Help - Search - Members - Calendar
Full Version: Hello From Estonia
BleepingComputer.com > Security > Am I infected? What do I do?
   
Matis
Aug 5 2008, 01:42 AM
Hello,

I had a problem with my laptop and I am posting here just because I still do not know what exactly was the problem with my computer.
I myself am 25 years old and rather experienced with computers and IT.
I am expert Java, PHP, Java EE programmer and love car driving and gaming.

So aboot that problem.

Time to fix ~20hours
Problem: At first popups appear while browsing the internet. Antivirus 2008 XP starts scanning. Does not matter which browser.
Used software: ESET Smart Security -> found some problems, fixed them, but the main behaviour still remained. Scanning tool awful 15 hours
Used software: Spyware Doctor -> Found a lot of problems, fixed them, after that it is impossible to perform search on Google, Yahoo, login to Orkut, so the problem is not fixed.
After finding out that the traditional Spyware and Antivirus won't help tried alternatives, monitored the active ports and found out that %SYSTEMROOT%\Explorer.exe was infected. When I killed the process, my internet connection was working fine. So I Started to look for a proper program to fix the problem and found out ComboFix.

Scanned the computer and found A LOT of infections + had to reinstall network drivers + power options + re-set desktop settings and security center settings and now Everything seems to be back in order.

However I still do not know what was the reason, I do know that it is not the casino software on my computer, because I has been over a month on my PC and no problems at all. Problem itself occured 3rd of August 2008 and on the 5th of August 2008 it is fixed.

So here is the log, and also I can post the quarantined files if You like.

CODE
ComboFix 08-08-03.05 - Administrator 2008-08-04 22:50:42.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2540 [GMT 3:00]
Running from: C:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMa316ea41.txt
C:\WINDOWS\BMa316ea41.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\fgdtypql.dll
C:\WINDOWS\system32\ipclxjlp.dll
C:\WINDOWS\system32\iSYHNqru.ini
C:\WINDOWS\system32\iSYHNqru.ini2
C:\WINDOWS\system32\iucpvbqv.dll
C:\WINDOWS\system32\iykesihr.ini
C:\WINDOWS\system32\jsyfiroa.ini
C:\WINDOWS\system32\njxdplgf.dll
C:\WINDOWS\system32\pysaldns.dll
C:\WINDOWS\system32\qrsadntf.dll
C:\WINDOWS\system32\sbhkkxrg.dll
C:\WINDOWS\system32\sndlasyp.ini
C:\WINDOWS\system32\urqNHYSi.dll
C:\WINDOWS\system32\wxmclork.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-08-04 23:13 . 2008-08-04 23:13 53,248 --a------ C:\TEMP\catchme.dll
2008-08-04 23:10 . 2008-08-04 23:10 <DIR> d-------- C:\TEMP\WPDNSE
2008-08-04 22:44 . 2008-08-04 22:39 2,677,907 --a------ C:\ComboFix.exe
2008-08-04 21:30 . 2008-08-04 23:11 <DIR> d-------- C:\TEMP\is-AK1K5.tmp
2008-08-04 21:12 . 2008-08-04 21:12 <DIR> d--hs---- C:\TEMP\History
2008-08-04 21:12 . 2008-08-04 23:11 <DIR> d--hs---- C:\TEMP\Cookies
2008-08-04 20:43 . 2008-08-04 21:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-04 20:41 . 2008-08-04 21:52 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-08-04 20:41 . 2008-08-04 20:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\PC Tools
2008-08-04 20:41 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-04 20:41 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-04 20:41 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-04 20:41 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-04 20:40 . 2008-08-04 23:11 <DIR> d-------- C:\TEMP\is-GC95J.tmp
2008-08-04 20:40 . 2008-08-04 20:40 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-04 20:40 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-08-04 20:39 . 2008-08-04 23:11 <DIR> d-------- C:\TEMP\DRDld
2008-08-04 20:39 . 2008-08-04 20:40 128,344 --a------ C:\Download_5.1.0.272f-5.1.0.272-sdregnow.exe
2008-08-04 20:38 . 2008-08-04 20:38 2,048 --a------ C:\WINDOWS\system32\etxeodpc.exe
2008-08-04 20:17 . 2008-08-04 20:17 15,631 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_8_4_20_17_45.dmp
2008-08-04 20:02 . 2008-08-04 20:02 15,631 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_8_4_20_2_21.dmp
2008-08-04 19:49 . 2008-08-04 19:50 187,072 --a------ C:\FixSwen.exe
2008-08-04 18:48 . 2008-08-04 18:48 15,843 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_8_4_18_48_33.dmp
2008-08-03 14:23 . 2008-08-03 14:23 <DIR> d-------- C:\Program Files\Hasbro
2008-08-03 14:22 . 2008-08-03 14:22 33,792 --a------ C:\WINDOWS\system32\efcDUnOg.dll.bak
2008-08-03 13:49 . 2008-08-03 13:49 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war-1016403232
2008-08-03 13:42 . 2008-08-03 13:42 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war1760985868
2008-08-03 13:32 . 2008-08-03 13:32 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war-1626335074
2008-08-03 13:19 . 2008-08-03 13:19 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war-896084363
2008-08-03 13:00 . 2008-08-03 13:00 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war-1147908829
2008-08-03 12:22 . 2008-08-03 12:22 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war-297603296
2008-08-02 08:52 . 2008-08-02 08:52 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war1916745708
2008-08-01 10:20 . 2008-08-01 10:20 <DIR> d--h----- C:\TEMP\Temporary Directory 9 for My Pictures.zip
2008-08-01 10:20 . 2008-08-01 10:20 <DIR> d--h----- C:\TEMP\Temporary Directory 8 for My Pictures.zip
2008-08-01 10:20 . 2008-08-01 10:20 <DIR> d--h----- C:\TEMP\Temporary Directory 7 for My Pictures.zip
2008-08-01 10:20 . 2008-08-01 10:20 <DIR> d--h----- C:\TEMP\Temporary Directory 6 for My Pictures.zip
2008-08-01 10:20 . 2008-08-01 10:20 <DIR> d--h----- C:\TEMP\Temporary Directory 5 for My Pictures.zip
2008-08-01 10:20 . 2008-08-01 10:20 <DIR> d--h----- C:\TEMP\Temporary Directory 4 for My Pictures.zip
2008-08-01 10:20 . 2008-08-01 10:20 <DIR> d--h----- C:\TEMP\Temporary Directory 3 for My Pictures.zip
2008-08-01 10:20 . 2008-08-01 10:20 <DIR> d--h----- C:\TEMP\Temporary Directory 2 for My Pictures.zip
2008-08-01 10:19 . 2008-08-01 10:19 <DIR> d--h----- C:\TEMP\Temporary Directory 1 for My Pictures.zip
2008-07-31 09:01 . 2008-07-31 09:01 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war888629511
2008-07-29 10:24 . 2008-07-29 10:24 <DIR> d-------- C:\Program Files\MetaTrader 4 - Dealing24
2008-07-25 10:38 . 2008-07-25 10:38 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war695103424
2008-07-24 11:02 . 2008-07-24 11:02 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war-1675922835
2008-07-24 00:22 . 2008-07-24 00:23 <DIR> d-------- C:\TEMP\svoik.tmp
2008-07-22 17:18 . 2008-08-04 23:11 <DIR> d-------- C:\TEMP\nsa3.tmp
2008-07-22 17:17 . 2008-07-22 17:17 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_7_22_17_17_50.dmp
2008-07-22 16:56 . 2008-07-22 17:10 <DIR> d-------- C:\TEMP\plugtmp-38
2008-07-22 08:55 . 2008-07-22 14:35 <DIR> d-------- C:\TEMP\plugtmp-37
2008-07-17 20:29 . 2008-07-17 20:29 <DIR> d-------- C:\TEMP\moz_mapi
2008-07-13 18:23 . 2008-07-13 18:23 13,489 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_7_13_18_23_47.dmp
2008-07-11 20:24 . 2008-07-11 20:24 13,701 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_7_11_20_24_23.dmp
2008-07-11 19:29 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-07-11 19:29 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-07-11 19:29 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-07-11 19:29 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-07-10 19:23 . 2008-07-10 19:23 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_7_10_19_23_4.dmp
2008-07-10 10:24 . 2008-07-10 10:25 <DIR> d-------- C:\abi
2008-07-09 20:56 . 2008-07-09 20:56 <DIR> d-------- C:\WINDOWS\system32\FlashAX2
2008-07-09 15:13 . 2008-07-09 15:13 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war737556225
2008-07-09 15:03 . 2008-07-09 15:03 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war1193152091
2008-07-09 14:56 . 2008-07-09 14:56 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war839207413
2008-07-09 14:43 . 2008-07-09 14:43 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war660514237
2008-07-09 13:04 . 2008-07-09 13:04 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war-2057143812
2008-07-09 08:53 . 2008-07-09 08:53 <DIR> d-------- C:\TEMP\soov-web-admin-1.6.2.8.war-103214277
2008-07-06 14:41 . 2008-07-06 14:41 <DIR> d-------- C:\Program Files\Ant Movie Catalog
2008-07-04 16:54 . 2008-07-04 16:54 0 --a------ C:\WINDOWS\system32\nmesrvc_core_2008_7_4_16_54_40.dmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 20:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-08-04 15:49 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-04 15:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\skypePM
2008-08-04 08:51 --------- d-----w C:\Program Files\Zipang Casino
2008-08-04 08:45 --------- d-----w C:\Program Files\XXL Club Casino
2008-08-04 07:23 --------- d-----w C:\Program Files\Grand Online Casino
2008-08-04 07:18 --------- d-----w C:\Program Files\Europa Casino
2008-08-04 07:16 --------- d-----w C:\Program Files\EuroGrand Casino
2008-08-04 06:47 --------- d-----w C:\Program Files\Casino Tropez
2008-08-04 06:47 --------- d-----w C:\Program Files\Casino Fortune
2008-08-04 06:47 --------- d-----w C:\Program Files\Casino Bellini
2008-07-23 21:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SunODFPluginforMicrosoftOffice1
2008-07-18 21:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 13:49 --------- d-----w C:\Program Files\Trillian
2008-07-04 12:23 --------- d-----w C:\Program Files\IDoser v4
2008-07-03 11:04 --------- d-----w C:\Program Files\MySQL
2008-07-03 05:06 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-02 18:14 --------- d-----w C:\Program Files\Microsoft Games
2008-07-02 13:00 --------- d-----w C:\Program Files\Sun
2008-06-30 11:22 --------- d-----w C:\Program Files\Playboy Casino GBP
2008-06-30 08:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microgaming
2008-06-27 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2008-06-27 16:10 --------- d-----w C:\Program Files\Casino
2008-06-27 12:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CasinoOnNet
2008-06-27 12:31 --------- d-----w C:\Program Files\CasinoOnNet
2008-06-20 07:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-07 15:21 --------- d-----w C:\Program Files\Omasoft
2008-06-05 10:33 --------- d-----w C:\Program Files\Stocker
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 12:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2006-01-24 11:37 7094272]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-09-21 02:07 184320]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 16:10 851968]
"OEM04Mon.exe"="C:\WINDOWS\OEM04Mon.exe" [2007-06-11 01:01 36864]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 17:55 1228800]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-22 23:35 8433664]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 16:32 823296]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 16:30 974848]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 15:00 59392]
"VersatoMs"="C:\Program Files\MagicMus\MulMouse.exe" [2004-06-17 16:14 282624]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 15:12 222720]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"nwiz"="nwiz.exe" [2007-05-22 23:35 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2007-05-22 23:35 81920 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 15:43:18 568176]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-10-03 10:06:11 118784]
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 13:23:32 51776]
Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe [2006-07-27 15:59:08 41042]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 15:29:20 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R2 MUsbFltr;USB WTMouse Filter Service;C:\WINDOWS\system32\DRIVERS\MUsbFltr.sys [2004-03-22 13:45]
R2 OracleDBConsoleMATIS;OracleDBConsoleMATIS;C:\oracle\product\10.1.0\Db_1\bin\nmesrvc.exe [2006-11-14 07:22]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2005-09-06 12:39]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-09-06 12:39]
R3 OEM04Afx;Provides a software interface to control audio effects of OEM004 camera.;C:\WINDOWS\system32\Drivers\OEM04Afx.sys [2007-06-07 18:00]
R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM04Vfx.sys [2007-03-05 11:45]
R3 OEM04Vid;Creative Camera OEM004 Driver;C:\WINDOWS\system32\DRIVERS\OEM04Vid.sys [2007-10-10 18:01]
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-09-06 12:39]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 23:22]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 05:12]
S3 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR []
S3 OracleServiceMATIS;OracleServiceMATIS;c:\oracle\product\10.1.0\db_1\bin\ORACLE.EXE MATIS []
S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 07:01]
S4 OracleJobSchedulerMATIS;OracleJobSchedulerMATIS;c:\oracle\product\10.1.0\db_1\Bin\extjob.exe MATIS []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BMa316ea41 - C:\WINDOWS\system32\njxdplgf.dll
Notify-efcDUnOg - efcDUnOg.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mxdlesb6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.neti.ee/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 23:14:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\TEMP\VDMC1Oj5FV
C:\TEMP\VDMC1Oj5FV

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb10g_home1TNSListener]
"ImagePath"="C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR "
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\stacsv.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\oracle\product\10.1.0\Db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
C:\oracle\product\10.1.0\Db_1\jdk\bin\java.exe
C:\oracle\product\10.1.0\Db_1\bin\emagent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-08-04 23:50:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-04 20:50:03

Pre-Run: 16,663,916,544 bytes free
Post-Run: 21,993,426,944 bytes free

288


Thanks in advance smile.gif
Matis
Aug 5 2008, 01:45 AM
Also adding other files:

ComboFix-quarantined-files.txt

CODE
2008-08-03 14:28 246272 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\urqNHYSi.dll.vir
2008-08-03 14:28 80896 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pysaldns.dll.vir
2008-08-03 14:28 90624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ipclxjlp.dll.vir
2008-08-03 20:31 118784 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sbhkkxrg.dll.vir
2008-08-03 20:31 90624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fgdtypql.dll.vir
2008-08-03 20:32 1487914 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sndlasyp.ini.vir
2008-08-03 20:32 90624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qrsadntf.dll.vir
2008-08-03 20:34 40960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wxmclork.dll.vir
2008-08-04 10:22 207 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2008-08-04 20:15 1488283 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jsyfiroa.ini.vir
2008-08-04 20:21 110464 --a------ C:\Qoobox\Quarantine\C\WINDOWS\BMa316ea41.xml.vir
2008-08-04 20:35 91648 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\njxdplgf.dll.vir
2008-08-04 20:36 40960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iucpvbqv.dll.vir
2008-08-04 21:22 1488454 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iykesihr.ini.vir
2008-08-04 22:50 21 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir
2008-08-04 22:50 35554 --a------ C:\Qoobox\Quarantine\C\WINDOWS\BMa316ea41.txt.vir
2008-08-04 22:51 390636 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iSYHNqru.ini.vir
2008-08-04 22:51 390636 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iSYHNqru.ini2.vir
2008-08-04 23:05 54 --a------ C:\Qoobox\Quarantine\catchme.log
2008-08-04 23:49 0 --a------ C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-08-04 23:49 0 --a------ C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-08-04 23:49 0 --a------ C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-08-04 23:49 151 --a------ C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-BMa316ea41.reg.dat
2008-08-04 23:49 498 --a------ C:\Qoobox\Quarantine\Registry_backups\Notify-efcDUnOg.reg.dat


and Add-Remove Programs.txt

CODE
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
777Dragon --> C:\MicroGaming\Casino\777Dragon\install.exe -uninstall
Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium --> MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ant Movie Catalog --> "C:\Program Files\Ant Movie Catalog\unins000.exe"
Apache HTTP Server 2.0.59 --> MsiExec.exe /I{3A862C7D-0504-48BC-AEF8-7F7479C7C158}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Aspinalls --> C:\MicroGaming\Casino\Aspinalls\install.exe -uninstall
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
BEA WebLogic Platform 8.1 --> "C:\bea\weblogic81\uninstall\uninstall.cmd"
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Bullzip PDF Printer 3.0.0.332 --> "C:\Program Files\Bullzip\PDF Printer\unins000.exe"
Casino-On-Net --> C:\PROGRA~1\CASINO~2\UNWISE.EXE C:\PROGRA~1\CASINO~2\INSTALL.LOG
Casino Bellini --> "C:\Program Files\Casino Bellini\_SetupCasino6.exe" /uninstall
Casino Fortune --> "C:\Program Files\Casino Fortune\_setupcasinocf.exe" /uninstall
Casino Tropez --> "C:\Program Files\Casino Tropez\_SetupCasino2.exe" /uninstall
CrazyVegas --> C:\MicroGaming\Casino\CrazyVegas\install.exe -uninstall
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Crimson Editor (remove only) --> C:\Program Files\Crimson Editor\uninstall.exe
Dell Touchpad --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
DigiDoc Client --> MsiExec.exe /I{4F0DFBC8-C914-4221-8FF7-0B606CB111C8}
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enterprise Architect 7.0 --> MsiExec.exe /I{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}
EuroGrand Casino --> "C:\Program Files\EuroGrand Casino\_SetupCasino.exe" /uninstall
Europa Casino --> "C:\Program Files\Europa Casino\_SetupCasino3.exe" /uninstall
ExamDiff 1.7 --> "C:\Program Files\ExamDiff\unins000.exe"
GlassFish V2 --> "C:\server\glassfish\uninstall.exe"
Golden Riviera Casino --> C:\MicroGaming\Casino\GoldenRiviera\install.exe -uninstall
Gothic III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x9 -removeonly
GPL Ghostscript 8.60 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.60\uninstal.txt"
GPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Grand Online Casino --> "C:\Program Files\Grand Online Casino\_GOsetup.exe" /uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Microsoft .NET Framework 3.0 (KB932471) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864) --> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344) --> "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865) --> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239) --> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
I-Doser v4 --> C:\Program Files\IDoser v4\Uninstal.exe
ieHTTPHeaders (remove only) --> "C:\Program Files\ieHTTPHeaders\uninstall.exe"
ImageMagick 5.5.7 Q8 (05/09/03) --> "C:\Program Files\ImageMagick-5.5.7-Q8\unins000.exe"
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
Ladbrokes Casino --> C:\PROGRA~1\Casino\LADBRO~1\UNWISE.EXE C:\PROGRA~1\Casino\LADBRO~1\INSTALL.LOG
Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Laptop Integrated Webcam Driver (1.03.01.1011) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM004.uns -plugin OEM04Pin.dll -pluginres OEM04Pin.crl -nodisconprompt -langid 0x0409
Maven 1.0.2 (remove only) --> "C:\Program Files\Apache Software Foundation\Maven 1.0.2\Uninst.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe -runfromtemp -l0x0009 -cluninstall
MetaTrader 4.00 --> "C:\Program Files\MetaTrader 4 - Dealing24\Uninstall.exe" "C:\Program Files\MetaTrader 4 - Dealing24\install.log"
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 --> MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X --> MsiExec.exe /X{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X Service Pack 1 --> c:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {92635E02-4C29-4A8F-AA82-7B8B95C823D3} /package {9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Internationalized Domain Names Mitigation APIs --> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs --> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Proofing Tools --> MsiExec.exe /I{901F0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Monopoly by Parker Brothers --> C:\PROGRA~1\Hasbro\MONOPO~1\UNWISE.EXE /U C:\PROGRA~1\Hasbro\MONOPO~1\INSTALL.LOG
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.16) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
MySQL Server 5.0 --> MsiExec.exe /I{E5AED31E-3474-4C85-B492-42149DE37891}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBeans IDE 6.0 --> "C:\Program Files\NetBeans 6.0\uninstall.exe"
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{3BFFC6B8-4EC0-4240-858C-998FD4077983}
Nokia PC Suite --> MsiExec.exe /I{02091327-B124-4216-9D71-58C0E24F5392}
NOMAD Explorer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\Setup.exe" -l0x9 /remove
Nortel Networks Contivity VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
Notebook Hardware Control 2.0 Pre-Release-06 Bugfix --> C:\Program Files\Notebook Hardware Control\uninst.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
Omasoft v0.98 --> "C:\Program Files\Omasoft\unins000.exe"
OpenSSL 0.9.8g Light --> "C:\OpenSSL\unins000.exe"
Oracle Data Provider for .NET Help --> MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PC Connectivity Solution --> MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoRescue Advanced PC 2.1.692 Demo --> "C:\Program Files\PhotoRescue Advanced PC 2.1.692\unins000.exe"
PL/SQL Developer --> aaRemove "PL/SQL Developer [80687277]"
Playboy Casino GBP --> C:\WINDOWS\system32\UnCasino5.exe PlayboyCasinoGBP
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PS3 Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RiverNile Casino --> C:\MicroGaming\Casino\RiverNile\install.exe -uninstall
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Samsung PC Studio 2.0 Internet Access --> MsiExec.exe /I{DE71DFB6-D64C-40AA-8756-F74ABE8354FE}
SBaGen 1.4.4 --> "C:\Program Files\SBaGen\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB937143) --> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127) --> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653) --> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615) --> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Sun ODF Plugin for Microsoft Office 1.2 --> MsiExec.exe /X{5A29E75C-A8DE-49B4-9AF3-2266CE76C428}
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TortoiseSVN 1.4.5.10425 (32 bit) --> MsiExec.exe /X{F4BBA950-56F0-4335-8D93-EE64BFF593A0}
Update for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB943729) --> "C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewMate Desktop Mouse CC2201 Uninstaller --> mosunin.exe C:\Program Files\MagicMus
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Genuine Advantage Validation Tool (KB892130) -->
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803) --> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7 --> "C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB839210 -->
Windows XP Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinPcap 4.0.2 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR pakkimisprogramm --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.4 --> "C:\Program Files\WinSCP\unins000.exe"
Wireshark 0.99.7 --> "C:\Program Files\Wireshark\uninstall.exe"
XML Paper Specification Shared Components Pack 1.0 -->
XXL Club Casino --> "C:\Program Files\XXL Club Casino\_SetupCasino4.exe" /uninstall
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
YourKit Java Profiler 7.0.11 --> "C:\Program Files\YourKit Java Profiler 7.0.11\uninstall.exe"
Zipang Casino --> "C:\Program Files\Zipang Casino\_SetupCasino7.exe" /uninstall

quietman7
Aug 5 2008, 12:24 PM
Please note the message text in blue at the top of this forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Further, you did not follow the required instructions for using ComboFix which are provided when the tool is used under proper supervision as its log indicates your machine does not have the Recovery Console installed.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.