Multiple Issues Win32/Cycbot!cfg

Maurice Naggar · February 18, 2012

You are fortunate that Combofix did run. It found some additional rogue.

This system has Advanced system care

"Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-08-09 417112]

I suggest you see IOBit Steals Malwarebytes' Intellectual Property

and that you un-install it.

Then, next, let's get a report:

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

Right click on RSIT.exe & select Run As Administrator to start RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Copy and Paste the contents of Log.txt and Info.txt for review.

oneoleguy · February 18, 2012

I deleted Advanced System Care 4.

Log.txt>>>>>>>>>>>>>>>>>>With info.txt the post was too long. I am adding it seperately.

======================================================================================================

Logfile of random's system information tool 1.09 (written by random/random)

Run by Bill Halliday at 2012-02-18 12:41:30

Microsoft Windows 7 Professional Service Pack 1

System drive C: has 144 GB (63%) free of 228 GB

Total RAM: 8031 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:41:39 PM, on 2/18/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\TypeItIn\TypeItIn.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files\trend micro\Bill Halliday.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: CrossriderApp0002258 - {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: Avery Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" (User 'Default user')

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: TypeItIn.lnk = C:\Program Files (x86)\TypeItIn\TypeItIn.exe

O4 - Startup: Windows Task Manager.lnk = C:\Windows\System32\taskmgr.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Check &Spelling - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM

O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: lxdj_device - Unknown owner - C:\Windows\system32\lxdjcoms.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: MySQL55 - Unknown owner - C:\Program.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

O23 - Service: Intel® Sample Collector (SampleCollector) - Intel Corporation - C:\Program Files\Sony\VAIO Care\collsvc.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Voicent Gateway (VoicentGateway) - Voicent Communications, Inc - C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11947 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k netsvcs

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\lxdjcoms.exe -service

"C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.5\my.ini" MySQL55

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"

"C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe" -Dtype=service

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

"C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe" -Dtype=server

"taskhost.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

-Dvx.home="C:\Program Files (x86)\Voicent\Gateway" -Dspport=8355 -Dvoice="Microsoft Anna - English (United States)"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

WLIDSvcM.exe 1872

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe"

-Dvx.home="C:\Program Files (x86)\Voicent\Gateway" -Doutports="8455" -Dvxport=8255 -Dspport=8355 -Dappport=8155 -Dline=0 -Dphone=dummy

C:\Windows\system32\svchost.exe -k bthsvcs

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}

-cp lib/HTTPClient.jar;lib/xalan.jar;lib/xercesImpl.jar;lib/xml-apis.jar;lib/mail.jar;lib/vx.jar -Xrs vx.server.VxInterpServer -Dvx.home="C:\Program Files (x86)\Voicent\Gateway" -Dappport=8155 -Dvxport=8255 -Dcachedir="C:\Program Files (x86)\Voicent\Gateway/work/vxcache" -DRV=Male

"C:\Windows\System32\igfxtray.exe"

"C:\Windows\System32\hkcmd.exe"

"C:\Windows\System32\igfxpers.exe"

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"

"C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe"

"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr

"C:\Program Files (x86)\TypeItIn\TypeItIn.exe"

"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding

"C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"

-Djava.security.policy="C:\Program Files (x86)\Voicent\Gateway\conf\catalina.policy" -cp "C:\Program Files (x86)\Voicent\Gateway\lib\ant-launcher.jar;C:\Program Files (x86)\Voicent\Gateway\lib\ant.jar;C:\Program Files (x86)\Voicent\Gateway\lib\bootstrap.jar;C:\Program Files (x86)\Voicent\Gateway\lib\catalina-ant.jar;C:\Program Files (x86)\Voicent\Gateway\lib\catalina.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-beanutils.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-collections-3.2.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-digester-1.8.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-fileupload-1.2.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-io-1.3.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-logging-1.1.1.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-logging-api-1.1.1.jar;C:\Program Files (x86)\Voicent\Gateway\lib\commons-modeler-2.0.1.jar;C:\Program Files (x86)\Voicent\Gateway\lib\HTTPClient.jar;C:\Program Files (x86)\Voicent\Gateway\lib\jakarta-regexp-1.5.jar;C:\Program Files (x86)\Voicent\Gateway\lib\jasper-compiler.jar;C:\Program Files (x86)\Voicent\Gateway\lib\jasper-runtime.jar;C:\Program Files (x86)\Voicent\Gateway\lib\log4j-1.2.15.jar;C:\Program Files (x86)\Voicent\Gateway\lib\mail.jar;C:\Program Files (x86)\Voicent\Gateway\lib\mx4j.jar;C:\Program Files (x86)\Voicent\Gateway\lib\naming-common.jar;C:\Program Files (x86)\Voicent\Gateway\lib\naming-factory.jar;C:\Program Files (x86)\Voicent\Gateway\lib\naming-resources.jar;C:\Program Files (x86)\Voicent\Gateway\lib\serializer.jar;C:\Program Files (x86)\Voicent\Gateway\lib\servlet.jar;C:\Program Files (x86)\Voicent\Gateway\lib\servlets-common.jar;C:\Program Files (x86)\Voicent\Gateway\lib\servlets-default.jar;C:\Program Files (x86)\Voicent\Gateway\lib\servlets-invoker.jar;C:\Program Files (x86)\Voicent\Gateway\lib\servlets-manager.jar;C:\Program Files (x86)\Voicent\Gateway\lib\servlets-webdav.jar;C:\Program Files (x86)\Voicent\Gateway\lib\tomcat-coyote.jar;C:\Program Files (x86)\Voicent\Gateway\lib\tomcat-http11.jar;C:\Program Files (x86)\Voicent\Gateway\lib\tomcat-jk.jar;C:\Program Files (x86)\Voicent\Gateway\lib\tomcat-jk2.jar;C:\Program Files (x86)\Voicent\Gateway\lib\tomcat-util.jar;C:\Program Files (x86)\Voicent\Gateway\lib\tomcat4-coyote.jar;C:\Program Files (x86)\Voicent\Gateway\lib\vx.jar;C:\Program Files (x86)\Voicent\Gateway\lib\xalan.jar;C:\Program Files (x86)\Voicent\Gateway\lib\xercesImpl.jar;C:\Program Files (x86)\Voicent\Gateway\lib\xml-apis.jar;C:\Program Files (x86)\Voicent\Gateway/outcall\lib\vx-outcall.jar;" -Xrs vx.server.VxApp -Dvx.home="C:\Program Files (x86)\Voicent\Gateway" -Dappport=8155 -Dpdport=8165 -Doutport="10,2,0,0,0,0,-1,USD,8455" -Dpassword=1234

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c

"C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata"

C:\Program Files\Sony\VAIO Care/listener.exe /silent /slot=0

"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516

"C:\Users\Bill Halliday\Desktop\Malware identify and fix\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore1cce37848295051.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3016247236-2053164898-2875212204-1001Core1cce37991f79d5.job

C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-3016247236-2053164898-2875212204-1001.job

C:\Windows\tasks\Scheduled Update for Ask Toolbar.job

C:\Windows\tasks\User_Feed_Synchronization-{2F89628F-55E1-4645-B601-EB8FD64B2EC8}.job

C:\Windows\tasks\{1A582068-DB11-4D49-8801-1D81FAB645CA}.job

C:\Windows\tasks\{5BB7C174-8A26-436F-98C5-BD72B39D7783}.job

C:\Windows\tasks\{627B3416-F8F9-4CA0-8E2D-8C3065E79784}.job

C:\Windows\tasks\{855A4FC4-43D0-4A2A-B869-B2C4968C65DA}.job

C:\Windows\tasks\{9F928FF6-F7B3-4AE6-8C20-E7E1E649C7E9}.job

C:\Windows\tasks\{FC2498CB-9732-464B-9ABF-9D829D33D832}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default

prefs.js - "browser.search.useDBForOrder" - true

prefs.js - "extensions.enabledItems" - "{ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1, {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.7.0.6, {9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC}:2.01, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.12, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442, {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20110512W, crossriderapp2258@crossrider.com:0.78.15, {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30, toolbar@shopathome.com:5.2.0.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.9"

prefs.js - "keyword.URL" - "http://www.google.com/search?sourceid=navclient&hl=en&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 10.1 Plugin

"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@cnw.com/cnwplugin]

"Description"=CNW Plugin 1.0

"Path"=C:\Program Files (x86)\Screen Sharing Plug-in\npcnwplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]

"Description"=Picasa3 plugin

"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13]

"Description"=RealPlayer LiveConnect-Enabled Plug-In

"Path"=c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13]

"Description"=RealJukebox Netscape Plugin

"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13]

"Description"=RealNetworks RealPlayer Chrome Background Extension Plug-In

"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13]

"Description"=RealPlayer HTML5VideoShim Plug-In

"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13]

"Description"=15.0.1.13

"Path"=c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]

"Description"=

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\

{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

{972ce4c6-7e08-4474-a285-3208198ce6fd}

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\

browser.xpt

browserdirprovider.dll

brwsrcmp.dll

components.list

FeedConverter.js

FeedProcessor.js

FeedWriter.js

fuelApplication.js

GPSDGeolocationProvider.js

jsconsole-clhandler.js

NetworkGeolocationProvider.js

nppl3260.xpt

nsAddonRepository.js

nsBadCertHandler.js

nsBlocklistService.js

nsBrowserContentHandler.js

nsBrowserGlue.js

nsContentDispatchChooser.js

nsContentPrefService.js

nsDefaultCLH.js

nsDownloadManagerUI.js

nsExtensionManager.js

nsFormAutoComplete.js

nsHandlerService.js

nsHelperAppDlg.js

nsINIProcessor.js

nsIQTScriptablePlugin.xpt

nsjsrealplayerplugin.xpt

nsLivemarkService.js

nsLoginInfo.js

nsLoginManager.js

nsLoginManagerPrompter.js

nsMicrosummaryService.js

nsPlacesAutoComplete.js

nsPlacesDBFlush.js

nsPlacesTransactionsService.js

nsPrivateBrowsingService.js

nsProxyAutoConfig.js

nsSafebrowsingApplication.js

nsSearchService.js

nsSearchSuggestions.js

nsSessionStartup.js

nsSessionStore.js

nsSetDefaultBrowser.js

nsSidebar.js

nsTaggingService.js

nsTryToClose.js

nsUpdateService.js

nsUpdateServiceStub.js

nsUpdateTimerManager.js

nsUrlClassifierLib.js

nsUrlClassifierListManager.js

nsURLFormatter.js

nsWebHandlerApp.js

pluginGlue.js

storage-Legacy.js

storage-mozStorage.js

txEXSLTRegExFunctions.js

WebContentConverter.js

C:\Program Files (x86)\Mozilla Firefox\plugins\

np-mswmp.dll

npdeployJava1.dll

nul32.dll

NPOFF12.DLL

nppdf32.dll

nppl3260.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

nprjplug.dll

nprpjplug.dll

QuickTimePlugin.class

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\

amazondotcom.xml

answers.xml

avg-secure-search.xml

creativecommons.xml

eBay.xml

google.xml

wikipedia.xml

yahoo.xml

C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\extensions\

crossriderapp2258@crossrider.com

toolbar@shopathome.com

{1018e4d6-728f-4b20-ad56-37578a4de76b}

{3112ca9c-de6d-4884-a869-9855de68056c}

{9D7B21FA-0991-472C-8F8E-2CD6CC1CB7BC}

{ba14329e-9550-4989-b3f2-9732e92d17cc}

C:\Users\Bill Halliday\AppData\Roaming\Mozilla\Firefox\Profiles\ynulddlp.default\searchplugins\

conduit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]

HelperObject Class - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll [2006-03-14 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158}]

I Want This - C:\Program Files (x86)\I Want This\I Want This.dll [2012-01-25 475480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-01-09 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-09 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

Vuze Remote Toolbar - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Avery Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-01-20 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-09 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll [2006-03-14 131072]

{D4027C7F-154A-4066-A1AD-4243D8127440} - Avery Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-01-20 1197448]

{ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll [2011-01-17 175912]

{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-09-03 7938080]

"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-09-03 1833504]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584]

"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 1436736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2012-01-09 296056]

"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\Bill Halliday\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

TypeItIn.lnk - C:\Program Files (x86)\TypeItIn\TypeItIn.exe

Windows Task Manager.lnk - C:\Windows\System32\taskmgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2011-02-11 272896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-06-30 249344]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"PromptOnSecureDesktop"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-02-18 12:41:31 ----D---- C:\Program Files\trend micro

2012-02-18 12:41:30 ----D---- C:\rsit

2012-02-18 10:16:53 ----SHD---- C:\$RECYCLE.BIN

2012-02-18 09:45:30 ----D---- C:\32534dd79a0e108d442cfb

2012-02-18 09:34:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2012-02-18 09:34:27 ----A---- C:\Windows\system32\mshtmled.dll

2012-02-18 09:34:26 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2012-02-18 09:34:26 ----A---- C:\Windows\system32\jscript9.dll

2012-02-18 09:34:26 ----A---- C:\Windows\system32\iertutil.dll

2012-02-18 09:34:25 ----A---- C:\Windows\SYSWOW64\url.dll

2012-02-18 09:34:25 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2012-02-18 09:34:25 ----A---- C:\Windows\SYSWOW64\jscript.dll

2012-02-18 09:34:25 ----A---- C:\Windows\SYSWOW64\ieui.dll

2012-02-18 09:34:25 ----A---- C:\Windows\system32\url.dll

2012-02-18 09:34:25 ----A---- C:\Windows\system32\jscript.dll

2012-02-18 09:34:25 ----A---- C:\Windows\system32\ieui.dll

2012-02-18 09:34:24 ----A---- C:\Windows\SYSWOW64\wininet.dll

2012-02-18 09:34:24 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2012-02-18 09:34:24 ----A---- C:\Windows\system32\urlmon.dll

2012-02-18 09:34:24 ----A---- C:\Windows\system32\jsproxy.dll

2012-02-18 09:34:23 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2012-02-18 09:34:23 ----A---- C:\Windows\system32\wininet.dll

2012-02-18 09:34:22 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2012-02-18 09:34:20 ----A---- C:\Windows\system32\mshtml.dll

2012-02-18 09:34:19 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2012-02-18 09:34:18 ----A---- C:\Windows\system32\ieframe.dll

2012-02-17 19:41:55 ----A---- C:\ComboFix.txt

2012-02-17 18:44:23 ----A---- C:\Windows\zip.exe

2012-02-17 18:44:23 ----A---- C:\Windows\SWSC.exe

2012-02-17 18:44:23 ----A---- C:\Windows\SWREG.exe

2012-02-17 18:44:23 ----A---- C:\Windows\sed.exe

2012-02-17 18:44:23 ----A---- C:\Windows\PEV.exe

2012-02-17 18:44:23 ----A---- C:\Windows\NIRCMD.exe

2012-02-17 18:44:23 ----A---- C:\Windows\MBR.exe

2012-02-17 18:44:23 ----A---- C:\Windows\grep.exe

2012-02-17 18:44:17 ----D---- C:\ComboFix

2012-02-15 17:22:00 ----D---- C:\Program Files (x86)\Microsoft Security Client

2012-02-15 17:21:53 ----D---- C:\Program Files\Microsoft Security Client

2012-02-15 12:37:54 ----A---- C:\Windows\system32\shell32.dll

2012-02-15 12:37:52 ----A---- C:\Windows\SYSWOW64\shell32.dll

2012-02-15 12:37:52 ----A---- C:\Windows\SYSWOW64\ntshrui.dll

2012-02-15 12:37:52 ----A---- C:\Windows\system32\ntshrui.dll

2012-02-15 12:37:51 ----A---- C:\Windows\system32\drivers\afd.sys

2012-02-15 12:37:49 ----A---- C:\Windows\system32\win32k.sys

2012-02-15 12:37:48 ----A---- C:\Windows\SYSWOW64\msvcrt.dll

2012-02-15 12:37:48 ----A---- C:\Windows\system32\msvcrt.dll

2012-02-13 11:51:48 ----A---- C:\Windows\stinger.sys

2012-02-13 11:49:12 ----D---- C:\Program Files (x86)\stinger

2012-02-12 12:08:01 ----D---- C:\Program Files (x86)\ESET

2012-02-12 11:44:25 ----D---- C:\_OTL

2012-02-09 18:50:11 ----D---- C:\ProgramData\McAfee Security Scan

2012-02-09 18:01:20 ----A---- C:\Windows\SYSWOW64\javaws.exe

2012-02-09 18:01:20 ----A---- C:\Windows\SYSWOW64\javaw.exe

2012-02-09 18:01:20 ----A---- C:\Windows\SYSWOW64\java.exe

2012-02-09 17:56:06 ----D---- C:\Config.Msi

2012-02-09 17:46:42 ----A---- C:\Windows\SYSWOW64\deployJava1.dll

2012-02-08 16:03:07 ----A---- C:\TDSSKiller.2.7.10.0_08.02.2012_16.03.07_log.txt

2012-02-08 15:32:36 ----A---- C:\Windows\system32\rkill.com

2012-02-08 12:20:20 ----D---- C:\Program Files (x86)\ERUNT

2012-02-07 12:55:44 ----RA---- C:\Windows\system32\dds.com

2012-02-06 19:47:43 ----D---- C:\Users\Bill Halliday\AppData\Roaming\OfficeSuiteX

2012-02-06 19:46:03 ----D---- C:\Program Files (x86)\Office Suite X 3

2012-02-06 18:49:59 ----D---- C:\Program Files (x86)\I Want This

2012-02-06 13:37:30 ----A---- C:\Windows\system32\MRT.exe

2012-02-04 15:56:50 ----D---- C:\ProgramData\UAB

2012-02-04 15:56:32 ----D---- C:\ProgramData\Driver Manager

2012-02-04 15:55:53 ----D---- C:\Program Files (x86)\Driver Manager

2012-01-31 13:00:03 ----A---- C:\Windows\SYSWOW64\webio.dll

2012-01-31 13:00:03 ----A---- C:\Windows\SYSWOW64\schannel.dll

2012-01-31 13:00:03 ----A---- C:\Windows\system32\webio.dll

2012-01-31 13:00:03 ----A---- C:\Windows\system32\sspicli.dll

2012-01-31 13:00:03 ----A---- C:\Windows\system32\schannel.dll

2012-01-31 13:00:03 ----A---- C:\Windows\system32\lsass.exe

2012-01-31 13:00:03 ----A---- C:\Windows\system32\lsasrv.dll

2012-01-31 13:00:03 ----A---- C:\Windows\system32\drivers\ksecpkg.sys

2012-01-31 13:00:03 ----A---- C:\Windows\system32\drivers\ksecdd.sys

2012-01-31 13:00:03 ----A---- C:\Windows\system32\drivers\cng.sys

2012-01-31 13:00:02 ----A---- C:\Windows\SYSWOW64\sspicli.dll

2012-01-31 13:00:02 ----A---- C:\Windows\SYSWOW64\secur32.dll

2012-01-31 13:00:02 ----A---- C:\Windows\system32\sspisrv.dll

2012-01-31 13:00:02 ----A---- C:\Windows\system32\secur32.dll

2012-01-21 13:26:16 ----D---- C:\ProgramData\Uniblue

2012-01-21 13:25:32 ----D---- C:\Program Files (x86)\Uniblue

======List of files/folders modified in the last 1 month======

2012-02-18 12:41:31 ----RD---- C:\Program Files

2012-02-18 12:36:55 ----D---- C:\Windows\Temp

2012-02-18 12:29:06 ----D---- C:\Program Files (x86)\IObit

2012-02-18 12:22:27 ----D---- C:\Windows\Microsoft.NET

2012-02-18 10:21:57 ----D---- C:\Windows\Prefetch

2012-02-18 10:20:56 ----D---- C:\Windows\winsxs

2012-02-18 10:20:30 ----D---- C:\Windows\system32\config

2012-02-18 10:20:27 ----SHD---- C:\Windows\Installer

2012-02-18 10:20:07 ----SHD---- C:\System Volume Information

2012-02-18 10:16:19 ----RSD---- C:\Windows\assembly

2012-02-18 09:47:56 ----D---- C:\Windows\SYSWOW64\migration

2012-02-18 09:47:56 ----D---- C:\Windows\SysWOW64

2012-02-18 09:47:56 ----D---- C:\Windows\system32\migration

2012-02-18 09:47:56 ----D---- C:\Windows\system32\drivers

2012-02-18 09:47:56 ----D---- C:\Windows\System32

2012-02-18 09:47:56 ----D---- C:\Program Files\Internet Explorer

2012-02-18 09:47:56 ----D---- C:\Program Files (x86)\Internet Explorer

2012-02-18 09:47:54 ----D---- C:\ProgramData\Microsoft Help

2012-02-18 09:42:30 ----D---- C:\Windows\inf

2012-02-18 09:42:30 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-02-18 09:34:53 ----D---- C:\Windows\system32\catroot2

2012-02-18 09:34:53 ----D---- C:\Windows\system32\catroot

2012-02-17 19:42:08 ----D---- C:\Qoobox

2012-02-17 19:36:55 ----D---- C:\Windows\ERDNT

2012-02-17 19:28:25 ----D---- C:\Windows

2012-02-17 19:28:25 ----A---- C:\Windows\system.ini

2012-02-17 19:28:10 ----D---- C:\Windows\system32\drivers\etc

2012-02-17 18:55:22 ----RD---- C:\Program Files (x86)

2012-02-17 18:49:24 ----D---- C:\Windows\SYSWOW64\drivers

2012-02-17 18:49:24 ----D---- C:\Windows\AppPatch

2012-02-17 18:49:22 ----D---- C:\Program Files\Common Files

2012-02-17 18:49:22 ----D---- C:\Program Files (x86)\Common Files

2012-02-15 17:22:03 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI

2012-02-15 17:22:00 ----SD---- C:\ProgramData\Microsoft

2012-02-15 15:26:13 ----D---- C:\Users\Bill Halliday\AppData\Roaming\EditPlus 3

2012-02-13 11:25:05 ----D---- C:\ProgramData

2012-02-12 12:08:03 ----D---- C:\Windows\Downloaded Program Files

2012-02-11 13:20:53 ----D---- C:\Users\Bill Halliday\AppData\Roaming\Skype

2012-02-11 12:49:17 ----D---- C:\Program Files (x86)\McAfee Security Scan

2012-02-09 13:42:11 ----D---- C:\Windows\rescache

2012-02-09 11:50:44 ----D---- C:\Windows\pss

2012-02-08 15:20:00 ----D---- C:\Users\Bill Halliday\AppData\Roaming\IObit

2012-02-06 19:46:09 ----RSD---- C:\Windows\Fonts

2012-02-04 14:10:27 ----D---- C:\Windows\Tasks

2012-02-01 13:09:00 ----D---- C:\Program Files (x86)\Mozilla Firefox

2012-01-31 06:44:20 ----N---- C:\Windows\system32\MpSigStub.exe

2012-01-27 13:57:05 ----D---- C:\Program Files (x86)\Commission Streamer

2012-01-26 16:33:48 ----D---- C:\Users\Bill Halliday\AppData\Roaming\FileZilla

2012-01-25 17:30:42 ----D---- C:\Windows\system32\NDF

2012-01-21 13:41:27 ----D---- C:\Users\Bill Halliday\AppData\Roaming\Uniblue

2012-01-21 13:08:08 ----D---- C:\Windows\debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 18232]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]

R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 189440]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]

R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-13 41984]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-13 118784]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-27 80384]

R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2010-04-14 54824]

R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-09-01 98344]

R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-09-01 132648]

R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-09-01 35104]

R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-09-01 21160]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-09-03 1822112]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-13 158720]

R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimssn64.sys [2009-07-22 85504]

R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]

R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]

R3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]

S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-27 552960]

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-11 17920]

S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-11 27136]

S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-11 33792]

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 864032]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 lxdj_device;lxdj_device; C:\Windows\system32\lxdjcoms.exe [2007-06-11 567216]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]

R2 MySQL55;MySQL55; C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld --defaults-file=C:\ProgramData\MySQL\MySQL Server 5.5\my.ini MySQL55 []

R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-03 189984]

R2 SampleCollector;Intel® Sample Collector; C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-09-16 167424]

R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

R2 VoicentGateway;Voicent Gateway; C:\Program Files (x86)\Voicent\Gateway\bin\vgate.exe [2011-09-05 1327168]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 136176]

S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-02-01 136176]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-12-03 182768]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]

S3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1255736]

S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136]

S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

-----------------EOF-----------------

oneoleguy · February 18, 2012

info.txt

================================================================================

info.txt logfile of random's system information tool 1.09 2012-02-18 12:41:40

======Uninstall list======

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

-->C:\ProgramData\{4E78170A-6049-4586-A083-3AECE1A687E4}\wsc_x1.exe

-->C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu

7-Zip 9.20-->C:\Program Files (x86)\7-Zip\Uninstall.exe

ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10y_Plugin.exe -maintain plugin

Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_0_1_ActiveX.exe -maintain activex

Adobe Reader 9.5.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}

Apple Application Support-->MsiExec.exe /I{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

ArcSoft WebCam Companion 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9973498D-EA29-4A68-BE0B-C88D6E03E928}\Setup.exe" -l0x9

Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Auslogics Disk Defrag-->"C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\unins000.exe"

Avery Wizard 3.1-->MsiExec.exe /I{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}

Avery Wizard 4.0-->MsiExec.exe /X{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}

AVS Update Manager 1.0-->"C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe"

AVS Video Converter 6-->"C:\Program Files (x86)\AVS4YOU\AVSVideoConverter6\unins000.exe"

AVS4YOU Software Navigator 1.3-->"C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe"

Belarc Advisor 8.2-->"C:\PROGRA~2\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~2\Belarc\Advisor\INSTALL.LOG"

Bing Bar-->C:\Program Files (x86)\Bing Bar Installer\InstallManager.exe /UNINSTALL

Bulk Mailer-->"C:\ProgramData\{2408CEC0-B073-4626-BC31-20BADBC07887}\mailer_setup.exe" REMOVE=TRUE MODIFY=FALSE

Bulk Mailer-->C:\ProgramData\{2408CEC0-B073-4626-BC31-20BADBC07887}\mailer_setup.exe

CashSystemX-->C:\Program Files (x86)\CashSystemX\Uninstall.exe

Conduit Engine-->C:\PROGRA~2\CONDUI~1\ConduitEngineUninstall.exe

Dolby Control Center-->MsiExec.exe /I{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}

EditPlus 3-->C:\Program Files (x86)\EditPlus 3\remove.exe

Email Extractor-->"C:\ProgramData\{A622CA4A-0A5A-43C3-AF4F-ABBE76154383}\email-extractor-setup.exe" REMOVE=TRUE MODIFY=FALSE

Email Extractor-->C:\ProgramData\{A622CA4A-0A5A-43C3-AF4F-ABBE76154383}\email-extractor-setup.exe

Email Verifier-->"C:\ProgramData\{36B7E4FF-9E7B-46F2-B3E9-D12C3B4B7F9B}\email_verifier_pro_setup.exe" REMOVE=TRUE MODIFY=FALSE

Email Verifier-->C:\ProgramData\{36B7E4FF-9E7B-46F2-B3E9-D12C3B4B7F9B}\email_verifier_pro_setup.exe

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

ExamDiff 1.8 (Build 1.8.0.3)-->"C:\Program Files (x86)\ExamDiff\unins000.exe"

FaxRedist-->MsiExec.exe /I{2C8CC208-965C-48A1-90A8-DFB484358F1C}

FileZilla Client 3.5.2-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe

forexfreedom-->C:\Program Files (x86)\forexfreedom\Uninstall.exe

GIMP 2.6.11-->"C:\Program Files (x86)\GIMP-2.0\setup\unins000.exe"

Gimp-->"C:\Windows\unins000.exe"

Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}

Google SketchUp 8-->MsiExec.exe /X{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

I Want This-->C:\Program Files (x86)\I Want This\Uninstall.exe

ieSpell-->"C:\Program Files (x86)\ieSpell\uninst.exe"

Interbank FX Trader 4.00-->"C:\Program Files (x86)\Interbank FX Trader 4\Uninstall.exe" "C:\Program Files (x86)\Interbank FX Trader 4\install.log"

Java 6 Update 30-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216030FF}

LG USB Modem driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG

Live Email Autoresponder-->"C:\ProgramData\{8921F4DB-47CF-4BD4-9F2F-01D3AF03EDC0}\autoresponder_setup.exe" REMOVE=TRUE MODIFY=FALSE

Live Email Autoresponder-->C:\ProgramData\{8921F4DB-47CF-4BD4-9F2F-01D3AF03EDC0}\autoresponder_setup.exe

Live TV-->"C:\Program Files (x86)\LIVE TV\unins000.exe"

McAfee Security Scan Plus-->"C:\Program Files (x86)\McAfee Security Scan\uninstall.exe"

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended

Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}

Microsoft Antimalware-->MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5}

Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}

Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}

Microsoft Office Project Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL

Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}

Microsoft Office Visio Professional 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL

Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}

Microsoft Security Client-->MsiExec.exe /I{42738DB0-FC3E-4672-A99B-9372F5696E30}

Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe

Mozilla Firefox (3.6.9)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

MySQL Connector C 6.0.2-->MsiExec.exe /I{5B6A2A7C-658E-4661-A254-3C36F5B63943}

MySQL Connector C++ 1.1.0-->MsiExec.exe /I{3C481CDB-34E8-4CEF-B487-4C9C60530CFC}

MySQL Connector J-->MsiExec.exe /I{090C73E1-BB48-403D-9DFF-A60FD71FF73A}

MySQL Connector Net 6.4.4-->MsiExec.exe /I{2DDC7E93-29AB-4260-A9DB-697F7FA88157}

MySQL Connector/ODBC 5.1-->MsiExec.exe /I{C44218B2-EC4D-4EB9-A3E3-F8F4A46927EC}

MySQL Installer-->MsiExec.exe /I{B9A129AB-CA6B-4CD1-B55C-792722E2B947}

MySQL Server 5.5-->MsiExec.exe /I{F71EAE49-EF2E-4DBB-9A36-62E7A7EE3A85}

MySQL Workbench 5.2 CE-->MsiExec.exe /I{944322AF-5D21-43F7-87DE-06BB30A1C369}

Net Extractor-->C:\PROGRA~2\SOFTWA~1\UNWISE.EXE C:\PROGRA~2\SOFTWA~1\INSTALL.LOG

NetAssistant-->MsiExec.exe /X{1266764D-FC4F-4FA7-B63B-884D53B1680F}

NetPicks Ultimate Swing Trader-->C:\Program Files (x86)\NetPicks Ultimate Swing Trader\UninstallOHForTradeStation.exe

Office Suite X 3.3-->MsiExec.exe /I{1F56A6C9-81CA-4B5F-B471-8CCB13CF85DA}

Oracle Trader 1.2.24-->"C:\Program Files (x86)\Oracle Trader\unins000.exe"

PCLinq2 High-Speed USB Bridge Cable-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{95381165-5D16-4CD4-9162-57799A3F3AB5}\Setup.exe" -l0x9

Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"

Presto! Forms 3.50.02-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B79920F8-AB6E-45B2-B257-900BBA969FF7}\setup.exe" -l0x9 -anything

Presto! PageManager 7.12.10-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{72CD4C5F-AB0B-4814-8780-9A4F26A2086B}\setup.exe" -l0x9 -anything

QuickTime-->MsiExec.exe /I{C9E14402-3631-4182-B377-6B0DFB1C0339}

RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}

RealPlayer-->c:\program files (x86)\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly

RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}

Registry Life version 1.28-->"C:\Program Files (x86)\Registry Life\unins000.exe"

Screen Sharing Plug-in-->MsiExec.exe /I{E141D65D-7E60-42AA-B58E-DCB107DE7A8B}

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended

Security Update for Microsoft Office Project 2007 (KB949046)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {B14B8A2C-6EB4-4FB6-B589-F6A5ABEC5B00}

Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}

Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}

Smart Defrag 2-->"C:\Program Files (x86)\IObit\Smart Defrag 2\unins001.exe"

SnagIt 8-->MsiExec.exe /I{0AEA9ECE-2AD0-4DF0-932E-F0AC6B771749}

Software Success Bundle - NX/GS/AP-->C:\PROGRA~2\SOFTWA~1\UNWISE.EXE C:\PROGRA~2\SOFTWA~1\INSTALL.LOG

TeamViewer 6-->C:\Program Files (x86)\TeamViewer\Version6\uninstall.exe

The Weather Channel Screensaver-->C:\PROGRA~2\THEWEA~1\SCREEN~1\UNWISE.EXE C:\PROGRA~2\THEWEA~1\SCREEN~1\INSTALL.LOG

ThermaData Logger-->MsiExec.exe /I{C3E63F02-D0B3-4017-AB9B-F46FE8C6DFE0}

TypeItIn Professional V2.8.1-->"C:\Program Files (x86)\TypeItIn\unins000.exe"

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0051-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client

Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended

Update for Microsoft .NET Framework 4 Extended (KB2533523)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended

Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}

Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {97FF6C46-CE3A-47F6-BA6B-3D743ACA4054}

Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}

Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}

Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}

Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}

Update for Microsoft Office Word 2007 (KB974631)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D53FB73-9826-4541-B2E0-A239C6EBA718}

Update for Microsoft Office Word 2007 (KB974631)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {34726474-50D6-49FC-B8AC-35411459D27A}

VAIO Care-->"C:\Program Files (x86)\InstallShield Installation Information\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}\setup.exe" -runfromtemp -l0x0009 -removeonly

ViceVersa Pro 2.5 64-bit (Build 2500)-->"C:\Program Files\ViceVersa Pro 2\unins000.exe"

VLC media player 0.9.8a-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe

Voicent Gateway-->MsiExec.exe /I{11EFA17B-5422-45B2-88C6-B5400B91D4F8}

Vuze Remote Toolbar-->C:\PROGRA~2\VUZE_R~1\UNINST~1.EXE

Vuze-->C:\Program Files (x86)\Vuze\uninstall.exe

WIDCOMM Bluetooth Software-->MsiExec.exe /X{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}

Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

WinSysClean X2-->"C:\ProgramData\{4E78170A-6049-4586-A083-3AECE1A687E4}\wsc_x1.exe" REMOVE=TRUE MODIFY=FALSE

======System event log======

Computer Name: Owner-PC

Event Code: 7023

Message: The Windows Modules Installer service terminated with the following error:

The process cannot access the file because it is being used by another process.

Record Number: 619

Source Name: Service Control Manager

Time Written: 20100311205251.696052-000

Event Type: Error

User:

Computer Name: Owner-PC

Event Code: 4321

Message: The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Record Number: 517

Source Name: NetBT

Time Written: 20100311204403.676343-000

Event Type: Error

User:

Computer Name: Owner-PC

Event Code: 4321

Message: The name "OWNER-PC :0" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Record Number: 490

Source Name: NetBT

Time Written: 20100311204330.502658-000

Event Type: Error

User:

Computer Name: Owner-PC

Event Code: 4321

Message: The name "OWNER-PC :20" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

Record Number: 489

Source Name: NetBT

Time Written: 20100311204330.502658-000

Event Type: Error

User:

Computer Name: Owner-PC

Event Code: 2505

Message: The server could not bind to the transport \Device\NetBT_Tcpip_{36A90CA6-E63C-412C-8AD2-AE7BA8AFC026} because another computer on the network has the same name. The server could not start.

Record Number: 485

Source Name: Server

Time Written: 20100311204330.000000-000

Event Type: Error

User:

=====Application event log=====

Computer Name: Vaio

Event Code: 11

Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 780) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.

Record Number: 273

Source Name: Microsoft-Windows-RPC-Events

Time Written: 20100311221010.495329-000

Event Type: Warning

User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Owner-PC

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-3016247236-2053164898-2875212204-1001:

Process 424 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3016247236-2053164898-2875212204-1001

Record Number: 233

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20100311205243.615238-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC

Event Code: 1533

Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.

Record Number: 210

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20100311204401.999113-000

Event Type: Error

User: NT AUTHORITY\SYSTEM

Computer Name: Owner-PC

Event Code: 11

Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 976) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.

Record Number: 207

Source Name: Microsoft-Windows-RPC-Events

Time Written: 20100311204357.880706-000

Event Type: Warning

User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Owner-PC

Event Code: 1008

Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 119

Source Name: Microsoft-Windows-Search

Time Written: 20100311223948.000000-000

Event Type: Warning

User:

=====Security event log=====

Computer Name: 37L4247E29-32

Event Code: 4735

Message: A security-enabled local group was changed.

Subject:

Security ID: S-1-5-18

Account Name: 37L4247E29-32$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Group:

Security ID: S-1-5-32-551

Group Name: Backup Operators

Group Domain: Builtin

Changed Attributes:

SAM Account Name: -

SID History: -

Additional Information:

Privileges: -

Record Number: 5

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100311223145.655686-000

Event Type: Audit Success

User:

Computer Name: 37L4247E29-32

Event Code: 4731

Message: A security-enabled local group was created.

Subject:

Security ID: S-1-5-18

Account Name: 37L4247E29-32$

Account Domain: WORKGROUP

Logon ID: 0x3e7

New Group:

Security ID: S-1-5-32-551

Group Name: Backup Operators

Group Domain: Builtin

Attributes:

SAM Account Name: Backup Operators

SID History: -

Additional Information:

Privileges: -

Record Number: 4

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100311223145.655686-000

Event Type: Audit Success

User:

Computer Name: 37L4247E29-32

Event Code: 4902

Message: The Per-user audit policy table was created.

Number of Elements: 0

Policy ID: 0x32017

Record Number: 3

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100311223145.328085-000

Event Type: Audit Success

User:

Computer Name: 37L4247E29-32

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 0

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x4

Process Name:

Network Information:

Workstation Name: -

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: -

Authentication Package: -

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 2

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100311223143.097281-000

Event Type: Audit Success

User:

Computer Name: 37L4247E29-32

Event Code: 4608

Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.

Record Number: 1

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100311223142.988081-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\QuickTime\QTSystem

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=2

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

oneoleguy · February 18, 2012

PS.

I re-booted after deleting the Advanced System Care 4 and running the RSIT program.

Both the Firewall and the Action Center are active!

oneoleguy · February 18, 2012

I was so excited, but then I realized you'd like to see a screen print of it.

oneoleguy · February 18, 2012

One last little tidbit. I checked the connection from this PC to my other PC and vise-versa.

This PC could not see the other one at all
The other PC was no longer prompting for a network password but connected to this PC instantly

So, I still seem to have some problems!

Maurice Naggar · February 19, 2012

Will have to leave the pc-networking issue for later, possibly recommend that you use another sub-forum here for that.

Good new indeed though on clearing up the major issues !!!

but, you said you deleted Advanced system care? How so? did you use the un-install in Windows' Programs & Features?

and at what point did you do the "removal"?

Because the last RSIT log showed

O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" (User 'Default user')

For now, I'd like for you to do the following:

a) Start MBAM, do an Update run. Then do a Quick scan. If nothing found, I will not need the log.

b) Make a visit to Windows Update. Make sure this system is all up-to-date with Important updates. Just only the ones marked Important.

c)IIRC, you installed MS Security Essentials. right? I still see residue of McAfee Security Scan Plus.

Go to http://service.mcafe...033&id=TS100507

Download, SAVE, then run the MCPR.exe the McAfee Consumer Product Removal Tool

do only steps 1 & 2 in that reference document.

You probably have to execute the tool 2 times for a full un-install.

d) I need a new run of SecurityCheck for review. Run and post back the new Checkup.txt

oneoleguy · February 19, 2012

Yes indeed, I did use the uninstall from the control panel. Before the run of RSIT yesterday. Those entries will be removed once I run a scan program that deletes unused entries in the registry, I hope!

MBAM found no infections.

The Windows Update went well with all updates Successful. Then the PC re-booted.

The link you provided for McAfee was not a FREE download. I went to the Control Panel and uninstalled it. The uninstall wasn't a complete process as I'm unable to delete the fines in the McAfee subdirectory of Program Files(x86).

Checkup Log

================================================================================================

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java™ 6 Update 30

Adobe Flash Player 10.3.183.11 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (3.6.9) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

Bill Halliday Desktop Malware identify and fix SecurityCheck.exe

``````````End of Log````````````

Maurice Naggar · February 20, 2012

I would encourage you highly to update all 3 of Adobe Flash Player, Adobe Reader, and Firefox too.

Firefox is the easiest to update. Start it. Then from main menu, select Help >> About and follow prompts to update.

De-install your Adobe Reader: Use Control Panel's Programs & Features, Remove Adobe Reader.

Get the latest version from http://get.adobe.com/reader/

Be sure to un-check the box on McAfee Security Scan Plus

Do similarly for Adobe Flash Player (de-install)

Get the latest one http://get.adobe.com/flashplayer/

Be sure to un-check the box on McAfee Security Scan Plus

oneoleguy · February 20, 2012

You won't believe this. I performed the 3 updates and then ran SecurityCheck again and got these results:

Results of screen317's Security Check version 0.99.30

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Adobe Flash Player 10.3.183.15 Flash Player out of Date!

Adobe Reader X (10.1.2)

Mozilla Firefox (3.6.27) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Malwarebytes' Anti-Malware mbamservice.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

Bill Halliday Desktop Malware identify and fix SecurityCheck.exe

``````````End of Log````````````

What that flash player message may be about is the FlashPlayer 11 for 64-bit.

3.6.27 is the latest version of 3.6 of firefox. I don't really want to go higher, for now.

Maurice Naggar · February 20, 2012

Keeping all your browsers (as well as your Windows) up-to-date is very important to your system security.

I'll leave you to protect Firefox on your own.

Please re-advise if we have cleared up your original issue. If so, I'll formulate the cleanup-tools process and pass that to you in a next reply.

oneoleguy · February 20, 2012

Maurice,

Explained that way, I see the reason for updating Firefox. This was my original message....All these issues have been corrected.

Hello,
This last weekend (Dec. 17 to Dec. 20, 2011) I started having trouble with MS Outlook. EVERY incomming email was being put into the Junk Files Folder. Huh?
Today Dec. 22, 2011 I started running my malware programs and soon found out that my Firewall was disabled and the Windows System and Security program wouldn't let me reactivate the Firewall.
At the same time I found that the Security Center was disabled and wouldn't restart either and I've found that I can't create a new shortcut either.
So, I may have 1 or more virus'/malwares/Trogans programs running on this PC and perhaps more.
Could someone direct me in locating these problem programs and removing them?

Maurice Naggar · February 20, 2012

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after Combofix & before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

Highlight the line in this CODEBOX.
Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
```
c:\users\Bill Halliday\Desktop\Malware identify and fix\ComboFix /uninstall
```
Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
Then tap Enter

Exit command window.

IF in the case Combofix un-install has an issue, skip that step.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use on a regular basis to take snapshot-backups of the registry.

If TDSSKILLER is still around, delete it. Likewise, delete Stinger.

Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
Check in at Windows Update and install any Important Updates offered.
Make certain that Automatic Updates is enabled.
How to configure and use Automatic Updates in Windows
http://support.microsoft.com/kb/306525
Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)
I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winh...02/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.
Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
Having a total image backup of your system stored on DVD/CD is highly important.
Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
Examples of image backup software: Acronis True Image, or Paragon, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
ESET Online Scanner
Panda ActiveScan
Trend Micro Housecall
F-Secure Online Scanner
Read Tony Klein's article How Did I Get Infected In The First Place
MS Online Safety & Privacy Education
Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !

We are finished here. Best regards & Cheers !

oneoleguy · February 20, 2012

You've been very helpful Maurice. Thank you.

Could you refer me to the networking people to see if they can help me with my network issue?

Thanks again,

Bill

Maurice Naggar · February 20, 2012

Bill,

Glad to have helped you.

Go to the PC Help forum here http://forums.malwarebytes.org/index.php?showforum=6

and open a new topic, and provide your details of the networking situation

and give them a link to this topic

http://forums.malwarebytes.org/index.php?showtopic=102751

This thread is now closed. All the best to you.

Multiple Issues Win32/Cycbot!cfg

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information