Antispyware 2009 koneessa - apua!

Elikkäs otsikon ongelma pitäisi saada pois päiväjärjestyksestä. Nopea apu on luonnollisesti tarpeen :|

HjT-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:39, on 31.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google-s.alltalkspectrum.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google-s.alltalkspectrum.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [AntiSpywareXP 2009] "C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinBejSetup.exe] C:\DOWNLO~1\WINBEJ~1.EXE /r
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Latauslinkki käyttäen Mega Manageria... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fi/ImageUploader4.cab
O16 - DPF: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9} - http://affiliates.piclens.com/shared/plinstll.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10246 bytes

 

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt

* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

 

HjT-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:32:05, on 31.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google-s.alltalkspectrum.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google-s.alltalkspectrum.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKLM\..\Run: [AntiSpywareXP 2009] "C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinBejSetup.exe] C:\DOWNLO~1\WINBEJ~1.EXE /r
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Latauslinkki käyttäen Mega Manageria... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fi/ImageUploader4.cab
O16 - DPF: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9} - http://affiliates.piclens.com/shared/plinstll.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10380 bytes

ja "se toinen logi":

Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 857

23:27:45 31.10.2008
mbam-log-10-31-2008 (23-27-45).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 219156
Kulunut aika: 1 hour(s), 23 minute(s), 44 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

 

Et sitten viitsinyt päivittää MB-AM tietokantaa.

Sinulla => Tietokantaversio: 857

Pitäis olla => Tietokantaversio: 1349

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt

* Lähetä lokin sisältö seuraavassa viestissäsi.
=>

 

Ai :| No linkki ei toiminut silloin eikä toimi nytkään.

 

Kyllä linkki toimii nytkin !!!

Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

Malwarebytes' Anti-Malvare


-----------------------------------------------------

* Vanha HOSTS tiedosto poistetaan. Käynnistä kone vikasietotilaan => OHJE
Tämä C:\WINDOWS\system32\drivers\etc\HOSTS tiedosto pois
* Käynnistä koneesi normaalitilaan.
* Lataa HOSTS: Täältä Työpöydällesi.
* Pura: hosts.zip C:\WINDOWS\system32\drivers\etc kansioon.


Lopuksi Voit varmistaa, että siellä on HOSTS niminen tiedosto ilman tiedostopäätettä. Koko n.700 kt tai n.1700 kt.
Suoja activoituu seuraavan käynnistyksen yhteydessä.(ei kuormita muistia)

Houstiin päivitykset: Täältä
Mitä HOSTS tekee: Opas Täällä

--------------------------------------------------------

Boottaa jos MB:n poisto ei sitä tehnyt.

Kokeile uudelleen =>

 

Tiedostoa mbamext.dll ei voi poistaa, eikä linkki toimi vieläkään.

 

Kyllä linkki toimii !!!

Virus koneellasi estää sen.

Käynnistä kone vikasietotilaan => OHJE
Laita piilotiedostot näkyviin =>vikasiedossa OHJE

Poista tiedosto:

c:\program files\malwarebytes' Anti-Malware\mbamext.dll

----------------------------------------------

Lataa TÄÄLTÄ työkalu erään rootkit-infektion tarkistusta varten.
Tuplaklikkaa TDdump.exeä.
Kun työkalu on valmis, loki avautuu.
Lähetä sen sisältö seuraavassa viestissäsi.

=>

 

Tiedostoa ei vieläkään voinut poistaa, mutta tässä logi:

HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_tdssserv.sys
NextInstance REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_tdssserv.sys\0000
Service REG_SZ TDSSserv.sys
Legacy REG_DWORD 1 (0x1)
ConfigFlags REG_DWORD 0 (0x0)
Class REG_SZ LegacyDriver
ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}
DeviceDesc REG_SZ TDSSserv.sys
Capabilities REG_DWORD 0 (0x0)

HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_tdssserv.sys\0000\LogConf

HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_tdssserv.sys\0000\Control
ActiveService REG_SZ TDSSserv.sys

TDSS infection active!

 

Tämä siellä estää !!!

Maalaa ja kopioi alla olevan koodiboxin sisältö.

Code:

 
reg delete hklm\software\tdss\injector /v "*" /f 
start [url]http://download.bleepingcomputer.com/sUBs/ComboFix.exe[/url] 
exit 
cls

Mene Käynnistä>Suorita ja kirjoita cmd ja klikkaa ok avataksesi komentokehotteen.
Sulje KAIKKI selainikkunat. Erittäin tärkeää
Klikkaa komentokehotteen mustaa ikkunaa hiiren oikealla napilla ja valitse liitä.
Komentokehotteen ikkuna sulkeutuu ja ComboFixin latauskehote avautuu.
Tallenna ComboFix työpöydällesi ja aja se alemman ohjeen mukaisesti.

***************************

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

(C:\ComboFix.txt)

HJT:n logi

 

Tämmöinen ongelma ilmeni ComboFixin kanssa:

"Sovellus tai DLL C:\Program Files\Norman\nvc\bin\Niphk.dll ei ole kelvollinen Windows NT -vedos. Tarkista tämä asennuslevykkeeltä."

Ja mitähän tuokin tarkoittaa?

 

Kyllä mei vaikeeksi !!!

Fixaa HJT:llä pois:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Joko MB-AM latautui ????

Combofixin voit ajaa vikasietotilassa niin kuin MB-AM

Normannille voit antaa kenkää ja laittaa vinukan palomuuri päälle
siksi aikaa.

Kerro tarkemmin kun tulee ongelma.

=> D:

 

Malware-linkki toimi, ja päivityksen jälkeen logi on tässä:

Malwarebytes' Anti-Malware 1.30
Tietokantaversio: 1354
Windows 5.1.2600 Service Pack 3

2008-11-01 23:43:35
mbam-log-2008-11-01 (23-43-35).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 221787
Kulunut aika: 1 hour(s), 8 minute(s), 20 second(s)

Saastuneita muistiprosesseja: 1
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 9
Saastuneita rekisteriarvoja: 3
Saastuneita rekisterikohteita: 2
Saastuneita hakemistoja: 1
Saastuneita tiedostoja: 29

Saastuneita muistiprosesseja:
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bfb5f154-9212-46f3-b547-ac6106030a54} (Adware.DosPopToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywarexp 2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Saastuneita rekisterikohteita:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Saastuneita hakemistoja:
C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}\RP66\A0013403.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}\RP66\A0013404.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}\RP66\A0013405.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\av.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\AntiSpywareXP2009.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\AVEngn.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\Uninstall.exe (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\BM7fa79b77.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\_scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wini10801.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Omistaja\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Omistaja\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Omistaja\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Omistaja\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Omistaja\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Omistaja\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSShrsr.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSkkbi.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\TDSSlxwp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSoiqt.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSrtqp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\TDSSpqlt.sys (Rootkit.Agent) -> Delete on reboot.


Sekä lisäksi HjT-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56, on 2008-11-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\Norman\nse\bin\NSESVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google-s.alltalkspectrum.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google-s.alltalkspectrum.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinBejSetup.exe] C:\DOWNLO~1\WINBEJ~1.EXE /r
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Latauslinkki käyttäen Mega Manageria... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fi/ImageUploader4.cab
O16 - DPF: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9} - http://affiliates.piclens.com/shared/plinstll.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10101 bytes

 

Oikein hyvä !!!
Nyt ollaan voiton puolella.

Jatketaan huomenna loput D:
.

 

Tehdään näin

 

Tuo on Normannin palikka joka valvoo sähköpostiliikennettä. (on vaurioitunut)
Se pitää korvata uudella (tarviitko ohjeita) ???

******************************************
Käynnistä Malwarebytes => Karanteeni välileti ja tyhjennä roskat.

**********************************************************

Aja se ComboFix ja laita logi tänne.

------------------------------------

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
(Windows Vista: Käynnistä -> [kirjoita hakukenttään] Ohjelmat ja toiminnot ja Enter)

2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.

4. Asenna uusin Java päivitys seuraavasta linkistä..

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 10

Paina Download

Valitse Platform -kohtaan käyttöjärjestelmäsi Windows.

Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement.

Paina Continue.

Paina Windows Offline Installation:in alapuolelta jre-6u10-windows-i586-p.exe.

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:

* Applications and Applets

* Trace and Log Files


Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically

Valitse Never check

11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

-----------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - Global Startup: BTTray.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/test...OnlineGames.cab

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
* ????
*

 

Vaikea saada tätä ComboFix-raporttia yhtenä palana, joten pistän sen sitten useampana pätkänä:

ComboFix 08-11-01.05 - Omistaja 2008-11-02 14:44:23.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.440 [GMT 2:00]
Sijainti: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Omistaja\Cookies\ibaxype.inf
C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\qazikuqy._sy
C:\Documents and Settings\Omistaja\Local Settings\Temporary Internet Files\ubeka.reg
C:\WINDOWS\system32\TDSSorvd.dat

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NSESVC
-------\Legacy_TDSSSERV.SYS
-------\Service_nsesvc
-------\Service_TDSSserv.sys


((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-10-02 to 2008-11-02 )))))))))))))))))
.

2008-11-01 22:15 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-11-01 19:28 . 2008-11-01 19:28 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-11-01 19:28 . 2008-11-01 19:28 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-10-30 21:22 . 2008-10-30 21:22 18,153 --a------ C:\WINDOWS\ymuradykev.lib
2008-10-30 21:22 . 2008-10-30 21:22 15,759 --a------ C:\WINDOWS\uhywyz.exe
2008-10-30 21:22 . 2008-10-30 21:22 15,095 --a------ C:\Documents and Settings\Omistaja\Application Data\imydarito.bat
2008-10-30 21:22 . 2008-10-30 21:22 14,510 --a------ C:\Documents and Settings\Omistaja\Application Data\haviwez.scr
2008-10-30 21:22 . 2008-10-30 21:22 13,705 --a------ C:\Documents and Settings\All Users\Application Data\ibyzopuvo.dll
2008-10-30 21:22 . 2008-10-30 21:22 13,614 --a------ C:\WINDOWS\hasoj.dll
2008-10-30 21:22 . 2008-10-30 21:22 13,307 --a------ C:\Program Files\Common Files\ihafopulut.com
2008-10-25 21:07 . 2008-10-25 21:54 <KANSIO> d-------- C:\Program Files\DC++
2008-10-24 12:30 . 2008-10-15 18:37 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-15 19:04 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 19:03 . 2008-08-14 15:25 2,191,488 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 19:03 . 2008-08-14 15:25 2,147,840 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 19:03 . 2008-08-14 15:25 2,068,352 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 19:03 . 2008-08-14 15:24 2,026,496 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-15 19:03 . 2008-09-15 17:27 1,846,656 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 15:09 . 2008-10-14 15:09 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2008-10-14 15:09 . 2008-10-14 15:09 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2008-10-14 15:08 . 2008-10-14 15:08 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2008-10-14 15:08 . 2007-09-17 14:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-10-14 15:01 . 2008-10-14 15:01 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Bluetooth Software
2008-10-14 14:57 . 2008-10-14 14:57 <KANSIO> d-------- C:\Program Files\WIDCOMM
2008-10-14 14:57 . 2007-11-21 09:51 879,624 --a------ C:\WINDOWS\system32\drivers\btkrnl.sys
2008-10-14 14:57 . 2007-12-10 11:21 539,640 --a------ C:\WINDOWS\system32\drivers\btaudio.sys
2008-10-14 14:57 . 2007-06-29 10:38 156,392 --a------ C:\WINDOWS\system32\drivers\btwdndis.sys
2008-10-14 14:57 . 2007-03-23 08:50 106,557 --a------ C:\WINDOWS\system32\btw_ci.dll
2008-10-14 14:57 . 2007-11-27 14:40 74,688 --a------ C:\WINDOWS\system32\drivers\btwusb.sys
2008-10-14 14:57 . 2007-03-31 11:02 55,352 --a------ C:\WINDOWS\system32\drivers\btwhid.sys
2008-10-14 14:57 . 2007-03-23 08:50 37,424 --a------ C:\WINDOWS\system32\drivers\btport.sys
2008-10-14 14:57 . 2007-03-23 08:50 37,280 --a------ C:\WINDOWS\system32\drivers\btwmodem.sys
2008-10-14 14:49 . 2008-04-14 18:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-10-14 14:49 . 2008-04-14 18:11 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-10-14 14:49 . 2008-04-14 17:46 14,720 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-10-14 14:49 . 2008-04-14 17:46 14,720 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-10-08 19:11 . 2008-04-13 20:45 26,112 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-10-08 19:11 . 2008-04-13 20:45 26,112 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-10-08 19:11 . 2008-10-08 19:11 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-08 19:11 . 2008-10-08 19:11 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-02 21:54 . 2008-10-02 21:59 <KANSIO> d-------- C:\Program Files\DosPop Toolbar
2008-10-02 21:54 . 2008-10-02 21:54 <KANSIO> d-------- C:\Program Files\BandsScreensavers - Metallica

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 12:50 --------- d-----w C:\Program Files\Norman
2008-11-02 10:14 30 ----a-w C:\Documents and Settings\Omistaja\jagex_runescape_preferences.dat
2008-11-01 20:15 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-10-30 15:36 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\LimeWire
2008-10-22 14:10 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 06:41 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Skype
2008-10-18 06:40 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\skypePM
2008-10-15 19:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-14 13:14 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\PC Suite
2008-10-14 13:09 --------- d-----w C:\Program Files\Nokia
2008-10-14 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-10-06 17:10 --------- d-----w C:\Program Files\LimeWire
2008-09-30 13:07 --------- d-----w C:\Program Files\RadioRock
2008-09-26 16:17 182,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-26 16:17 159,992 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-26 16:15 --------- d-----w C:\Program Files\WarRock
2008-09-23 12:06 200,704 ----a-w C:\WINDOWS\system32\scDRQHandler.exe
2008-09-16 13:14 --------- d-----w C:\Program Files\IrfanView
2008-09-15 15:27 1,846,656 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-11 16:18 --------- d-----w C:\Program Files\Microsoft Works
2008-09-11 16:16 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-11 14:10 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\ICAClient
2008-09-11 14:09 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Runaware
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-02 10:48 19,512 ----a-w C:\WINDOWS\system32\drivers\nvcw32mf.sys
2008-08-26 08:12 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 13:25 2,191,488 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:25 2,068,352 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-02-17 17:36 21,769,888 ----a-w C:\Documents and Settings\sanrox\Nokia_PC_Suite_6_84_10_3_fin_web.exe
2008-01-06 13:29 0 ----a-w C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
2008-01-04 16:11 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot_2008-06-19_20.13.21,45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-02 13:31:44 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP2QFE\msgsc.dll
+ 2008-05-02 14:01:55 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3GDR\msgsc.dll
+ 2008-05-02 13:44:42 83,968 ----a-w C:\WINDOWS\$hf_mig$\KB946648\SP3QFE\msgsc.dll
+ 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB946648\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\spcustom.dll
+ 2007-11-30 11:19:03 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\update.exe
+ 2007-11-30 12:39:28 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB946648\update\updspapi.dll
+ 2008-07-07 20:18:29 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:28:49 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:25:27 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:25 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:25 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-04-11 18:40:58 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP2QFE\inetcomm.dll
+ 2008-04-11 19:05:25 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3GDR\inetcomm.dll
+ 2008-04-11 21:23:30 691,712 ----a-w C:\WINDOWS\$hf_mig$\KB951066\SP3QFE\inetcomm.dll
+ 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951066\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\spcustom.dll
+ 2007-12-03 15:25:38 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\update.exe
+ 2007-11-30 12:39:28 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB951066\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:19:02 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:19:02 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:19:02 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:27 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:28 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-14 18:05:39 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP2QFE\bthport.sys
+ 2008-06-14 17:34:47 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3GDR\bthport.sys
+ 2008-06-14 17:40:21 272,128 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\SP3QFE\bthport.sys
+ 2007-11-30 11:19:02 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spmsg.dll
+ 2007-11-30 11:19:02 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\spuninst.exe
+ 2007-11-30 11:19:02 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\spcustom.dll
+ 2007-11-30 11:19:03 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe
+ 2007-11-30 11:19:03 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB951376-v2\update\updspapi.dll
+ 2006-08-16 12:14:20 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:37:17 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:37:17 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:47:56 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:47:56 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:44:04 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:44:04 246,784 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:25 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:25 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:51:53 512,000 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:51:53 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:51:53 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:51:53 430,080 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:51:53 90,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:25 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:25 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-05-01 15:04:51 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP2QFE\msadce.dll
+ 2008-05-01 14:35:56 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3GDR\msadce.dll
+ 2008-05-01 14:39:32 331,776 ----a-w C:\WINDOWS\$hf_mig$\KB952287\SP3QFE\msadce.dll
+ 2007-11-30 11:19:02 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spmsg.dll
+ 2007-11-30 11:19:02 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB952287\spuninst.exe
+ 2007-11-30 11:19:02 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\spcustom.dll
+ 2007-11-30 11:19:03 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\update.exe
+ 2007-11-30 11:19:03 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB952287\update\updspapi.dll
+ 2008-06-24 16:30:41 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:44:24 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:55 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:27 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:28 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-06-23 15:40:37 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\advpack.dll
+ 2008-06-23 15:40:37 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\dxtmsft.dll
+ 2008-06-23 15:40:37 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\dxtrans.dll
+ 2008-06-23 15:40:37 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\extmgr.dll
+ 2008-06-23 15:40:37 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\icardie.dll
+ 2008-06-23 08:23:18 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ie4uinit.exe
+ 2008-06-23 15:40:38 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieakeng.dll
+ 2008-06-23 15:40:38 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieaksie.dll
+ 2008-06-21 05:23:53 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dat
+ 2008-06-23 15:40:38 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieapfltr.dll
+ 2008-06-23 15:40:38 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iedkcs32.dll
+ 2008-06-23 15:40:40 6,068,736 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieframe.dll
+ 2008-06-23 15:40:40 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iernonce.dll
+ 2008-06-23 15:40:40 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iertutil.dll
+ 2008-06-23 08:23:18 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\ieudinit.exe
+ 2008-06-23 08:23:52 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
+ 2008-06-23 15:40:40 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\jsproxy.dll
+ 2008-06-23 15:40:41 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msfeeds.dll
+ 2008-06-23 15:40:41 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msfeedsbs.dll
+ 2008-06-23 15:40:42 3,594,240 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll
+ 2008-06-23 15:40:43 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mshtmled.dll
+ 2008-06-23 15:40:43 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\msrating.dll
+ 2008-06-23 15:40:43 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\mstime.dll
+ 2008-06-23 15:40:43 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\occache.dll
+ 2008-06-23 15:40:43 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\pngfilt.dll
+ 2008-06-23 15:40:43 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\url.dll
+ 2008-06-23 15:40:44 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\urlmon.dll
+ 2008-06-23 15:40:44 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\webcheck.dll
+ 2008-06-23 15:40:44 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:31:09 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\spmsg.dll
+ 2007-03-06 01:31:14 214,752 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\spuninst.exe
+ 2007-03-06 01:31:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\spcustom.dll
+ 2007-03-06 01:31:32 717,536 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\update.exe
+ 2007-03-06 01:32:23 380,640 ----a-w C:\WINDOWS\$hf_mig$\KB953838-IE7\update\updspapi.dll
+ 2007-11-30 12:39:27 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spmsg.dll
+ 2007-11-30 12:39:27 232,824 ----a-w C:\WINDOWS\$hf_mig$\KB953839\spuninst.exe
+ 2007-11-30 12:39:27 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\spcustom.dll
+ 2007-11-30 12:39:27 757,112 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\update.exe
+ 2007-11-30 12:39:28 392,056 ----a-w C:\WINDOWS\$hf_mig$\KB953839\update\updspapi.dll
+ 2004-09-15 12:00:00 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\1394bus.sys
+ 2006-08-16 11:58:03 100,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll
+ 2006-10-04 14:05:26 39,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\acadproc.dll
+ 2006-10-04 14:05:26 39,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\acadproc.dll.000
+ 2004-09-15 12:00:00 186,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe
+ 2004-09-15 12:00:00 1,852,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll
+ 2004-09-15 12:00:00 1,852,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll.000
+ 2004-09-15 12:00:00 450,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll
+ 2004-09-15 12:00:00 450,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll.000
+ 2004-09-15 12:00:00 137,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclua.dll
+ 2004-09-15 12:00:00 137,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclua.dll.000
+ 2004-09-15 12:00:00 114,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclui.dll
+ 2004-09-15 12:00:00 187,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
+ 2004-09-15 12:00:00 244,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll
+ 2004-09-15 12:00:00 244,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll.000
+ 2004-09-15 12:00:00 194,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\activeds.dll
+ 2004-09-15 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe
+ 2004-09-15 12:00:00 101,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\actxprxy.dll
+ 2004-09-15 12:00:00 116,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll
+ 2004-09-15 12:00:00 116,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll.000
+ 2003-03-24 13:52:04 20,540 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.dll
+ 2003-03-24 13:52:04 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.exe
+ 2004-09-15 12:00:00 175,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldp.dll
+ 2004-09-15 12:00:00 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldpc.dll
+ 2004-09-15 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsmsext.dll
+ 2004-09-15 12:00:00 263,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsnt.dll
+ 2004-09-15 12:00:00 679,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\advapi32.dll
+ 2006-02-15 00:22:26 142,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\aec.sys
+ 2006-02-15 00:22:26 142,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\aec.sys.000
+ 2008-06-20 10:44:38 138,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\afd.sys
+ 2004-09-15 12:00:00 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentanm.dll
+ 2004-09-15 12:00:00 214,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentctl.dll
+ 2006-10-12 14:04:15 42,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdp2.dll
+ 2007-03-09 13:46:31 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdpv.dll
+ 2004-09-15 12:00:00 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentmpx.dll
+ 2004-09-15 12:00:00 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentpsh.dll
+ 2004-09-15 12:00:00 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsr.dll
+ 2006-10-12 11:09:53 256,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0401.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0404.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0405.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0406.dll
+ 2004-09-15 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0407.dll
+ 2004-09-15 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0408.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0409.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt040b.dll
+ 2004-09-15 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt040c.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt040d.dll
+ 2004-09-15 12:00:00 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt040e.dll
+ 2004-09-15 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0410.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0411.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0412.dll
+ 2004-09-15 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0413.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0414.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0415.dll
+ 2004-09-15 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0416.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0419.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt041d.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt041f.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0804.dll
+ 2004-09-15 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0816.dll
+ 2004-09-15 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\agt0c0a.dll
+ 2004-09-15 12:00:00 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\agtintl.dll
+ 2004-09-15 12:00:00 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\ahui.exe
+ 2004-09-15 12:00:00 44,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\alg.exe
+ 2004-09-15 12:00:00 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\alrsvc.dll
+ 2004-09-15 12:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk6.sys
+ 2004-09-15 12:00:00 41,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk7.sys
+ 2004-09-15 12:00:00 70,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\amstream.dll
+ 2004-09-15 12:00:00 126,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\apphelp.dll
+ 2004-09-15 12:00:00 331,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\aqueue.dll
+ 2004-09-15 12:00:00 60,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\arp1394.sys
+ 2004-09-15 12:00:00 65,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\asycfilt.dll
+ 2004-09-15 12:00:00 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys
+ 2004-09-15 12:00:00 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\at.exe
+ 2004-08-03 20:59:44 95,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
+ 2004-09-15 12:00:00 58,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\atl.dll
+ 2004-09-15 12:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe
+ 2004-09-15 12:00:00 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmarpc.sys
+ 2004-09-15 12:00:00 285,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmfd.dll
+ 2004-09-15 12:00:00 55,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlane.sys
+ 2004-09-15 12:00:00 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlib.dll
+ 2004-09-15 12:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\attrib.exe
+ 2004-09-15 12:00:00 42,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll
+ 2004-09-15 12:00:00 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\auditusr.exe
+ 2003-03-24 13:52:04 20,540 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.dll
+ 2003-03-24 13:52:04 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.exe
+ 2005-03-02 18:18:13 56,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\authz.dll
+ 2004-09-15 12:00:00 587,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
+ 2004-09-15 12:00:00 602,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\autoconv.exe
+ 2004-09-15 12:00:00 580,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\autofmt.exe
+ 2004-09-15 12:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\autolfn.exe
+ 2004-09-15 12:00:00 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\avifil32.dll
+ 2004-09-15 12:00:00 52,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\basesrv.dll
+ 2004-09-15 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\batmeter.dll
+ 2004-09-15 12:00:00 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\batt.dll
+ 2001-08-17 21:57:54 14,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\battc.sys
+ 2004-09-15 12:00:00 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\bidispl.dll
+ 2004-09-15 12:00:00 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx2.dll
+ 2004-09-15 12:00:00 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx3.dll
+ 2004-09-15 12:00:00 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\blastcln.exe
+ 2004-09-15 12:00:00 71,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\bridge.sys
+ 2004-09-15 12:00:00 65,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\browselc.dll
+ 2004-09-15 12:00:00 77,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\browser.dll
+ 2007-10-11 06:14:18 1,023,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\browseui.dll
+ 2004-09-15 12:00:00 78,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\browsewm.dll
+ 2004-09-15 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthci.dll
+ 2008-06-14 17:59:49 272,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthport.sys
+ 2008-06-14 17:59:49 272,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthport.sys.000
+ 2004-09-15 12:00:00 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\bthserv.dll
+ 2004-09-15 12:00:00 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\btpanui.dll
+ 2004-09-15 12:00:00 218,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\c_g18030.dll
+ 2004-09-15 12:00:00 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabinet.dll
+ 2004-09-15 12:00:00 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabview.dll
+ 2004-09-15 12:00:00 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\cacls.exe
+ 2004-09-15 12:00:00 385,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\callcont.dll
+ 2004-09-15 12:00:00 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\camocx.dll
+ 2004-09-15 12:00:00 143,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\capesnpn.dll
+ 2005-07-26 04:40:29 225,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll
+ 2004-09-15 12:00:00 85,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvps.dll
+ 2005-07-26 04:40:29 625,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll
+ 2004-08-03 21:10:18 17,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys
+ 2004-09-15 12:00:00 63,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys
+ 2007-10-11 06:14:18 151,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfview.dll
+ 2005-09-10 01:55:11 2,067,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdosys.dll
+ 2004-09-15 12:00:00 49,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
+ 2004-09-15 12:00:00 196,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\certcli.dll
+ 2004-09-15 12:00:00 458,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\certmgr.dll
+ 2004-09-15 12:00:00 39,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgbkend.dll
+ 2004-09-15 12:00:00 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgmgr32.dll
+ 2003-03-24 13:52:04 188,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe
+ 2004-09-15 12:00:00 97,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\chtmbx.dll
+ 2004-09-15 12:00:00 56,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\chtskdic.dll
+ 2004-09-15 12:00:00 173,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\chtskf.dll
+ 2004-09-15 12:00:00 109,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\cic.dll
+ 2004-09-15 12:00:00 1,352,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\cimwin32.dll
+ 2004-09-15 12:00:00 198,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\cintime.dll
+ 2006-06-22 05:17:15 69,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\ciodm.dll
+ 2004-09-15 12:00:00 5,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe
+ 2004-09-15 12:00:00 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
+ 2005-07-26 04:40:29 110,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll
+ 2005-07-26 04:40:30 498,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll
+ 2004-09-15 12:00:00 64,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
+ 2004-09-15 12:00:00 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.dll
+ 2004-09-15 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe
+ 2004-09-15 12:00:00 102,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe
+ 2004-09-15 12:00:00 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
+ 2004-09-15 12:00:00 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\clusapi.dll
+ 2004-08-03 23:07:40 14,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmbatt.sys
+ 2004-09-15 12:00:00 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmcfg32.dll
+ 2004-09-15 12:00:00 390,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
+ 2004-09-15 12:00:00 344,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdial32.dll
+ 2004-09-15 12:00:00 47,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe
+ 2004-09-15 12:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe
+ 2004-09-15 12:00:00 185,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmprops.dll
+ 2004-09-15 12:00:00 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmsetacl.dll
+ 2004-09-15 12:00:00 62,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe
+ 2004-09-15 12:00:00 40,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmutil.dll
+ 2004-09-15 12:00:00 48,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\cnbjmon.dll
+ 2005-07-26 04:40:30 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\colbact.dll
+ 2004-09-15 12:00:00 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\comaddin.dll
+ 2005-07-26 04:40:30 195,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll
+ 2006-08-25 15:49:12 617,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll
+ 2004-09-15 12:00:00 278,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\comdlg32.dll
+ 2004-09-15 12:00:00 253,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\compatui.dll
+ 2001-08-17 21:58:00 9,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\compbatt.sys
+ 2004-09-15 12:00:00 229,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\compstui.dll
+ 2005-07-26 04:40:30 97,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.dll
+ 2004-09-15 12:00:00 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe
+ 2004-09-15 12:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrereg.exe
+ 2004-09-15 12:00:00 790,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\comres.dll
+ 2004-09-15 12:00:00 259,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsetup.dll
+ 2004-09-15 12:00:00 147,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsnap.dll
+ 2005-07-26 04:40:30 1,267,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll
+ 2005-07-26 04:40:30 540,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\comuid.dll
+ 2004-09-15 12:00:00 1,032,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\conf.exe
+ 2004-09-15 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\confmrsl.dll
+ 2004-09-15 12:00:00 345,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\confmsp.dll
+ 2004-09-15 12:00:00 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\conime.exe
+ 2004-09-15 12:00:00 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\corpol.dll
+ 2004-09-15 12:00:00 163,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\credui.dll
+ 2004-09-15 12:00:00 40,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\crusoe.sys
+ 2004-09-15 12:00:00 599,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll
+ 2004-09-15 12:00:00 75,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdlg.dll
+ 2004-09-15 12:00:00 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdll.dll
+ 2004-09-15 12:00:00 53,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptext.dll
+ 2004-09-15 12:00:00 63,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptnet.dll
+ 2004-09-15 12:00:00 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
+ 2004-09-15 12:00:00 515,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptui.dll
+ 2004-09-15 12:00:00 102,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscdll.dll
+ 2004-09-15 12:00:00 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscript.exe
+ 2004-09-15 12:00:00 329,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscui.dll
+ 2004-09-15 12:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrsrv.dll
+ 2004-09-15 12:00:00 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
+ 2004-09-15 12:00:00 15,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
+ 2006-06-02 19:32:28 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\custsat.dll
+ 2004-09-15 12:00:00 1,179,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8.dll
+ 2004-09-15 12:00:00 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll
+ 2004-09-15 12:00:00 1,689,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll
+ 2004-09-15 12:00:00 825,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3dim700.dll
+ 2007-10-11 06:14:19 1,055,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\danim.dll
+ 2004-09-15 12:00:00 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\dataclen.dll
+ 2004-09-15 12:00:00 152,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\datime.dll
+ 2004-09-15 12:00:00 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\davclnt.dll
+ 2004-09-15 12:00:00 640,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbghelp.dll
+ 2004-09-15 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbmsrpcn.dll
+ 2004-09-15 12:00:00 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll
+ 2004-09-15 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnmpntw.dll
+ 2004-09-15 12:00:00 1,788 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2004-09-15 12:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcap32.dll
+ 2004-09-15 12:00:00 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\dciman32.dll
+ 2004-09-15 12:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcomcnfg.exe
+ 2004-09-15 12:00:00 31,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe
+ 2004-09-15 12:00:00 266,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll
+ 2004-09-15 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddrawex.dll
+ 2004-09-15 12:00:00 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\defrag.exe
+ 2004-09-15 12:00:00 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\devenum.dll
+ 2004-09-15 12:00:00 281,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\devmgr.dll
+ 2004-09-15 12:00:00 82,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe
+ 2004-09-15 12:00:00 104,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe
+ 2004-09-15 12:00:00 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgsnap.dll
+ 2004-09-15 12:00:00 123,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgui.dll
+ 2004-09-15 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfsshlex.dll
+ 2004-09-15 12:00:00 112,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\dgnet.dll
+ 2006-05-19 13:24:53 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2004-09-15 12:00:00 377,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\dhcpmon.dll
+ 2004-09-15 12:00:00 542,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\dialer.exe
+ 2004-09-15 12:00:00 85,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\diantz.exe
+ 2004-09-15 12:00:00 68,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\digest.dll
+ 2004-09-15 12:00:00 166,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\dinput.dll
+ 2004-09-15 12:00:00 188,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\dinput8.dll
+ 2007-05-16 15:14:00 86,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\directdb.dll
+ 2004-09-15 12:00:00 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\disk.sys
+ 2004-09-15 12:00:00 1,501,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskcopy.dll
+ 2004-09-15 12:00:00 14,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskdump.sys
+ 2004-09-15 12:00:00 161,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe
+ 2004-09-15 12:00:00 45,083 -c----w C:\WINDOWS\$NtServicePackUninstall$\dispex.dll
+ 2004-09-15 12:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe
+ 2004-09-15 12:00:00 224,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe
+ 2004-09-15 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmband.dll
+ 2004-09-15 12:00:00 800,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmboot.sys
+ 2004-09-15 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmcompos.dll
+ 2004-09-15 12:00:00 273,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmdlgs.dll
+ 2004-09-15 12:00:00 200,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmdskmgr.dll
+ 2004-09-15 12:00:00 181,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmime.dll
+ 2004-09-15 12:00:00 154,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmio.sys
+ 2004-09-15 12:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmloader.dll
+ 2004-09-15 12:00:00 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe
+ 2004-09-15 12:00:00 82,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmscript.dll
+ 2004-09-15 12:00:00 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmserver.dll
+ 2004-09-15 12:00:00 105,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmstyle.dll
+ 2004-09-15 12:00:00 103,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmsynth.dll
+ 2004-09-15 12:00:00 104,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmusic.dll
+ 2004-08-03 21:07:40 52,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmusic.sys
+ 2004-09-15 12:00:00 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmutil.dll
+ 2008-06-20 17:41:09 148,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll
+ 2008-02-20 05:38:03 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
+ 2004-09-15 12:00:00 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\docprop2.dll
+ 2004-09-15 12:00:00 97,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpcdll.dll
+ 2004-09-15 12:00:00 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe
+ 2004-09-15 12:00:00 229,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplayx.dll
+ 2004-09-15 12:00:00 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpmodemx.dll
+ 2004-09-15 12:00:00 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnaddr.dll
+ 2004-09-15 12:00:00 375,296 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnet.dll
+ 2004-09-15 12:00:00 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnhpast.dll
+ 2004-09-15 12:00:00 60,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnhupnp.dll
+ 2004-09-15 12:00:00 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnlobby.dll
+ 2004-09-15 12:00:00 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe
+ 2004-09-15 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvacm.dll
+ 2004-09-15 12:00:00 212,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvoice.dll
+ 2004-09-15 12:00:00 83,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe
+ 2004-09-15 12:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpwsockx.dll
+ 2004-09-15 12:00:00 116,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvvox.dll
+ 2004-09-15 12:00:00 299,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmclien.dll
+ 2004-08-03 21:08:00 60,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmk.sys
+ 2004-08-03 21:07:58 2,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2004-09-15 12:00:00 87,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmstor.dll
+ 2004-09-15 12:00:00 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\drprov.dll
+ 2004-09-15 12:00:00 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ds32gt.dll
+ 2004-09-15 12:00:00 181,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsdmo.dll
+ 2004-09-15 12:00:00 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsdmoprp.dll
+ 2004-09-15 12:00:00 93,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\dskquota.dll
+ 2004-09-15 12:00:00 145,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\dskquoui.dll
+ 2004-09-15 12:00:00 367,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsound.dll
+ 2004-09-15 12:00:00 1,294,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsound3d.dll
+ 2004-09-15 12:00:00 142,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsprop.dll
+ 2004-09-15 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsprpres.dll
+ 2004-09-15 12:00:00 239,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsquery.dll
+ 2004-09-15 12:00:00 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\dssec.dll
+ 2004-09-15 12:00:00 137,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\dssenh.dll
+ 2004-09-15 12:00:00 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsuiext.dll
+ 2004-09-15 12:00:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\dswave.dll
+ 2004-09-15 12:00:00 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe
+ 2004-09-15 12:00:00 304,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\duser.dll
+ 2004-09-15 12:00:00 17,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe
+ 2004-09-15 12:00:00 180,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe
+ 2004-09-15 12:00:00 619,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\dx7vb.dll
+ 2004-09-15 12:00:00 1,227,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\dx8vb.dll
+ 2004-09-15 12:00:00 1,298,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe
+ 2004-09-15 12:00:00 2,113,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiagn.dll
+ 2004-09-15 12:00:00 71,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxg.sys
+ 2006-08-24 11:17:24 499,254 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxmasf.dll
+ 2004-09-15 12:00:00 183,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\els.dll
+ 2004-09-15 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\encapi.dll
+ 2004-09-15 12:00:00 186,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\encdec.dll
+ 2004-09-15 12:00:00 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\ersvc.dll
+ 2008-07-07 20:31:56 253,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\es.dll
+ 2005-10-20 22:26:43 1,082,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\esent.dll
+ 2004-09-15 12:00:00 247,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\esscli.dll
+ 2004-09-15 12:00:00 194,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe
+ 2004-09-15 12:00:00 55,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
+ 2004-09-15 12:00:00 103,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntagnt.dll
+ 2004-09-15 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe
+ 2004-09-15 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntrprv.dll
+ 2004-09-15 12:00:00 92,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntwin.exe
+ 2007-06-13 13:22:06 1,033,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
+ 2004-09-15 12:00:00 380,957 -c----w C:\WINDOWS\$NtServicePackUninstall$\expsrv.dll
+ 2004-09-15 12:00:00 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe
+ 2004-09-15 12:00:00 121,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\exts.dll
+ 2004-09-15 12:00:00 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\f3ahvoas.dll
+ 2004-09-15 12:00:00 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys
+ 2004-09-15 12:00:00 472,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\fastprox.dll
+ 2004-09-15 12:00:00 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\faultrep.dll
+ 2004-09-15 12:00:00 27,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\fdc.sys
+ 2004-09-15 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\feclient.dll
+ 2004-09-15 12:00:00 339,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\filemgmt.dll
+ 2004-09-15 12:00:00 28,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\findstr.exe
+ 2004-09-15 12:00:00 34,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\fips.sys
+ 2004-09-15 12:00:00 88,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll
+ 2004-09-15 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\flpydisk.sys
+ 2006-08-21 12:26:46 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\fltlib.dll
+ 2006-08-21 09:14:58 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\fltmc.exe
+ 2006-08-21 09:14:58 128,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\fltmgr.sys
+ 2004-09-15 12:00:00 382,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontext.dll
+ 2005-10-17 21:21:16 80,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontsub.dll
+ 2004-09-15 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontview.exe
+ 2004-09-15 12:00:00 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\forcedos.exe
+ 2004-09-15 12:00:00 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\format.com
+ 2004-09-15 12:00:00 32,828 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp40ext.dll
+ 2004-05-12 22:39:48 184,435 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4amsft.dll
+ 2003-03-24 13:52:04 82,035 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4anscp.dll
+ 2003-03-24 13:52:04 147,513 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4apws.dll
+ 2003-03-24 13:52:04 49,210 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4areg.dll
+ 2003-03-24 13:52:04 102,509 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4atxt.dll
+ 2003-03-24 13:52:04 618,605 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4autl.dll
+ 2003-03-24 13:52:04 49,212 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4awebs.dll
+ 2004-05-12 22:39:48 876,653 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4awel.dll
+ 2003-03-24 13:52:04 41,020 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4avnb.dll
+ 2003-03-24 13:52:04 32,826 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4avss.dll
+ 2002-05-14 11:08:54 14,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe
+ 2002-05-14 11:08:54 109,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe
+ 2003-03-24 13:52:04 24,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe
+ 2003-03-24 13:52:04 20,541 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpadmdll.dll
+ 2003-03-24 13:52:04 188,494 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpcount.exe
+ 2002-05-14 11:08:54 94,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpencode.dll
+ 2003-03-24 13:52:04 20,541 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpexedll.dll
+ 2004-05-12 22:39:48 598,071 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpmmc.dll
+ 2003-03-24 13:52:04 20,538 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe
+ 2004-09-15 12:00:00 9,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\framebuf.dll
+ 2004-09-15 12:00:00 185,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\framedyn.dll
+ 2004-09-15 12:00:00 193,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\fsquirt.exe
+ 2004-09-15 12:00:00 44,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
+ 2004-09-15 12:00:00 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\fwcfg.dll
+ 2004-09-15 12:00:00 452,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsapi.dll
+ 2004-09-15 12:00:00 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe
+ 2004-09-15 12:00:00 72,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscom.dll
+ 2004-09-15 12:00:00 285,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscomex.dll
+ 2004-09-15 12:00:00 231,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe
+ 2004-09-15 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsdrv.dll
+ 2004-09-15 12:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsevent.dll
+ 2004-09-15 12:00:00 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsext32.dll
+ 2004-09-15 12:00:00 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsmon.dll
+ 2004-09-15 12:00:00 132,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsocm.dll
+ 2004-09-15 12:00:00 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsperf.dll
+ 2004-09-15 12:00:00 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsres.dll
+ 2004-09-15 12:00:00 562,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsst.dll
+ 2004-09-15 12:00:00 268,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe
+ 2004-09-15 12:00:00 246,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxst30.dll
+ 2004-09-15 12:00:00 397,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxstiff.dll
+ 2004-09-15 12:00:00 155,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsui.dll
+ 2004-09-15 12:00:00 194,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxswzrd.dll
+ 2004-09-15 12:00:00 400,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsxp32.dll
+ 2008-02-20 06:51:32 282,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll
+ 2004-09-15 12:00:00 123,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\glu32.dll
+ 2004-09-15 12:00:00 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpkrsrc.dll
+ 2004-09-15 12:00:00 39,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe
+ 2004-09-15 12:00:00 124,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\guitrn.dll
+ 2004-09-15 12:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\h323cc.dll
+ 2004-09-15 12:00:00 614,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll
+ 2004-09-15 12:00:00 131,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\hal.dll
+ 2004-09-15 12:00:00 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\hccoin.dll
+ 2004-10-27 13:21:36 138,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\hdaudbus.sys
+ 2004-09-15 12:00:00 15,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\help.exe
+ 2004-09-15 12:00:00 768,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe
+ 2004-09-15 12:00:00 743,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe
+ 2005-05-26 23:22:01 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\hh.exe
+ 2005-05-27 02:08:15 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll
+ 2004-09-15 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\hid.dll
+ 2004-09-15 12:00:00 36,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidclass.sys
+ 2004-09-15 12:00:00 24,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidparse.sys
+ 2001-08-17 20:02:20 9,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidusb.sys
+ 2006-07-21 08:28:13 72,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\hlink.dll
+ 2004-09-15 12:00:00 344,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll
+ 2004-09-15 12:00:00 329,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\hnetwiz.dll
+ 2004-09-15 12:00:00 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\hostmib.dll
+ 2004-09-15 12:00:00 143,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\hotplug.dll
+ 2004-09-15 12:00:00 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe
+ 2006-03-17 00:33:10 262,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\http.sys
+ 2006-03-17 00:33:10 262,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\http.sys.000
+ 2004-09-15 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\httpapi.dll
+ 2004-09-15 12:00:00 42,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\htui.dll
+ 2004-09-15 12:00:00 13,463,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\hwxjpn.dll
+ 2004-11-17 17:42:51 350,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\hypertrm.dll
+ 2004-09-15 12:00:00 52,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys
+ 2004-09-15 12:00:00 119,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\iasrad.dll
+ 2004-09-15 12:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\icaapi.dll
+ 2004-09-15 12:00:00 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\iccvid.dll
+ 2005-06-29 01:49:52 254,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\icm32.dll
+ 2004-09-15 12:00:00 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\icmp.dll
+ 2004-09-15 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\iconlib.dll
+ 2004-09-15 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn.dll
+ 2004-09-15 12:00:00 215,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe
+ 2004-09-15 12:00:00 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe
+ 2004-09-15 12:00:00 73,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwdial.dll
+ 2004-09-15 12:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwdl.dll
+ 2004-09-15 12:00:00 176,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwhelp.dll
+ 2004-09-15 12:00:00 65,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwphbk.dll
+ 2004-09-15 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe
+ 2004-09-15 12:00:00 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwutil.dll
+ 2004-09-15 12:00:00 120,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\idq.dll
+ 2007-08-13 16:45:18 78,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\ieencode.dll
+ 2004-09-15 12:00:00 114,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe
+ 2004-09-15 12:00:00 134,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\ifmon.dll
+ 2004-09-15 12:00:00 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\igmpagnt.dll
+ 2004-09-15 12:00:00 505,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\iis.dll
+ 2004-09-15 12:00:00 81,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\ils.dll
+ 2004-09-15 12:00:00 144,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\imagehlp.dll
+ 2004-09-15 12:00:00 150,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.exe
+ 2004-09-15 12:00:00 41,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.sys
+ 2004-09-15 12:00:00 106,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\imekrcic.dll
+ 2004-09-15 12:00:00 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\imekrmbx.dll
+ 2004-09-15 12:00:00 36,921 -c----w C:\WINDOWS\$NtServicePackUninstall$\imeshare.dll
+ 2004-09-15 12:00:00 811,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjp81k.dll
+ 2004-09-15 12:00:00 368,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpcic.dll
+ 2004-09-15 12:00:00 716,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpcus.dll
+ 2004-09-15 12:00:00 81,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpdct.dll
+ 2004-09-15 12:00:00 274,489 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjputyc.dll
+ 2004-09-15 12:00:00 102,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\imlang.dll
+ 2004-09-15 12:00:00 110,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
+ 2004-09-15 12:00:00 115,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\imsinsnt.dll
+ 2004-09-15 12:00:00 315,452 -c----w C:\WINDOWS\$NtServicePackUninstall$\imskf.dll
+ 2004-09-15 12:00:00 278,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetcfg.dll
+ 2008-04-11 18:51:34 683,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetcomm.dll
+ 2004-09-15 12:00:00 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetmib1.dll
+ 2004-09-15 12:00:00 75,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetpp.dll
+ 2004-09-15 12:00:00 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetppui.dll
+ 2004-09-15 12:00:00 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetres.dll
+ 2004-09-15 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe
+ 2004-09-15 12:00:00 147,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\initpki.dll
+ 2004-09-15 12:00:00 124,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\input.dll
+ 2004-09-14 16:07:28 5,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\intelide.sys
+ 2004-09-15 12:00:00 40,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\intelppm.sys
+ 2004-09-15 12:00:00 29,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
+ 2004-09-15 12:00:00 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe
+ 2006-05-19 13:24:53 95,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\iphlpapi.dll
+ 2004-09-15 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipinip.sys
+ 2004-09-15 12:00:00 154,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipmontr.dll
+ 2004-09-29 22:28:37 134,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipnat.sys
+ 2004-09-15 12:00:00 330,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
+ 2004-09-15 12:00:00 335,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\ippromon.dll
+ 2004-09-15 12:00:00 34,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\iprip.dll
+ 2004-09-15 12:00:00 169,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\iprtrmgr.dll
+ 2004-09-15 12:00:00 74,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
+ 2004-09-15 12:00:00 351,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipsecsnp.dll
+ 2004-09-15 12:00:00 182,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipsecsvc.dll
+ 2004-09-15 12:00:00 384,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipsmsnap.dll
+ 2004-09-15 12:00:00 53,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipv6.exe
+ 2004-09-15 12:00:00 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipv6mon.dll
+ 2004-09-15 12:00:00 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipxroute.exe
+ 2004-09-15 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipxwan.dll
+ 2004-09-15 12:00:00 120,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir41_qc.dll
+ 2004-09-15 12:00:00 338,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir41_qcx.dll
+ 2004-09-15 12:00:00 755,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir50_32.dll
+ 2004-09-15 12:00:00 200,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir50_qc.dll
+ 2004-09-15 12:00:00 183,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir50_qcx.dll
+ 2004-09-15 12:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\irenum.sys
+ 2001-10-05 13:46:26 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
+ 2004-09-15 12:00:00 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\isign32.dll
+ 2004-09-15 12:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\isrdbg32.dll
+ 2005-05-27 02:08:15 155,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\itircl.dll
+ 2005-05-27 02:08:15 137,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\itss.dll
+ 2004-09-15 12:00:00 192,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\iuengine.dll
+ 2004-09-15 12:00:00 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\ixsso.dll
+ 2004-09-15 12:00:00 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\iyuv_32.dll
+ 2006-06-01 18:48:50 163,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\jgdw400.dll
+ 2006-06-01 18:48:50 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\jgpl400.dll
+ 2007-08-13 16:38:04 491,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\jscript.dll
+ 2004-09-15 12:00:00 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbd101.dll
+ 2004-09-15 12:00:00 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbd106n.dll
+ 2004-09-15 12:00:00 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdax2.dll
+ 2004-09-15 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys
+ 2004-09-15 12:00:00 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdfi1.dll
+ 2004-09-15 12:00:00 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdibm02.dll
+ 2004-09-15 12:00:00 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdinbe1.dll
+ 2004-09-15 12:00:00 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdinben.dll
+ 2004-09-15 12:00:00 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdinmal.dll
+ 2004-09-15 12:00:00 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdlk41a.dll
+ 2004-09-15 12:00:00 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdlk41j.dll
+ 2004-09-15 12:00:00 5,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdmaori.dll
+ 2004-09-15 12:00:00 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdmlt47.dll
+ 2004-09-15 12:00:00 6,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdmlt48.dll
+ 2004-09-15 12:00:00 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdnec.dll
+ 2004-09-15 12:00:00 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdno1.dll
+ 2004-09-15 12:00:00 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdsmsfi.dll
+ 2004-09-15 12:00:00 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdsmsno.dll
+ 2004-09-15 12:00:00 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdukx.dll
+ 2004-09-15 12:00:00 7,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\kd1394.dll
+ 2005-06-15 17:50:48 295,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\kerberos.dll
+ 2007-04-16 15:53:13 983,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
+ 2004-09-15 12:00:00 152,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\keymgr.dll
+ 2006-06-14 08:47:45 172,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\kmixer.sys
+ 2006-06-14 08:47:45 172,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\kmixer.sys.000
+ 2004-09-15 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\krnlprov.dll
+ 2004-08-03 21:15:22 140,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\ks.sys
+ 2004-09-15 12:00:00 92,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\ksecdd.sys
+ 2004-09-14 14:11:50 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\ksuser.dll
+ 2004-09-15 12:00:00 423,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\licdll.dll
+ 2004-09-15 12:00:00 58,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\licwmi.dll
+ 2005-09-01 01:43:21 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll
+ 2004-09-15 12:00:00 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\lmhsvc.dll
+ 2004-09-15 12:00:00 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\lmmib2.dll
+ 2004-09-15 12:00:00 399,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\lmrt.dll
+ 2004-09-15 12:00:00 96,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\loadperf.dll
+ 2004-09-15 12:00:00 221,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\localsec.dll
+ 2004-09-15 12:00:00 342,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\localspl.dll
+ 2004-09-15 12:00:00 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\localui.dll
+ 2004-09-15 12:00:00 75,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\locator.exe
+ 2004-09-15 12:00:00 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\log.dll
+ 2004-09-15 12:00:00 59,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\logman.exe
+ 2004-09-15 12:00:00 220,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\logon.scr
+ 2004-09-15 12:00:00 515,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\logonui.exe
+ 2004-09-15 12:00:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\lpdsvc.dll
+ 2004-09-15 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\lpk.dll
+ 2004-09-15 12:00:00 10,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\lprhelp.dll
+ 2004-09-15 12:00:00 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\lprmon.dll
+ 2007-11-07 09:28:45 722,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll
+ 2004-09-15 12:00:00 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
+ 2004-09-15 12:00:00 72,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\magnify.exe
+ 2004-09-15 12:00:00 85,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\makecab.exe
+ 2004-09-15 12:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\mcastmib.dll
+ 2004-09-15 12:00:00 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\mciavi32.dll
+ 2004-09-15 12:00:00 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\mciqtz32.dll
+ 2004-09-15 12:00:00 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\mciseq.dll
+ 2004-09-15 12:00:00 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\mciwave.dll
+ 2004-09-15 12:00:00 118,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\mdminst.dll
+ 2004-09-15 12:00:00 63,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\mf.sys
+ 2007-03-08 15:37:59 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\mf3216.dll
+ 2006-11-01 19:18:27 927,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\mfc40u.dll
+ 2004-09-15 12:00:00 1,028,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\mfc42.dll
+ 2004-09-15 12:00:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\mfcsubs.dll
+ 2004-09-15 12:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\mgmtapi.dll
+ 2004-09-15 12:00:00 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\midimap.dll
+ 2004-09-15 12:00:00 201,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\migism.dll
+ 2004-09-15 12:00:00 60,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\miglibnt.dll
+ 2004-09-15 12:00:00 103,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\migload.exe
+ 2005-07-25 23:46:57 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\migregdb.exe
+ 2004-09-15 12:00:00 239,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe
+ 2004-09-15 12:00:00 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\mimefilt.dll
+ 2004-09-15 12:00:00 586,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\mlang.dll
+ 2004-09-15 12:00:00 815,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmc.exe
+ 2004-09-15 12:00:00 72,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmcbase.dll
+ 2004-09-15 12:00:00 1,195,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmcndmgr.dll
+ 2004-09-15 12:00:00 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmcshext.dll
+ 2004-09-15 12:00:00 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmfutil.dll
+ 2004-09-15 12:00:00 34,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\mnmdd.dll
+ 2004-09-15 12:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe
+ 2004-09-15 12:00:00 207,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\mobsync.dll
+ 2004-09-15 12:00:00 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe
+ 2004-09-15 12:00:00 30,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\modem.sys
+ 2004-09-15 12:00:00 144,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\modemui.dll
+ 2004-09-15 12:00:00 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\mofcomp.exe
+ 2004-09-15 12:00:00 124,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\mofd.dll
+ 2004-09-15 12:00:00 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\more.com
+ 2004-09-15 12:00:00 216,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\moricons.dll
+ 2004-09-15 12:00:00 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\mouclass.sys
+ 2004-09-15 12:00:00 42,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys
+ 2004-09-15 12:00:00 3,555,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe
+ 2004-09-15 12:00:00 123,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplay32.exe
+ 2004-09-15 12:00:00 4,639 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe
+ 2004-09-15 12:00:00 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\mpr.dll
+ 2004-09-15 12:00:00 87,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\mprapi.dll
+ 2004-09-15 12:00:00 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\mprdim.dll
+ 2007-12-18 09:51:35 179,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\mrxdav.sys
+ 2006-05-05 09:41:45 453,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys.000
+ 2004-09-15 12:00:00 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\msacm32.dll
+ 2004-09-15 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadcer.dll
+ 2004-09-15 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadcf.dll
+ 2004-09-15 12:00:00 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadcfr.dll
+ 2006-03-23 05:46:12 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadco.dll
+ 2004-09-15 12:00:00 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadcor.dll
+ 2004-09-15 12:00:00 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadcs.dll
+ 2004-09-15 12:00:00 155,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadds.dll
+ 2004-09-15 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\msaddsr.dll
+ 2004-09-15 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\msader15.dll
+ 2006-12-26 13:08:50 536,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\msado15.dll
+ 2006-12-26 13:08:50 180,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadomd.dll
+ 2004-09-15 12:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\msador15.dll
+ 2006-12-26 13:08:50 200,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadox.dll
+ 2004-09-15 12:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadrh15.dll
+ 2004-09-15 12:00:00 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\msafd.dll
+ 2004-09-15 12:00:00 86,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\msapsspc.dll
+ 2004-09-15 12:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\msasn1.dll
+ 2004-09-15 12:00:00 220,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\mscandui.dll
+ 2008-06-24 16:23:58 74,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\mscms.dll
+ 2004-09-15 12:00:00 69,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\msconf.dll
+ 2004-09-15 12:00:00 159,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\msconfig.exe
+ 2004-09-15 12:00:00 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\mscpx32r.dll
+ 2004-09-15 12:00:00 36,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\mscpxl32.dll

 

Taitaa mennä ikä ja terveys ComboFix-raportin laittamisen kanssa, joten pistän vain tämän HjT-login:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:19, on 2.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
C:\Program Files\Norman\Npm\Bin\Njeeves.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Norman\Nvc\Bin\Nip.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norman\Nvc\Bin\cclaw.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Latauslinkki käyttäen Mega Manageria... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Lähetä Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fi/ImageUploader4.cab
O16 - DPF: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9} - http://affiliates.piclens.com/shared/plinstll.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program Files\Norman\npm\bin\nvoy.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9507 bytes

 

No jos siltä tuntuu.

******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
*************************************************************
D: