Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello From Estonia


  • This topic is locked This topic is locked
2 replies to this topic

#1 Matis

Matis

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 05 August 2008 - 01:42 AM

Hello,

I had a problem with my laptop and I am posting here just because I still do not know what exactly was the problem with my computer.
I myself am 25 years old and rather experienced with computers and IT.
I am expert Java, PHP, Java EE programmer and love car driving and gaming.

So aboot that problem.

Time to fix ~20hours
Problem: At first popups appear while browsing the internet. Antivirus 2008 XP starts scanning. Does not matter which browser.
Used software: ESET Smart Security -> found some problems, fixed them, but the main behaviour still remained. Scanning tool awful 15 hours
Used software: Spyware Doctor -> Found a lot of problems, fixed them, after that it is impossible to perform search on Google, Yahoo, login to Orkut, so the problem is not fixed.
After finding out that the traditional Spyware and Antivirus won't help tried alternatives, monitored the active ports and found out that %SYSTEMROOT%\Explorer.exe was infected. When I killed the process, my internet connection was working fine. So I Started to look for a proper program to fix the problem and found out ComboFix.

Scanned the computer and found A LOT of infections + had to reinstall network drivers + power options + re-set desktop settings and security center settings and now Everything seems to be back in order.

However I still do not know what was the reason, I do know that it is not the casino software on my computer, because I has been over a month on my PC and no problems at all. Problem itself occured 3rd of August 2008 and on the 5th of August 2008 it is fixed.

So here is the log, and also I can post the quarantined files if You like.

ComboFix 08-08-03.05 - Administrator 2008-08-04 22:50:42.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2540 [GMT 3:00]Running from: C:\ComboFix.exe * Created a new restore point<strong class='bbc'>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!</strong>.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\BMa316ea41.txtC:\WINDOWS\BMa316ea41.xmlC:\WINDOWS\cookies.iniC:\WINDOWS\pskt.iniC:\WINDOWS\system32\fgdtypql.dllC:\WINDOWS\system32\ipclxjlp.dllC:\WINDOWS\system32\iSYHNqru.iniC:\WINDOWS\system32\iSYHNqru.ini2C:\WINDOWS\system32\iucpvbqv.dllC:\WINDOWS\system32\iykesihr.iniC:\WINDOWS\system32\jsyfiroa.iniC:\WINDOWS\system32\njxdplgf.dllC:\WINDOWS\system32\pysaldns.dllC:\WINDOWS\system32\qrsadntf.dllC:\WINDOWS\system32\sbhkkxrg.dllC:\WINDOWS\system32\sndlasyp.iniC:\WINDOWS\system32\urqNHYSi.dllC:\WINDOWS\system32\wxmclork.dll.(((((((((((((((((((((((((   Files Created from 2008-07-04 to 2008-08-04  ))))))))))))))))))))))))))))))).2008-08-04 23:13 . 2008-08-04 23:13	53,248	--a------	C:\TEMP\catchme.dll2008-08-04 23:10 . 2008-08-04 23:10	<DIR>	d--------	C:\TEMP\WPDNSE2008-08-04 22:44 . 2008-08-04 22:39	2,677,907	--a------	C:\ComboFix.exe2008-08-04 21:30 . 2008-08-04 23:11	<DIR>	d--------	C:\TEMP\is-AK1K5.tmp2008-08-04 21:12 . 2008-08-04 21:12	<DIR>	d--hs----	C:\TEMP\History2008-08-04 21:12 . 2008-08-04 23:11	<DIR>	d--hs----	C:\TEMP\Cookies2008-08-04 20:43 . 2008-08-04 21:52	<DIR>	d-a------	C:\Documents and Settings\All Users\Application Data\TEMP2008-08-04 20:41 . 2008-08-04 21:52	<DIR>	d--------	C:\Program Files\Spyware Doctor2008-08-04 20:41 . 2008-08-04 20:41	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\PC Tools2008-08-04 20:41 . 2007-10-04 17:10	79,688	--a------	C:\WINDOWS\system32\drivers\iksyssec.sys2008-08-04 20:41 . 2007-10-04 17:10	62,280	--a------	C:\WINDOWS\system32\drivers\iksysflt.sys2008-08-04 20:41 . 2007-10-04 17:10	41,288	--a------	C:\WINDOWS\system32\drivers\ikfilesec.sys2008-08-04 20:41 . 2007-10-04 17:11	29,000	--a------	C:\WINDOWS\system32\drivers\kcom.sys2008-08-04 20:40 . 2008-08-04 23:11	<DIR>	d--------	C:\TEMP\is-GC95J.tmp2008-08-04 20:40 . 2008-08-04 20:40	<DIR>	d--------	C:\Program Files\Common Files\Download Manager2008-08-04 20:40 . 2005-09-23 07:29	626,688	--a------	C:\WINDOWS\system32\msvcr80.dll2008-08-04 20:39 . 2008-08-04 23:11	<DIR>	d--------	C:\TEMP\DRDld2008-08-04 20:39 . 2008-08-04 20:40	128,344	--a------	C:\Download_5.1.0.272f-5.1.0.272-sdregnow.exe2008-08-04 20:38 . 2008-08-04 20:38	2,048	--a------	C:\WINDOWS\system32\etxeodpc.exe2008-08-04 20:17 . 2008-08-04 20:17	15,631	--a------	C:\WINDOWS\system32\nmesrvc_core_2008_8_4_20_17_45.dmp2008-08-04 20:02 . 2008-08-04 20:02	15,631	--a------	C:\WINDOWS\system32\nmesrvc_core_2008_8_4_20_2_21.dmp2008-08-04 19:49 . 2008-08-04 19:50	187,072	--a------	C:\FixSwen.exe2008-08-04 18:48 . 2008-08-04 18:48	15,843	--a------	C:\WINDOWS\system32\nmesrvc_core_2008_8_4_18_48_33.dmp2008-08-03 14:23 . 2008-08-03 14:23	<DIR>	d--------	C:\Program Files\Hasbro2008-08-03 14:22 . 2008-08-03 14:22	33,792	--a------	C:\WINDOWS\system32\efcDUnOg.dll.bak2008-08-03 13:49 . 2008-08-03 13:49	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war-10164032322008-08-03 13:42 . 2008-08-03 13:42	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war17609858682008-08-03 13:32 . 2008-08-03 13:32	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war-16263350742008-08-03 13:19 . 2008-08-03 13:19	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war-8960843632008-08-03 13:00 . 2008-08-03 13:00	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war-11479088292008-08-03 12:22 . 2008-08-03 12:22	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war-2976032962008-08-02 08:52 . 2008-08-02 08:52	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war19167457082008-08-01 10:20 . 2008-08-01 10:20	<DIR>	d--h-----	C:\TEMP\Temporary Directory 9 for My Pictures.zip2008-08-01 10:20 . 2008-08-01 10:20	<DIR>	d--h-----	C:\TEMP\Temporary Directory 8 for My Pictures.zip2008-08-01 10:20 . 2008-08-01 10:20	<DIR>	d--h-----	C:\TEMP\Temporary Directory 7 for My Pictures.zip2008-08-01 10:20 . 2008-08-01 10:20	<DIR>	d--h-----	C:\TEMP\Temporary Directory 6 for My Pictures.zip2008-08-01 10:20 . 2008-08-01 10:20	<DIR>	d--h-----	C:\TEMP\Temporary Directory 5 for My Pictures.zip2008-08-01 10:20 . 2008-08-01 10:20	<DIR>	d--h-----	C:\TEMP\Temporary Directory 4 for My Pictures.zip2008-08-01 10:20 . 2008-08-01 10:20	<DIR>	d--h-----	C:\TEMP\Temporary Directory 3 for My Pictures.zip2008-08-01 10:20 . 2008-08-01 10:20	<DIR>	d--h-----	C:\TEMP\Temporary Directory 2 for My Pictures.zip2008-08-01 10:19 . 2008-08-01 10:19	<DIR>	d--h-----	C:\TEMP\Temporary Directory 1 for My Pictures.zip2008-07-31 09:01 . 2008-07-31 09:01	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war8886295112008-07-29 10:24 . 2008-07-29 10:24	<DIR>	d--------	C:\Program Files\MetaTrader 4 - Dealing242008-07-25 10:38 . 2008-07-25 10:38	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war6951034242008-07-24 11:02 . 2008-07-24 11:02	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war-16759228352008-07-24 00:22 . 2008-07-24 00:23	<DIR>	d--------	C:\TEMP\svoik.tmp2008-07-22 17:18 . 2008-08-04 23:11	<DIR>	d--------	C:\TEMP\nsa3.tmp2008-07-22 17:17 . 2008-07-22 17:17	0	--a------	C:\WINDOWS\system32\nmesrvc_core_2008_7_22_17_17_50.dmp2008-07-22 16:56 . 2008-07-22 17:10	<DIR>	d--------	C:\TEMP\plugtmp-382008-07-22 08:55 . 2008-07-22 14:35	<DIR>	d--------	C:\TEMP\plugtmp-372008-07-17 20:29 . 2008-07-17 20:29	<DIR>	d--------	C:\TEMP\moz_mapi2008-07-13 18:23 . 2008-07-13 18:23	13,489	--a------	C:\WINDOWS\system32\nmesrvc_core_2008_7_13_18_23_47.dmp2008-07-11 20:24 . 2008-07-11 20:24	13,701	--a------	C:\WINDOWS\system32\nmesrvc_core_2008_7_11_20_24_23.dmp2008-07-11 19:29 . 2004-08-04 00:56	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll2008-07-11 19:29 . 2004-08-03 22:58	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys2008-07-11 19:29 . 2004-08-03 22:58	15,104	--a--c---	C:\WINDOWS\system32\dllcache\usbscan.sys2008-07-11 19:29 . 2001-08-17 22:36	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll2008-07-10 19:23 . 2008-07-10 19:23	0	--a------	C:\WINDOWS\system32\nmesrvc_core_2008_7_10_19_23_4.dmp2008-07-10 10:24 . 2008-07-10 10:25	<DIR>	d--------	C:\abi2008-07-09 20:56 . 2008-07-09 20:56	<DIR>	d--------	C:\WINDOWS\system32\FlashAX22008-07-09 15:13 . 2008-07-09 15:13	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war7375562252008-07-09 15:03 . 2008-07-09 15:03	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war11931520912008-07-09 14:56 . 2008-07-09 14:56	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war8392074132008-07-09 14:43 . 2008-07-09 14:43	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war6605142372008-07-09 13:04 . 2008-07-09 13:04	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war-20571438122008-07-09 08:53 . 2008-07-09 08:53	<DIR>	d--------	C:\TEMP\soov-web-admin-1.6.2.8.war-1032142772008-07-06 14:41 . 2008-07-06 14:41	<DIR>	d--------	C:\Program Files\Ant Movie Catalog2008-07-04 16:54 . 2008-07-04 16:54	0	--a------	C:\WINDOWS\system32\nmesrvc_core_2008_7_4_16_54_40.dmp.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-04 20:12	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\Skype2008-08-04 15:49	---------	d-----w	C:\Program Files\Mozilla Thunderbird2008-08-04 15:45	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\skypePM2008-08-04 08:51	---------	d-----w	C:\Program Files\Zipang Casino2008-08-04 08:45	---------	d-----w	C:\Program Files\XXL Club Casino2008-08-04 07:23	---------	d-----w	C:\Program Files\Grand Online Casino2008-08-04 07:18	---------	d-----w	C:\Program Files\Europa Casino2008-08-04 07:16	---------	d-----w	C:\Program Files\EuroGrand Casino2008-08-04 06:47	---------	d-----w	C:\Program Files\Casino Tropez2008-08-04 06:47	---------	d-----w	C:\Program Files\Casino Fortune2008-08-04 06:47	---------	d-----w	C:\Program Files\Casino Bellini2008-07-23 21:22	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\SunODFPluginforMicrosoftOffice12008-07-18 21:52	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-07-04 13:49	---------	d-----w	C:\Program Files\Trillian2008-07-04 12:23	---------	d-----w	C:\Program Files\IDoser v42008-07-03 11:04	---------	d-----w	C:\Program Files\MySQL2008-07-03 05:06	---------	d-----w	C:\Program Files\Common Files\Skype2008-07-02 18:14	---------	d-----w	C:\Program Files\Microsoft Games2008-07-02 13:00	---------	d-----w	C:\Program Files\Sun2008-06-30 11:22	---------	d-----w	C:\Program Files\Playboy Casino GBP2008-06-30 08:39	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microgaming2008-06-27 16:16	---------	d-----w	C:\Documents and Settings\All Users\Application Data\MGS2008-06-27 16:10	---------	d-----w	C:\Program Files\Casino2008-06-27 12:35	---------	d-----w	C:\Documents and Settings\Administrator\Application Data\CasinoOnNet2008-06-27 12:31	---------	d-----w	C:\Program Files\CasinoOnNet2008-06-20 07:13	---------	d-----w	C:\Program Files\Common Files\Adobe2008-06-07 15:21	---------	d-----w	C:\Program Files\Omasoft2008-06-05 10:33	---------	d-----w	C:\Program Files\Stocker.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]2007-08-26 12:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]2007-08-26 12:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]2007-08-26 12:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]2007-08-26 12:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]2007-08-26 12:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]2007-08-26 12:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]2007-08-26 12:40	536576	--a------	C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2006-01-24 11:37 7094272]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 16:35 202024][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-09-21 02:07 184320]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 16:10 851968]"OEM04Mon.exe"="C:\WINDOWS\OEM04Mon.exe" [2007-06-11 01:01 36864]"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 17:55 1228800]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-22 23:35 8433664]"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 16:32 823296]"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 16:30 974848]"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 15:00 59392]"VersatoMs"="C:\Program Files\MagicMus\MulMouse.exe" [2004-06-17 16:14 282624]"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-28 15:12 222720]"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 17:40 1884160]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"nwiz"="nwiz.exe" [2007-05-22 23:35 1626112 C:\WINDOWS\system32\nwiz.exe]"NvMediaCenter"="NvMCTray.dll" [2007-05-22 23:35 81920 C:\WINDOWS\system32\nvmctray.dll][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 15:43:18 568176]Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [2007-10-03 10:06:11 118784]Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 13:23:32 51776]Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe [2006-07-27 15:59:08 41042]ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-02-05 15:29:20 54512][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\UPnP\\yupnpsrv.exe"="C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 ServerR2 MUsbFltr;USB WTMouse Filter Service;C:\WINDOWS\system32\DRIVERS\MUsbFltr.sys [2004-03-22 13:45]R2 OracleDBConsoleMATIS;OracleDBConsoleMATIS;C:\oracle\product\10.1.0\Db_1\bin\nmesrvc.exe [2006-11-14 07:22]R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2005-09-06 12:39]R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-09-06 12:39]R3 OEM04Afx;Provides a software interface to control audio effects of OEM004 camera.;C:\WINDOWS\system32\Drivers\OEM04Afx.sys [2007-06-07 18:00]R3 OEM04Vfx;Creative Camera OEM004 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM04Vfx.sys [2007-03-05 11:45]R3 OEM04Vid;Creative Camera OEM004 Driver;C:\WINDOWS\system32\DRIVERS\OEM04Vid.sys [2007-10-10 18:01]S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2005-09-06 12:39]S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 23:22]S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 05:12]S3 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR  []S3 OracleServiceMATIS;OracleServiceMATIS;c:\oracle\product\10.1.0\db_1\bin\ORACLE.EXE MATIS []S3 VNUSB;VN Series Device;C:\WINDOWS\system32\DRIVERS\VNUSB.sys [2006-04-07 17:06]S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 07:01]S4 OracleJobSchedulerMATIS;OracleJobSchedulerMATIS;c:\oracle\product\10.1.0\db_1\Bin\extjob.exe MATIS [].- - - - ORPHANS REMOVED - - - -HKLM-Run-BMa316ea41 - C:\WINDOWS\system32\njxdplgf.dllNotify-efcDUnOg - efcDUnOg.dll.------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mxdlesb6.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.neti.ee/**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-08-04 23:14:01Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... C:\TEMP\VDMC1Oj5FVC:\TEMP\VDMC1Oj5FVscan completed successfullyhidden files: 2**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb10g_home1TNSListener]"ImagePath"="C:\oracle\product\10.1.0\Db_1\BIN\TNSLSNR ".------------------------ Other Running Processes ------------------------.C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\TortoiseSVN\bin\TSVNCache.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\stacsv.exeC:\Program Files\Intel\Wireless\Bin\WLKEEPER.exeC:\oracle\product\10.1.0\Db_1\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exeC:\oracle\product\10.1.0\Db_1\jdk\bin\java.exeC:\oracle\product\10.1.0\Db_1\bin\emagent.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Program Files\PC Connectivity Solution\NclBTHandler.exeC:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe.**************************************************************************.Completion time: 2008-08-04 23:50:07 - machine was rebootedComboFix-quarantined-files.txt  2008-08-04 20:50:03Pre-Run: 16,663,916,544 bytes freePost-Run: 21,993,426,944 bytes free288

Thanks in advance :thumbsup:

BC AdBot (Login to Remove)

 


#2 Matis

Matis
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 05 August 2008 - 01:45 AM

Also adding other files:

ComboFix-quarantined-files.txt

[codebox]2008-08-03 14:28 246272 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\urqNHYSi.dll.vir
2008-08-03 14:28 80896 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\pysaldns.dll.vir
2008-08-03 14:28 90624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ipclxjlp.dll.vir
2008-08-03 20:31 118784 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sbhkkxrg.dll.vir
2008-08-03 20:31 90624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fgdtypql.dll.vir
2008-08-03 20:32 1487914 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sndlasyp.ini.vir
2008-08-03 20:32 90624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qrsadntf.dll.vir
2008-08-03 20:34 40960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\wxmclork.dll.vir
2008-08-04 10:22 207 --a------ C:\Qoobox\Quarantine\C\WINDOWS\cookies.ini.vir
2008-08-04 20:15 1488283 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jsyfiroa.ini.vir
2008-08-04 20:21 110464 --a------ C:\Qoobox\Quarantine\C\WINDOWS\BMa316ea41.xml.vir
2008-08-04 20:35 91648 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\njxdplgf.dll.vir
2008-08-04 20:36 40960 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iucpvbqv.dll.vir
2008-08-04 21:22 1488454 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iykesihr.ini.vir
2008-08-04 22:50 21 --a------ C:\Qoobox\Quarantine\C\WINDOWS\pskt.ini.vir
2008-08-04 22:50 35554 --a------ C:\Qoobox\Quarantine\C\WINDOWS\BMa316ea41.txt.vir
2008-08-04 22:51 390636 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iSYHNqru.ini.vir
2008-08-04 22:51 390636 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\iSYHNqru.ini2.vir
2008-08-04 23:05 54 --a------ C:\Qoobox\Quarantine\catchme.log
2008-08-04 23:49 0 --a------ C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-08-04 23:49 0 --a------ C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-08-04 23:49 0 --a------ C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-08-04 23:49 151 --a------ C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-BMa316ea41.reg.dat
2008-08-04 23:49 498 --a------ C:\Qoobox\Quarantine\Registry_backups\Notify-efcDUnOg.reg.dat
[/codebox]

and Add-Remove Programs.txt

[codebox]7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
777Dragon --> C:\MicroGaming\Casino\777Dragon\install.exe -uninstall
Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium --> MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Ant Movie Catalog --> "C:\Program Files\Ant Movie Catalog\unins000.exe"
Apache HTTP Server 2.0.59 --> MsiExec.exe /I{3A862C7D-0504-48BC-AEF8-7F7479C7C158}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Aspinalls --> C:\MicroGaming\Casino\Aspinalls\install.exe -uninstall
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
BEA WebLogic Platform 8.1 --> "C:\bea\weblogic81\uninstall\uninstall.cmd"
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Bullzip PDF Printer 3.0.0.332 --> "C:\Program Files\Bullzip\PDF Printer\unins000.exe"
Casino-On-Net --> C:\PROGRA~1\CASINO~2\UNWISE.EXE C:\PROGRA~1\CASINO~2\INSTALL.LOG
Casino Bellini --> "C:\Program Files\Casino Bellini\_SetupCasino6.exe" /uninstall
Casino Fortune --> "C:\Program Files\Casino Fortune\_setupcasinocf.exe" /uninstall
Casino Tropez --> "C:\Program Files\Casino Tropez\_SetupCasino2.exe" /uninstall
CrazyVegas --> C:\MicroGaming\Casino\CrazyVegas\install.exe -uninstall
Creative Jukebox Driver --> C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s
Crimson Editor (remove only) --> C:\Program Files\Crimson Editor\uninstall.exe
Dell Touchpad --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
DigiDoc Client --> MsiExec.exe /I{4F0DFBC8-C914-4221-8FF7-0B606CB111C8}
Direct Show Ogg Vorbis Filter (remove only) --> "C:\WINDOWS\system32\OggDSuninst.exe"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enterprise Architect 7.0 --> MsiExec.exe /I{CC98E8B3-FAAA-4D09-A813-A44C9FA1A3EE}
EuroGrand Casino --> "C:\Program Files\EuroGrand Casino\_SetupCasino.exe" /uninstall
Europa Casino --> "C:\Program Files\Europa Casino\_SetupCasino3.exe" /uninstall
ExamDiff 1.7 --> "C:\Program Files\ExamDiff\unins000.exe"
GlassFish V2 --> "C:\server\glassfish\uninstall.exe"
Golden Riviera Casino --> C:\MicroGaming\Casino\GoldenRiviera\install.exe -uninstall
Gothic III --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}\setup.exe" -l0x9 -removeonly
GPL Ghostscript 8.60 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.60\uninstal.txt"
GPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Grand Online Casino --> "C:\Program Files\Grand Online Casino\_GOsetup.exe" /uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Microsoft .NET Framework 3.0 (KB932471) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864) --> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344) --> "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865) --> "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239) --> "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
I-Doser v4 --> C:\Program Files\IDoser v4\Uninstal.exe
ieHTTPHeaders (remove only) --> "C:\Program Files\ieHTTPHeaders\uninstall.exe"
ImageMagick 5.5.7 Q8 (05/09/03) --> "C:\Program Files\ImageMagick-5.5.7-Q8\unins000.exe"
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}
Ladbrokes Casino --> C:\PROGRA~1\Casino\LADBRO~1\UNWISE.EXE C:\PROGRA~1\Casino\LADBRO~1\INSTALL.LOG
Lame ACM MP3 Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Laptop Integrated Webcam Driver (1.03.01.1011) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM004.uns -plugin OEM04Pin.dll -pluginres OEM04Pin.crl -nodisconprompt -langid 0x0409
Maven 1.0.2 (remove only) --> "C:\Program Files\Apache Software Foundation\Maven 1.0.2\Uninst.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MediaDirect --> C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe -runfromtemp -l0x0009 -cluninstall
MetaTrader 4.00 --> "C:\Program Files\MetaTrader 4 - Dealing24\Uninstall.exe" "C:\Program Files\MetaTrader 4 - Dealing24\install.log"
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB928366) --> "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 1 --> MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 --> MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Flight Simulator X --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X --> MsiExec.exe /X{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Flight Simulator X Service Pack 1 --> c:\WINDOWS\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimPatchUninstall.log" /uninstall {92635E02-4C29-4A8F-AA82-7B8B95C823D3} /package {9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Internationalized Domain Names Mitigation APIs --> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs --> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Proofing Tools --> MsiExec.exe /I{901F0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Monopoly by Parker Brothers --> C:\PROGRA~1\Hasbro\MONOPO~1\UNWISE.EXE /U C:\PROGRA~1\Hasbro\MONOPO~1\INSTALL.LOG
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.16) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
MySQL Server 5.0 --> MsiExec.exe /I{E5AED31E-3474-4C85-B492-42149DE37891}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBeans IDE 6.0 --> "C:\Program Files\NetBeans 6.0\uninstall.exe"
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{3BFFC6B8-4EC0-4240-858C-998FD4077983}
Nokia PC Suite --> MsiExec.exe /I{02091327-B124-4216-9D71-58C0E24F5392}
NOMAD Explorer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C080B57-0D1E-4C73-B03B-68A9EF9F23F3}\Setup.exe" -l0x9 /remove
Nortel Networks Contivity VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
Notebook Hardware Control 2.0 Pre-Release-06 Bugfix --> C:\Program Files\Notebook Hardware Control\uninst.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Olympus Digital Wave Player --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
Omasoft v0.98 --> "C:\Program Files\Omasoft\unins000.exe"
OpenSSL 0.9.8g Light --> "C:\OpenSSL\unins000.exe"
Oracle Data Provider for .NET Help --> MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
OutlookAddinSetup --> MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
PC Connectivity Solution --> MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoRescue Advanced PC 2.1.692 Demo --> "C:\Program Files\PhotoRescue Advanced PC 2.1.692\unins000.exe"
PL/SQL Developer --> aaRemove "PL/SQL Developer [80687277]"
Playboy Casino GBP --> C:\WINDOWS\system32\UnCasino5.exe PlayboyCasinoGBP
PrimoPDF --> "C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PS3 Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RiverNile Casino --> C:\MicroGaming\Casino\RiverNile\install.exe -uninstall
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Samsung PC Studio 2.0 Internet Access --> MsiExec.exe /I{DE71DFB6-D64C-40AA-8756-F74ABE8354FE}
SBaGen 1.4.4 --> "C:\Program Files\SBaGen\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB937143) --> "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127) --> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653) --> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615) --> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894) --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Sun ODF Plugin for Microsoft Office 1.2 --> MsiExec.exe /X{5A29E75C-A8DE-49B4-9AF3-2266CE76C428}
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TortoiseSVN 1.4.5.10425 (32 bit) --> MsiExec.exe /X{F4BBA950-56F0-4335-8D93-EE64BFF593A0}
Update for Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB943729) --> "C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewMate Desktop Mouse CC2201 Uninstaller --> mosunin.exe C:\Program Files\MagicMus
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
WIDCOMM Bluetooth Software --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\dpinst.exe /us C:\PROGRA~1\DIFX\UninstallScripts\4569969E1360D2854474C661EF9B4D54F143EB16
Windows Genuine Advantage Validation Tool (KB892130) -->
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803) --> "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7 --> "C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11 --> "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11 --> "C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB839210 -->
Windows XP Hotfix - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinPcap 4.0.2 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR pakkimisprogramm --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.4 --> "C:\Program Files\WinSCP\unins000.exe"
Wireshark 0.99.7 --> "C:\Program Files\Wireshark\uninstall.exe"
XML Paper Specification Shared Components Pack 1.0 -->
XXL Club Casino --> "C:\Program Files\XXL Club Casino\_SetupCasino4.exe" /uninstall
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
YourKit Java Profiler 7.0.11 --> "C:\Program Files\YourKit Java Profiler 7.0.11\uninstall.exe"
Zipang Casino --> "C:\Program Files\Zipang Casino\_SetupCasino7.exe" /uninstall
[/codebox]

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:51 PM

Posted 05 August 2008 - 12:24 PM

Please note the message text in blue at the top of this forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Further, you did not follow the required instructions for using ComboFix which are provided when the tool is used under proper supervision as its log indicates your machine does not have the Recovery Console installed.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users