\qmgr.dll 0.21MB C:\WINDOWS\$NtUninstallKB842773$\qmgrprxy.dll 17.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00002 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00005 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00006 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00007 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00008 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00009 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00010 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00011 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00012 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00013 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00014 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00015 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00016 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00017 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00018 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00019 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00020 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00021 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00022 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00023 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00032 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00033 8.00KB C:\WINDOWS\$NtUninstallKB842773$\reg00034 8.00KB C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst .exe 0.15MB C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst .inf 7.48KB C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst .txt 818 bytes C:\WINDOWS\$NtUninstallKB842773$\winhttp.dll 0.30MB C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst .exe 0.20MB C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst .inf 4.29KB C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst .txt 463 bytes C:\WINDOWS\$NtUninstallKB898461$\spuninst\updspapi .dll 0.35MB C:\WINDOWS\$NtUninstallKB938464$\spuninst\KB938464 .asms 588 bytes C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst .inf 3.11KB C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst .txt 122 bytes C:\WINDOWS\$NtUninstallKB938464$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB946648$\msgsc.dll 81.00KB C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst .inf 4.48KB C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst .txt 268 bytes C:\WINDOWS\$NtUninstallKB946648$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB950762$\rmcast.sys 0.19MB C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst .inf 4.17KB C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst .txt 320 bytes C:\WINDOWS\$NtUninstallKB950762$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB950974$\es.dll 0.23MB C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst .inf 4.35KB C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst .txt 296 bytes C:\WINDOWS\$NtUninstallKB950974$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB951066$\inetcomm.dll 0.66MB C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst .inf 4.00KB C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst .txt 320 bytes C:\WINDOWS\$NtUninstallKB951066$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB951376-v2$\bthport.sys 0.26MB C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe 0.22MB C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.inf 5.19KB C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.txt 385 bytes C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\updspapi.dll 0.37MB C:\WINDOWS\$NtUninstallKB951698$\quartz.dll 1.23MB C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst .inf 4.33KB C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst .txt 312 bytes C:\WINDOWS\$NtUninstallKB951698$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB951748$\dnsapi.dll 0.14MB C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll 0.23MB C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst .inf 6.71KB C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst .txt 950 bytes C:\WINDOWS\$NtUninstallKB951748$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys 0.34MB C:\WINDOWS\$NtUninstallKB951748$\tcpip6.sys 0.22MB C:\WINDOWS\$NtUninstallKB951978$\cscript.exe 0.13MB C:\WINDOWS\$NtUninstallKB951978$\jscript.dll 0.49MB C:\WINDOWS\$NtUninstallKB951978$\jscript.dll.000 0.47MB C:\WINDOWS\$NtUninstallKB951978$\scrobj.dll 0.17MB C:\WINDOWS\$NtUninstallKB951978$\scrrun.dll 0.16MB C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst .inf 9.80KB C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst .txt 1.72KB C:\WINDOWS\$NtUninstallKB951978$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB951978$\vbscript.dll 0.41MB C:\WINDOWS\$NtUninstallKB951978$\vbscript.dll.000 0.39MB C:\WINDOWS\$NtUninstallKB951978$\wscript.exe 0.15MB C:\WINDOWS\$NtUninstallKB951978$\wshext.dll 88.00KB C:\WINDOWS\$NtUninstallKB951978$\wshom.ocx 0.13MB C:\WINDOWS\$NtUninstallKB952069_WM9$\logagent.exe 101.50KB C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spun inst.exe 0.22MB C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spun inst.inf 5.57KB C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spun inst.txt 723 bytes C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\upds papi.dll 0.37MB C:\WINDOWS\$NtUninstallKB952069_WM9$\wmnetmgr.dll 1.00MB C:\WINDOWS\$NtUninstallKB952069_WM9$\wmvcore.dll 2.01MB C:\WINDOWS\$NtUninstallKB952287$\msadce.dll 0.32MB C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst .inf 4.13KB C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst .txt 335 bytes C:\WINDOWS\$NtUninstallKB952287$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB952954$\mscms.dll 72.00KB C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst .inf 4.75KB C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst .txt 308 bytes C:\WINDOWS\$NtUninstallKB952954$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst .inf 4.27KB C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst .txt 312 bytes C:\WINDOWS\$NtUninstallKB954211$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB954211$\win32k.sys 1.76MB C:\WINDOWS\$NtUninstallKB954459$\msxml6.dll 1.25MB C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst .inf 5.14KB C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst .txt 360 bytes C:\WINDOWS\$NtUninstallKB954459$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst .inf 3.93KB C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst .txt 365 bytes C:\WINDOWS\$NtUninstallKB954600$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB954600$\strmdll.dll 0.24MB C:\WINDOWS\$NtUninstallKB955069$\msxml3.dll 1.05MB C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst .inf 3.81KB C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst .txt 312 bytes C:\WINDOWS\$NtUninstallKB955069$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst .inf 5.27KB C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst .txt 270 bytes C:\WINDOWS\$NtUninstallKB955839$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB955839$\tzchange.exe 59.00KB C:\WINDOWS\$NtUninstallKB956391$\reg00001 0.89MB C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst .inf 3.97KB C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst .txt 122 bytes C:\WINDOWS\$NtUninstallKB956391$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB956802$\gdi32.dll 0.27MB C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst .inf 4.28KB C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst .txt 308 bytes C:\WINDOWS\$NtUninstallKB956802$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB956803$\afd.sys 0.13MB C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst .inf 4.71KB C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst .txt 308 bytes C:\WINDOWS\$NtUninstallKB956803$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB956841$\ntkrnlpa.exe 1.97MB C:\WINDOWS\$NtUninstallKB956841$\ntoskrnl.exe 2.09MB C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst .inf 5.53KB C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst .txt 932 bytes C:\WINDOWS\$NtUninstallKB956841$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst .inf 4.51KB C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst .txt 308 bytes C:\WINDOWS\$NtUninstallKB957095$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB957095$\srv.sys 0.32MB C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys 0.44MB C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst .inf 4.40KB C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst .txt 368 bytes C:\WINDOWS\$NtUninstallKB957097$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB958215$\reg00002 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00003 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00004 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00005 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00006 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00007 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00008 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00009 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00010 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00011 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00012 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00013 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00014 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00015 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00016 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00017 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00018 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00019 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00020 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00021 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00022 12.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00023 8.00KB C:\WINDOWS\$NtUninstallKB958215$\reg00024 0.89MB C:\WINDOWS\$NtUninstallKB958215$\shdocvw.dll 1.43MB C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst .inf 7.71KB C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst .txt 755 bytes C:\WINDOWS\$NtUninstallKB958215$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB958215$\urlmon.dll 0.59MB C:\WINDOWS\$NtUninstallKB958215$\wininet.dll 0.64MB C:\WINDOWS\$NtUninstallKB958644$\netapi32.dll 0.32MB C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst .inf 3.87KB C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst .txt 320 bytes C:\WINDOWS\$NtUninstallKB958644$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst .inf 5.60KB C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst .txt 353 bytes C:\WINDOWS\$NtUninstallKB958687$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB958687$\srv.sys 0.32MB C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst .inf 6.14KB C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst .txt 360 bytes C:\WINDOWS\$NtUninstallKB958690$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB958690$\win32k.sys 1.76MB C:\WINDOWS\$NtUninstallKB960225$\schannel.dll 0.14MB C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst .inf 6.17KB C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst .txt 320 bytes C:\WINDOWS\$NtUninstallKB960225$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB960714$\mshtml.dll 2.92MB C:\WINDOWS\$NtUninstallKB960714$\plugin.ocx 67.00KB C:\WINDOWS\$NtUninstallKB960714$\plugin.ocx.000 67.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00001 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00002 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00003 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00004 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00005 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00006 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00007 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00008 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00009 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00010 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00011 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00012 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00013 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00014 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00015 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00016 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00017 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00018 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00019 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00020 12.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00021 8.00KB C:\WINDOWS\$NtUninstallKB960714$\reg00022 88.00KB C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst .inf 6.91KB C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst .txt 499 bytes C:\WINDOWS\$NtUninstallKB960714$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB960715$\reg00001 0.92MB C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst .inf 5.44KB C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst .txt 122 bytes C:\WINDOWS\$NtUninstallKB960715$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB961118$\ntprint.cat 1.04MB C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst .inf 5.61KB C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst .txt 171 bytes C:\WINDOWS\$NtUninstallKB961118$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$NtUninstallKB967715$\shell32.dll 8.07MB C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst .exe 0.22MB C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst .inf 7.08KB C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst .txt 316 bytes C:\WINDOWS\$NtUninstallKB967715$\spuninst\updspapi .dll 0.37MB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msi.dll 1.99MB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe 63.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msihnd.dll 0.29MB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msimsg.dll 0.81MB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msisip.dll 39.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00013 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00014 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00015 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00016 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00017 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00018 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00019 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00020 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00021 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00022 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00023 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00024 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00025 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00026 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00027 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00028 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00029 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00030 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00031 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00032 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00033 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00034 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00035 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00036 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00037 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00038 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00039 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00040 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00041 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00042 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00043 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00044 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00045 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00046 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00047 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00048 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00051 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00052 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00053 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00054 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00055 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00056 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00057 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00058 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00059 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00060 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00061 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00062 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00063 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00064 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00065 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00066 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00067 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00068 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00069 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00070 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00071 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00072 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00073 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00074 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00075 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00076 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00077 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00078 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00079 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00080 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00081 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00082 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00083 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00084 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00085 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00086 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00087 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00088 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00089 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00090 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00099 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00100 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00101 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00102 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00103 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00104 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00105 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00106 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00107 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00108 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00109 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00110 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00111 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00112 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00113 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00114 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00115 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\reg00116 8.00KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\sp uninst.exe 0.20MB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\sp uninst.inf 12.47KB C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\sp uninst.txt 967 bytes C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\up dspapi.dll 0.35MB C:\Documents and Settings\Chuck\Application Data\Macromedia\Flash Player\#SharedObjects\XL8JPSA2\bin.clearspring.com \clearspring.sol 61 bytes C:\Documents and Settings\Chuck\Application Data\Macromedia\Flash Player\#SharedObjects\XL8JPSA2\secureinclude.ebays tatic.com\ebayLSO.sol 160 bytes C:\Documents and Settings\Chuck\Application Data\Macromedia\Flash Player\#SharedObjects\XL8JPSA2\secureinclude.ebays tatic.com\ebayT.sol 39 bytes C:\Documents and Settings\Chuck\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin .clearspring.com\settings.sol 89 bytes C:\Documents and Settings\Chuck\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#sec ureinclude.ebaystatic.com\settings.sol 98 bytes C:\Documents and Settings\Chuck\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\sett ings.sol 474 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090223-0338.log 2.83KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090223-0426.txt 10.87KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090223-0722.log 434 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090223-0805.txt 2.24KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090223-1016.log 195 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090223-1016.txt 1.69KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090224-1802.log 680 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090224-1844.txt 3.28KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090227-0222.log 653 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090227-0312.txt 2.74KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090228-0000.log 2.27KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090228-0644.txt 8.24KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090228-0717.log 621 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090228-0802.txt 2.83KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090228-0803.log 194 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090228-0803.txt 1.69KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090228-0849.log 690 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090228-0938.txt 2.96KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090228-0947.log 194 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090228-0947.txt 1.69KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090301-1820.log 779 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090301-1901.txt 3.30KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090302-0657.log 706 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090302-0707.txt 2.90KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090302-2321.log 647 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090302-2331.txt 2.64KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090309-2242.log 244 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090309-2303.txt 1.75KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090310-2221.log 195 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090313-0349.log 321 bytes C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.090313-0402.txt 1.86KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.090223-0718.txt 8.56KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.090223-0720.txt 17.13KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.090224-1911.txt 2.80KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.090227-0312.txt 2.54KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.090228-0711.txt 6.92KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.090228-0940.txt 2.74KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.090301-1901.txt 3.16KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.090302-0754.txt 2.68KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.090303-0616.txt 7.57KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.090313-0410.txt 1.85KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Resident.log 9.22MB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\SDHelper.log 32.07KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Update downloads.log 1.44KB C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini 1.69KB ------------------------------------------------------------------------------------------ and last but not least the kas file. i had to install a new java for this one to work. it seemed to stop scanning early even though it took an hour. it was at 17% when it just stopped and said that the computer was infected. anyway here is the log from that.... kas.txt -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, March 15, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, March 15, 2009 14:39:01 Records in database: 1908391 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 34054 Threat name: 1 Infected objects: 5 Suspicious objects: 0 Duration of the scan: 00:59:38 File name / Threat name / Threats count C:\_Backup.RC\WINDOWS\CP73\MBR82 Infected: Backdoor.Win32.Sinowal.aha 1 C:\_Backup.RC\WINDOWS\CP74\MBR82 Infected: Backdoor.Win32.Sinowal.aha 1 C:\_Backup.RC\WINDOWS\CP75\MBR82 Infected: Backdoor.Win32.Sinowal.aha 1 C:\_Backup.RC\WINDOWS\CP76\MBR82 Infected: Backdoor.Win32.Sinowal.aha 1 C:\_Backup.RC\WINDOWS\CP77\MBR82 Infected: Backdoor.Win32.Sinowal.aha 1 The selected area was scanned. Like I said before, there are a lot more files I think that it didnt scan. lemme know if I have to run it again.. |
|
#10
15th Mar 2009, 13:56
|
|||
|
|||
|
Hi there
Can I just ask - what makes you think it did not scan certain files/folders? Copy/paste (not cut and paste) the mbr.exe that you saved on the Desktop to C:\WINDOWS folder.. Next, go to Start >> Run >> copy/paste the command below >> Press Enter mbr -f Then a logfile (mbr.log) will be created on your screen (you can find it at C:\Windows\mbr.log) Post its content here in your next reply... Reboot your computer, run GMER again as you did before, then post the log here...
__________________
Proud member of ASAP & UNITE |
