FBI MoneyPak malware - please help!

[cagered]

Hi -

my PC's been infected with this FBI MoneyPak malware. Ive tried different modes (safe mode with networking, safe mode, etc.) and tried to run MalwareBytes but no avail -- keep getting a "vbcal6.ocx missing" message of some sort.

My PC is a 32-bit system, running Xp Pro.

Right now Ive ran rkill.exe and currently running ComboFix.exe. Not sure what to do.

Please help.

[Maurice Naggar]

Hi,

Combofix was never intended as a first-line tool, and further, should never be used unless with the guidance of a trained helper

Can you please STOP self-medicating ?

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.com here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

On Vista/ Windows 7/ Windows 8 do a RIGHT-click on dds and select Run As Administrator

On Windows XP double click dds to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

• When done, DDS will open two (2) logs:
• DDS.txt
• Attach.txt
• Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

[Maurice Naggar]

Next time you are viweing this Topic, look at upper right and click on Follow this Topic button

and select Immediate notification

[cagered]

Hi Maurice,

Sorry, but I was operating in panic mode.

I ran DDS.scr from my flash drive as Im unable to copy anything onto my desktop. Im working from a different computer as Im unable to access the internet either.

Heres the file content. Hope you can help. Thanks.

DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Run by Administrator at 10:48:56 on 2013-03-07

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Program Files\Emsisoft Anti-Malware\a2service.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\Explorer.EXE

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Documents and Settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uWindow Title = Windows Internet Explorer provided by Yahoo!

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [spotify Web Helper] "c:\documents and settings\administrator\application data\spotify\data\SpotifyWebHelper.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [X3BPush] c:\windows\dellximg\BPUSH.EXE

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [TkBellExe] c:\program files\common files\real\update_ob\realsched.exe -osboot

mRun: [iDTSysTrayApp] <no file>

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-System: LegalNoticeCaption = ?S

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3CBA13C3-58C7-47F1-9758-D4B255A50D52} - hxxp://hangar.apt.ri.cmu.edu/~astein/TRB/2012/data/index/ses_ocx/sessearch.ocx

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203435001581

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203449147781

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sgiconnect.webex.com/client/WBXclient-T27L10NSP32EP5-14362/event/ieatgpc.cab

TCP: NameServer = 128.205.106.106 128.205.7.1 128.205.1.2

TCP: Interfaces\{FCEFDB8D-68B6-4224-A69C-FBE97B8386E8} : DHCPNameServer = 128.205.106.106 128.205.7.1 128.205.1.2

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: NavLogon - <no file>

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\qlrbh5sp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.buffalo.edu

FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npo3dautoplugin.dll

FF - plugin: c:\documents and settings\administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll

FF - ExtSQL: !HIDDEN! 2009-09-14 17:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R? ccEvtMgr;Symantec Event Manager

R? ccSetMgr;Symantec Settings Manager

R? COH_Mon;COH_Mon

R? e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K

R? ICDSX;Sony IC Recorder (SX)

R? MBAMSwissArmy;MBAMSwissArmy

R? Symantec AntiVirus;Symantec Endpoint Protection

R? vsdatant;vsdatant

R? WDC_SAM;WD SCSI Pass Thru driver

R? WDDMService;WDDMService

S? a2acc;a2acc

S? a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service

S? A2DDA;A2 Direct Disk Access Support Driver

S? a2injectiondriver;a2injectiondriver

S? a2util;a-squared Malware-IDS utility driver

S? Apache2.2;Apache2.2

S? EraserUtilRebootDrv;EraserUtilRebootDrv

S? NAVENG;NAVENG

S? NAVEX15;NAVEX15

S? SFAUDIO;Sonic Focus DSP Driver

S? vpnagent;Cisco AnyConnect VPN Agent

S? WDFME;WD File Management Engine

S? WDSC;WD File Management Shadow Engine

.

=============== Created Last 30 ================

.

2013-03-06 23:56:10 208896 ----a-w- c:\windows\MBR.exe

2013-03-06 23:56:09 98816 ----a-w- c:\windows\sed.exe

2013-03-06 23:56:09 256000 ----a-w- c:\windows\PEV.exe

2013-03-06 23:55:45 -------- d-s---w- C:\ComboFix

2013-03-06 23:30:37 -------- d-----w- c:\documents and settings\all users\application data\Norton

2013-03-06 23:30:37 -------- d-----w- c:\documents and settings\administrator\local settings\application data\NPE

2013-03-06 22:24:55 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-03-06 22:24:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-06 22:24:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-03-06 21:35:01 -------- d-----w- c:\documents and settings\administrator\application data\EurekaLog

2013-03-06 19:42:18 -------- d-----w- c:\program files\Emsisoft Anti-Malware

.

==================== Find3M ====================

.

2013-01-06 11:35:38 178176 ----a-w- c:\documents and settings\administrator\application data\ldr.mcb

.

============= FINISH: 10:50:25.40 ===============

Attach.txt

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe Digital Editions

Adobe Reader X (10.1.4)

Apache HTTP Server 2.2.15

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Application Verifier

ArcSoft Panorama Maker 5

ATI - Software Uninstall Utility

ATI Catalyst Control Center

ATI Display Driver

Autodesk Design Review 2009

Bonjour

CamStudio

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Turkish

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help English

CCC Help French

CCC Help German

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Portuguese

CCC Help Spanish

CCC Help Turkish

Chinese Simplified Fonts Support For Adobe Reader 9

Cisco AnyConnect VPN Client

Cisco Systems VPN Client 5.0.04.0300

Cisco WebEx Meetings

Citrix XenApp Plugin for Hosted Apps

CMake 2.8 a cross-platform, open-source build system

ConTEXT v0.98.6

Coupon Printer for Windows

Critical Update for Windows Media Player 11 (KB959772)

Crystal Reports Basic for Visual Studio 2008

Debugging Tools for Windows (x86)

Digital Voice Editor 3

doPDF 7.2 printer

Dropbox

ELAN_4.0.1

Emsisoft Anti-Malware

EndNote X2

EndNote X3

FileZilla Client 3.1.5

G*Power 3.1.0

GIMP 2.6.8

Google Chrome

Google Earth Plug-in

Google Update Helper

High Definition Audio Driver Package - KB835221

Hotfix for Microsoft .NET Framework 3.0 (KB932471)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Document Explorer 2008 (KB953196)

Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)

Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB945436)

Hotfix for Windows XP (KB949764)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB953955)

Hotfix for Windows XP (KB954434)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB958244)

Hotfix for Windows XP (KB958347)

Hotfix for Windows XP (KB959252)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

IHMC CmapTools v5.04.01

Intel® PRO Network Connections Drivers

iTunes

J2SE Runtime Environment 5.0 Update 12

Java 2 Runtime Environment, SE v1.4.2_04

Java Auto Updater

Java 6 Update 20

Linksys Wireless-G PCI Adapter

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Compact Framework 2.0 SP2

Microsoft .NET Compact Framework 3.5

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Device Emulator version 3.0 - ENU

Microsoft Document Explorer 2008

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)

Microsoft Office Visio Viewer 2007

Microsoft Office Visual Web Developer 2007

Microsoft Office Visual Web Developer MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Compact 3.5 Design Tools ENU

Microsoft SQL Server Compact 3.5 ENU

Microsoft SQL Server Compact 3.5 for Devices ENU

Microsoft SQL Server Database Publishing Wizard 1.2

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Visual Studio 2008 Professional Edition - ENU

Microsoft Visual Studio Web Authoring Component

Microsoft Windows SDK .NET Framework Tools (40715)

Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense

Microsoft Windows SDK for Visual Studio 2008 Tools

Microsoft Windows SDK for Visual Studio 2008 Win32 Tools

Microsoft Windows SDK for Windows 7 (7.0)

Microsoft Windows SDK for Windows 7 .NET Documentation (40715)

Microsoft Windows SDK for Windows 7 Common Utilities (40715)

Microsoft Windows SDK for Windows 7 Headers and Libraries (40715)

Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier and Windows Debugging Tools (40715)

Microsoft Windows SDK for Windows 7 Samples (40715)

Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (40715)

Microsoft Windows SDK for Windows 7 Win32 Documentation (40715)

Microsoft Windows SDK Intellisense and Reference Assemblies (40715)

Microsoft Windows SDK Net Fx Interop Headers And Libraries (40715)

Microsoft WSE 3.0 Runtime

MiKTeX 2.9

Minefield (4.0b2pre)

Motion Lab Systems C3Dserver

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.3 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

MySQL Server 5.1

Nikon File Uploader 2

Nikon Message Center 2

O3D Extras

O3D Plugin

Octoshape add-in for Adobe Flash Player

OGA Notifier 2.0.0048.0

Opera 10.53

Opera 9.52

PHP 5.2.13

Picture Control Utility

PowerDVD

PuTTY version 0.60

QuickTime

R for Windows 2.14.1

R for Windows 2.15.1

RealPlayer Enterprise

ResearchSoft Direct Export Helper

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Drag-to-Disc

Roxio Express Labeler

Roxio Update Manager

SAS 9.2

SAS Deployment Tester - Client 1.3

SAS Help Viewer for the Web

SAS Versioned Jar Repository 9.2

SAS/SECURE Java 9.2

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office Groove 2007 (KB2494047)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2464594)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371-v2)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SES Driver

SETS

Skins

Sonic Activation Module

Spelling Dictionaries Support For Adobe Reader 9

Spotify

Streamripper (Remove only)

Symantec Endpoint Protection

Unity Web Player

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Excel 2007 Help (KB957242)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB957245)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Microsoft Office Outlook 2007 Help (KB957246)

Update for Microsoft Office PowerPoint 2007 Help (KB957247)

Update for Microsoft Office Publisher 2007 Help (KB957249)

Update for Microsoft Office Word 2007 Help (KB957252)

Update for Microsoft Script Editor Help (KB957253)

Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)

Update for Outlook 2007 Junk Email Filter (KB2522999)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB943729)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

ViewNX 2

Visual Studio 2005 Tools for Office Second Edition Runtime

Visual Studio Tools for the Office system 3.0 Runtime

VLC media player 1.1.11

VTK 5.6

WD SmartWare

WebFldrs XP

Winamp

Winamp Detector Plug-in

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Format 11 SDK

Windows Media Player 11

Windows Mobile 5.0 SDK R2 for Pocket PC

Windows Mobile 5.0 SDK R2 for Smartphone

Windows Presentation Foundation

Windows SDK Intellidocs

Windows XP Service Pack 3

Winmail Reader 1.2.15

WinSCP 4.2.6

XML Paper Specification Shared Components Pack 1.0

Yahoo! Software Update

Yahoo! Toolbar

.

==== End Of File ===========================

[cagered]

Also, since getting infected yesterday, later in the evening I uninstalled "Adobe Flash" from my system. Not sure that is informative to you. But I was getting Adobe Flash pop-ups since monday, and initially thought that was the problem.

[Maurice Naggar]

Very first thing, IF you -did- run Combofix and if it has completed....then I need Copy >>Paste of contents of C:\Combofix.txt for my review.

Then do as much as possible of the following:

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Click on Scan.
  
• Click on Report and copy/paste the content of the notepad into your next reply.

Step 6

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

Edited March 7, 2013 by Maurice Naggar

[cagered]

ComboFix did not complete its check.... its went up to Stage_50 and then just hung... for hours. Thats when I decided to post my problem.

I followed the instructions you sent me. But the problem is that (1) I am unable to connect to the internet. and (2) am unable to copy/paste any file to any of the folders including the desktop.

So I downloaded the files to a different computer, and ran the files on the infected PC from a flashdrive (E:). I hope that does not cause an issue. Here are the 4 log files in the order you described. Thanks!

Log.txt

Logfile of random's system information tool 1.09 (written by random/random)

Run by Administrator at 2013-03-07 11:35:33

WIN_XP Service Pack 3

System drive C: has 120 GB (50%) free of 238 GB

Total RAM: 3326 MB (76% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1529674333-2652868740-3441413990-500Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1529674333-2652868740-3441413990-500UA.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{09A95472-BE32-4B16-A79F-0E74CE5E736E}.job

C:\WINDOWS\tasks\WGASetup.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qlrbh5sp.default

prefs.js - "browser.startup.homepage" - "http://www.buffalo.edu"

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

IICAClient.xpt

npCouponPrinter.xpt

C:\Program Files\Mozilla Firefox\plugins\

cgpcfg.dll

CgpCore.dll

confmgr.dll

ctxlogging.dll

ctxmui.dll

ICAClObj.class

icafile.dll

icalogon.dll

Microsoft.VC80.CRT.manifest

msvcm80.dll

msvcp80.dll

msvcr80.dll

npCouponPrinter.dll

npdeployJava1.dll

npicaN.dll

npMozCouponPrinter.dll

NPOFF12.DLL

nppdf32.dll

nppl3260.dll

nppl3260.xpt

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

npwachk.dll

QuickTimePlugin.class

sslsdk_b.dll

TcpPServ.dll

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\qlrbh5sp.default\extensions\

{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-05-27 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"X3BPush"=C:\WINDOWS\DELLXIMG\BPUSH.EXE []

"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-03-05 1044480]

"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]

"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]

"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]

"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

"RoxioDragToDisc"=C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-08-17 1116920]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-18 151552]

"IDTSysTrayApp"= []

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]

"Nikon Message Center 2"=C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [2010-05-25 619008]

"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2010-08-24 115560]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-11-29 151952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c []

"Spotify Web Helper"=C:\Documents and Settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe [2012-07-26 932528]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uWCRRCjJmKaKb.exe]

C:\Documents and Settings\All Users\Application Data\uWCRRCjJmKaKb.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

VPN Client.lnk - C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico

WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

Dropbox.lnk - C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2008-12-10 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"LegalNoticeCaption"=࿸S

"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"

"C:\Program Files\Real\RealPlayer Enterprise\realplay.exe"="C:\Program Files\Real\RealPlayer Enterprise\realplay.exe:*:Enabled:RealPlayer Enterprise"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\Program Files\Common Files\Thraex Software\AutoUpdator\AutoUpdator.exe"="C:\Program Files\Common Files\Thraex Software\AutoUpdator\AutoUpdator.exe:*:Enabled:AutoUpdater Application"

"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe"="C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:Disabled:Apache HTTP Server"

"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"

"C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"

"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"

"C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe"="C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe:*:Enabled:Spotify"

"C:\Program Files\Symantec AntiVirus\Smc.exe"="C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service"

"C:\Program Files\Symantec AntiVirus\SNAC.EXE"="C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service"

"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"

"C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-03-07 11:33:45 ----D---- C:\rsit

2013-03-07 11:33:45 ----D---- C:\Program Files\trend micro

2013-03-07 11:29:17 ----D---- C:\Program Files\ERUNT

2013-03-07 08:31:25 ----SHD---- C:\RECYCLER

2013-03-06 18:56:10 ----A---- C:\WINDOWS\NIRCMD.exe

2013-03-06 18:56:10 ----A---- C:\WINDOWS\MBR.exe

2013-03-06 18:56:09 ----A---- C:\WINDOWS\zip.exe

2013-03-06 18:56:09 ----A---- C:\WINDOWS\SWXCACLS.exe

2013-03-06 18:56:09 ----A---- C:\WINDOWS\SWSC.exe

2013-03-06 18:56:09 ----A---- C:\WINDOWS\SWREG.exe

2013-03-06 18:56:09 ----A---- C:\WINDOWS\sed.exe

2013-03-06 18:56:09 ----A---- C:\WINDOWS\PEV.exe

2013-03-06 18:56:09 ----A---- C:\WINDOWS\grep.exe

2013-03-06 18:55:45 ----SD---- C:\ComboFix

2013-03-06 18:55:18 ----D---- C:\Qoobox

2013-03-06 18:53:56 ----D---- C:\WINDOWS\erdnt

2013-03-06 18:30:37 ----D---- C:\Documents and Settings\All Users\Application Data\Norton

2013-03-06 17:24:55 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2013-03-06 17:24:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2013-03-06 17:24:49 ----A---- C:\WINDOWS\system32\drivers\mbam.sys

2013-03-06 16:35:01 ----D---- C:\Documents and Settings\Administrator\Application Data\EurekaLog

2013-03-06 14:42:18 ----D---- C:\Program Files\Emsisoft Anti-Malware

2013-02-27 14:21:03 ----D---- C:\Program Files\Mozilla Firefox

2013-02-20 11:35:24 ----D---- C:\Program Files\Mozilla Thunderbird

======List of files/folders modified in the last 1 month======

2013-03-07 11:33:45 ----RD---- C:\Program Files

2013-03-07 11:01:19 ----D---- C:\WINDOWS\Temp

2013-03-07 10:48:29 ----D---- C:\Documents and Settings\Administrator\Application Data\Dropbox

2013-03-07 08:31:27 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe

2013-03-07 08:11:22 ----D---- C:\WINDOWS\system32\Adobe

2013-03-07 08:09:30 ----SD---- C:\WINDOWS\Tasks

2013-03-07 08:09:30 ----D---- C:\WINDOWS\system32

2013-03-07 07:58:00 ----D---- C:\WINDOWS\system32\drivers

2013-03-07 07:58:00 ----D---- C:\WINDOWS\AppPatch

2013-03-07 07:58:00 ----D---- C:\WINDOWS

2013-03-07 07:57:58 ----RD---- C:\Program Files\Common Files

2013-03-06 18:33:04 ----A---- C:\WINDOWS\ntbtlog.txt

2013-03-06 17:29:20 ----RASH---- C:\boot.ini

2013-03-06 17:29:20 ----A---- C:\WINDOWS\win.ini

2013-03-06 17:29:20 ----A---- C:\WINDOWS\system.ini

2013-03-06 11:44:40 ----A---- C:\WINDOWS\SchedLgU.Txt

2013-03-06 11:35:51 ----D---- C:\WINDOWS\Prefetch

2013-03-06 11:34:38 ----D---- C:\WINDOWS\system32\CatRoot2

2013-03-05 10:48:06 ----D---- C:\Documents and Settings\Administrator\Application Data\FileZilla

2013-03-04 08:52:26 ----D---- C:\Program Files\Symantec AntiVirus

2013-03-04 08:40:15 ----D---- C:\Program Files\Mozilla Maintenance Service

2013-03-01 10:12:29 ----D---- C:\Documents and Settings\Administrator\Application Data\gtk-2.0

2013-02-28 12:19:11 ----SD---- C:\WINDOWS\Downloaded Program Files

2013-02-22 15:54:40 ----D---- C:\WINDOWS\system32\config

2013-02-21 09:46:02 ----SHD---- C:\WINDOWS\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2006-07-21 99176]

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2008-12-11 328728]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]

R0 SFAUDIO;Sonic Focus DSP Driver; C:\WINDOWS\system32\drivers\sfaudio.sys [2009-03-05 24064]

R1 A2DDA;A2 Direct Disk Access Support Driver; \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys []

R1 a2injectiondriver;a2injectiondriver; \??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys []

R1 a2util;a-squared Malware-IDS utility driver; \??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys []

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]

R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]

R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2010-08-24 283184]

R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2010-08-24 43696]

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2010-08-24 188080]

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-09-14 20747]

R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []

R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]

R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]

R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]

R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]

R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]

R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]

R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]

R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]

R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]

R3 a2acc;a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys []

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2009-03-05 338944]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-10 3453440]

R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2012-08-21 26840]

R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-07-23 40832]

R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]

R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130303.009\NAVENG.SYS []

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20130303.009\NAVEX15.SYS []

R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096]

R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []

R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2010-08-24 67472]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2001-08-17 96640]

S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []

S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []

S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]

S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K; C:\WINDOWS\system32\DRIVERS\e1k5132.sys [2008-06-05 144480]

S3 ICDSX;Sony IC Recorder (SX); C:\WINDOWS\System32\Drivers\ICDSX.sys [2003-10-01 31744]

S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys []

S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []

S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2010-08-24 320944]

S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2010-08-24 26416]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-09-28 44544]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2009-10-09 20152]

S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []

S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2011-02-16 11520]

S3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2010-08-24 99696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [2013-01-30 3089320]

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]

R2 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2010-03-04 24645]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-10 598016]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-08-29 1528608]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]

R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld --defaults-file=C:\Program Files\MySQL\MySQL Server 5.1\my.ini MySQL []

R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]

R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-10-09 493248]

R2 WDFME;WD File Management Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1060864]

R2 WDSC;WD File Management Shadow Engine; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 484352]

S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-10 593920]

S2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2010-08-24 108392]

S2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2010-08-24 108392]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-03 136176]

S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]

S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe -k HPZ12 []

S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe -k HPZ12 []

S2 SmcService;Symantec Management Client; C:\Program Files\Symantec AntiVirus\Smc.exe [2010-08-24 1885488]

S2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]

S2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2010-08-24 1832072]

S2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 238592]

S2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2004-02-06 41025]

S2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-03 136176]

S3 ICDSPTSV;Sony SPTI Service for DVE; C:\WINDOWS\system32\IcdSptSv.exe [2009-10-14 99688]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-11-29 552848]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2010-02-17 3093880]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-02-27 115608]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup []

S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]

S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-11-07 3004416]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 SNAC;Symantec Network Access Control; C:\Program Files\Symantec AntiVirus\SNAC.EXE [2010-08-24 357704]

-----------------EOF-----------------

Info.txt

info.txt logfile of random's system information tool 1.09 2013-03-07 11:34:17

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0F1A1072-A031-4594-945D-ECF347ED85A3}\setup.exe" -l0x9 -uninst

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5545F877-D35D-446A-AF17-BD2A658372EE}\setup.exe" -l0x9 -uninst -removeonly

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79FDDC7B-B906-4F9F-93C4-31D3131AACAB}\setup.exe" -l0x9 -uninst

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

32 Bit HP CIO Components Installer-->MsiExec.exe /I{6553F4A8-B67F-49BA-A882-FF499C83CF4B}

Adobe Digital Editions-->"C:\Program Files\Adobe\Adobe Digital Editions\uninstall.exe"

Apache HTTP Server 2.2.15-->MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}

Apple Mobile Device Support-->MsiExec.exe /I{459699C3-9430-4381-964B-4248D87B49F9}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Autodesk Design Review 2009-->C:\Program Files\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {450063AA-643B-417C-8CF5-405BA3F4EF40} /M ADR

Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

CamStudio-->C:\Program Files\CamStudio\uninstall.exe

Cisco AnyConnect VPN Client-->MsiExec.exe /X{2A6355EB-273D-4368-9DB6-FB99EBA9FABD}

Cisco Systems VPN Client 5.0.04.0300-->MsiExec.exe /X{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}

Cisco WebEx Meetings-->C:\WINDOWS\DOWNLO~1\atcliun.exe

Citrix XenApp Plugin for Hosted Apps-->MsiExec.exe /I{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}

CMake 2.8 a cross-platform, open-source build system-->C:\Program Files\CMake 2.8\Uninstall.exe

ConTEXT v0.98.6-->"C:\Program Files\ConTEXT\unins000.exe"

Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"

Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"

Debugging Tools for Windows (x86)-->MsiExec.exe /I{300A2961-B2B5-4889-9CB9-5C2A570D08AD}

Digital Voice Editor 3-->C:\Program Files\InstallShield Installation Information\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}\setup.exe -runfromtemp -l0x0009 UNINSTALL /z -removeonly

doPDF 7.2 printer-->"C:\Program Files\Softland\doPDF 7\unins000.exe"

ELAN_4.0.1-->"C:\Program Files\ELAN_4.0.1\Uninstall_ELAN_4.0.1\Uninstall ELAN_4.0.1.exe"

EndNote X2-->MsiExec.exe /I{002B1E90-3241-4D45-8831-E89020F8E7E6}

EndNote X3-->MsiExec.exe /I{86B3F2D6-AC2B-4E88-8AE1-F2F77F781B0C}

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

FileZilla Client 3.1.5-->C:\Program Files\FileZilla FTP Client\uninstall.exe

G*Power 3.1.0-->MsiExec.exe /I{46A2BEFB-F20E-4A4C-A369-69F7FB7F4E83}

GIMP 2.6.8-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"

Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}

High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe

Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}

Hotfix for Microsoft Document Explorer 2008 (KB953196)-->C:\WINDOWS\system32\msiexec.exe /package {6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D} /uninstall {BD20B181-E31F-4326-A601-C402C17BB314} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

IHMC CmapTools v5.04.01-->"C:\Program Files\IHMC CmapTools\UninstallerData\Uninstall CmapTools.exe"

Intel® PRO Network Connections Drivers-->Prounstl.exe

iTunes-->MsiExec.exe /I{1B6C0E95-182C-48E0-9C4B-4F916308249C}

J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}

Java 2 Runtime Environment, SE v1.4.2_04-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}

Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}

Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9

LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Malwarebytes Anti-Malware version 1.70.0.1100-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"

Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Document Explorer 2008-->c:\Program Files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe

Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}

Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0021-0409-0000-0000000FF1CE} /uninstall {E1044ED2-E4AD-4B39-B500-31109750F6B4}

Microsoft Office Visual Web Developer 2007-->MsiExec.exe /X{90120000-0021-0000-0000-0000000FF1CE}

Microsoft Office Visual Web Developer MUI (English) 2007-->MsiExec.exe /X{90120000-0021-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}

Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}

Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove

Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}

Microsoft SQL Server Compact 3.5 for Devices ENU-->MsiExec.exe /I{241F2BF7-69EB-42A4-9156-96B2426C7504}

Microsoft SQL Server Native Client-->MsiExec.exe /I{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}

Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}

Microsoft Visual C++ Compilers 2008 Standard Edition - enu - x86-->MsiExec.exe /X{44D9A2CB-0692-3180-B5E2-26F4E807D067}

Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}

Microsoft Visual Studio 2008 Professional Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Studio 2008 Professional Edition - ENU\setup.exe

Microsoft Visual Studio Web Authoring Component-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISUALWEBDEVELOPER /dll OSETUP.DLL

Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools-->MsiExec.exe /X{05EC21B8-4593-3037-A781-A6B5AFFCB19D}

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}

Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense-->MsiExec.exe /X{64c5b887-b5ee-42b8-8596-78905a6b5f1f}

Microsoft Windows SDK for Windows 7 (7.0)-->"C:\Program Files\Microsoft SDKs\Windows\v7.0\Setup\SDKSetup.exe" -x "-source:http://download.microsoft.com/download/7/A/B/7ABD2203-C472-4036-8BA0-E505528CCCB7/setup;C:\Program Files\Microsoft SDKs\Windows\v7.0\;C:\Program Files\Microsoft SDKs\Windows\v7.0\Setup\1033\;C:\Documents and Settings\Administrator\Local Settings\Temp\SDKSetup\WinSDK\WinSDK\"

MiKTeX 2.9-->"C:\Program Files\MiKTeX 2.9\miktex/bin/internal\copystart_admin.exe" "C:\Program Files\MiKTeX 2.9\miktex/bin/internal\uninstall_admin.exe"

Minefield (4.0b2pre)-->C:\Program Files\Minefield\uninstall\helper.exe

Motion Lab Systems C3Dserver-->"C:\Program Files\Motion Lab Systems\remove_C3Dserver.exe"

Mozilla Firefox 19.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

Mozilla Thunderbird 17.0.3 (x86 en-US)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Opera 10.53-->MsiExec.exe /X{1F85CAAA-B786-4E5B-AADD-638856992EF3}

Opera 9.52-->MsiExec.exe /X{5AF6B716-D298-450A-ADC7-6A016EE7F935}

PHP 5.2.13-->MsiExec.exe /I{4C3E9904-F9DC-4233-A4EA-251E24E039FC}

Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}

PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall

PuTTY version 0.60-->"C:\Program Files\PuTTY\unins000.exe"

QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}

R for Windows 2.14.1-->"C:\Program Files\R\R-2.14.1\unins000.exe"

R for Windows 2.15.1-->"C:\Program Files\R\R-2.15.1\unins000.exe"

RealPlayer Enterprise-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealOneEnt|6.0

ResearchSoft Direct Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE

Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}

Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}

Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}

Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}

Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

SAS Deployment Tester - Client 1.3-->C:\Program Files\SAS\SASDeploymentTesterClient\1.3\_uninstDPROC\UninstDPROC.exe

SAS Help Viewer for the Web-->C:\Program Files\SAS\Documentation\9.2\_uninstWEBDOC\UninstWEBDOC.exe

SAS Versioned Jar Repository 9.2-->"C:\Program Files\Java\jre1.5.0_12\bin\javaw.exe" -jar "C:\Program Files\SAS\uninst\sas.tools.vjrremove.jar" VjrRemove

SAS/SECURE Java 9.2-->C:\Program Files\SAS\SASSecureJava\9.2\_uninstSSJ\UninstSSJ.exe

Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}

Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}

Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}

Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}

Security Update for 2007 Microsoft Office System (KB2466156)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CEF209AB-F96D-404F-B5CC-44057C057CA3}

Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}

Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}

Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}

Security Update for Microsoft Office Excel 2007 (KB2464583)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {151E2FEA-C3A6-4CB6-BE6B-16651FDF04BE}

Security Update for Microsoft Office Groove 2007 (KB2494047)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B91E2AEC-7F93-4E33-ACF6-EC90640CBE4F}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office PowerPoint 2007 (KB2464594)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E6B7C11E-21E9-4BA0-9677-29AD603B953C}

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}

Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}

Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB982381)-->"C:\WINDOWS\ie7updates\KB982381-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"

SES Driver-->MsiExec.exe /X{0673654C-5296-453B-9798-B61CD7E03FEB}

SETS-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NCHS\SETS\Uninst.isu"

Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

Streamripper (Remove only)-->C:\Program Files\Winamp\Plugins\Streamripper\Uninstall.exe

Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0021-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}

Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}

Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}

Update for Microsoft Office Outlook 2007 (KB2509470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EE6BBE8B-DCC9-4A46-BF00-455F3C8ECE69}

Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}

Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}

Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}

Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}

Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}

Update for Outlook 2007 Junk Email Filter (KB2522999)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC8A81F7-5A36-4DE9-ABB3-5499132062C5}

Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"

Update for Windows Internet Explorer 7 (KB980182)-->"C:\WINDOWS\ie7updates\KB980182-IE7\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"

Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"

Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"

Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

Visual Studio 2005 Tools for Office Second Edition Runtime-->c:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe

Visual Studio Tools for the Office system 3.0 Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\9.0\Visual Studio Tools for the Office system 3.0 Runtime\install.exe

Visual Studio Tools for the Office system 3.0 Runtime-->MsiExec.exe /X{8FB53850-246A-3507-8ADE-0060093FFEA6}

VLC media player 1.1.11-->C:\Program Files\VideoLAN\VLC\uninstall.exe

VTK 5.6-->C:\Program Files\VTK 5.6\Uninstall.exe

Winamp-->"C:\Program Files\Winamp\UninstWA.exe"

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Format 11 SDK-->MsiExec.exe /X{009435FA-9011-4C36-AE7C-CCC9669E7875}

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

Windows Mobile 5.0 SDK R2 for Pocket PC-->MsiExec.exe /I{6C9F6D23-E9AD-43C9-B43A-011562AAF876}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Winmail Reader 1.2.15-->"C:\Program Files\Winmail Reader\unins000.exe"

WinSCP 4.2.6-->"C:\Program Files\WinSCP\unins000.exe"

Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\MiKTeX 2.9\miktex\bin;C:\PHP;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\MySQL\MySQL Server 5.1\bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\SAS\SharedFiles\Formats

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel

"PROCESSOR_REVISION"=170a

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

"X_MODEL"=755

"X_DETECTEDMODEL"=760

"X_MANUFACT"=Dell

"X_LOB"=Optiplex

"X_SNUM"=DC4G2F1

"X_BIOSVER"=A03

"X_ASSET"=

"X_CPUFAM"=Intel® Core2 Duo CPU E6750@ 2.66GHz

"SYSTYPE"=MINI_TOWER

"X_BOOTBUS"=IDE

"X_SPEED"=2660

"MODEL"=760

"TYPE"=Desktop

"DRVDIR"=C:\DRV

"VS90COMNTOOLS"=c:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\

"PHPRC"=C:\PHP\

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"TKPATHIA32"=C:\Program Files\SAS\SharedFiles\ICU

"asl.log"=Destination=file

-----------------EOF-----------------

checkup.txt

Results of screen317's Security Check version 0.99.60

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

SAS/SECURE Java 9.2

Java 6 Update 20

Java 2 Runtime Environment, SE v1.4.2_04

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (19.0)

Mozilla Thunderbird (17.0.3)

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C::

````````````````````End of Log``````````````````````

==========================

RogueKiller.text

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Scan -- Date : 03/07/2013 11:45:12

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[Tr.Karagany][FOLDER] plugs : C:\Documents and Settings\Administrator\Application Data\Adobe\plugs --> FOUND

[Tr.Karagany][FOLDER] shed : C:\Documents and Settings\Administrator\Application Data\Adobe\shed --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[31] : NtConnectPort @ 0x805A45D0 -> HOOKED (Unknown @ 0x8AE56DA8)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] e1602d2d795e35b9d06a861f2c493d3b

[bSP] dcda6abd8ed780a846fb9e740d03a8c3 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 180 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 369495 | Size: 238229 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: +++++

--- User ---

[MBR] b43e80c37b7fef3f3222b05a35a5843d

[bSP] 60a61f3c93995246154edbfbcfef0083 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 2320 | Size: 7606 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_03072013_02d1145.txt >>

RKreport[1]_S_03072013_02d1145.txt

[Maurice Naggar]

• Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• Right-Click RogueKiller and select Run as Administrator.
  
• Wait until Prescan finishes.
  
• On the RogueKiller console, click the Registry tab.
  Put a check next to all of these and uncheck the rest: (if found)
  [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
  [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
  
  
• Then click on Delete on the right hand column under Options.
  Click the Files/Folders tab and checkmark these
  [Tr.Karagany][FOLDER] plugs : C:\Documents and Settings\Administrator\Application Data\Adobe\plugs --> FOUND
  [Tr.Karagany][FOLDER] shed : C:\Documents and Settings\Administrator\Application Data\Adobe\shed --> FOUND
  
• Then click on Delete on the right hand column under Options.
  
• When done, logoff & Restart the system.
• The log will be found as RKreport
  Copy & Paste the contents into next reply.

Step 2

See Grinler's article here

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

See the section titled Automated Removal Instructions

Follow his instructions to get into Safe Mode with Networking

and do the rest of the steps listed after that (including the tool from from Emsisoft, thru Step # 10

Then restart the system into normal mode and report back here with the results.

[cagered]

Hi Maurice,

When I double-click or try to run norton to de-activate it, nothing happens. So Im not sure how to make certain that its disabled.

I followed step 1 above and deleted the files / entries you mentioned in Roguekiller. See log file below.

I restarted in safemode with networking, and have begun a scan using Emsisoft (--- will update when the scan is complete). However, I am unable to update Emsisoft online as I still am unable to connect to the internet (see observations below).

Also a few other observations:

- my network connections folder is empty, and I am unable to connect to the internet to download or update any AV software e.g., emsisoft. In the past I used to connect using a wireless connection (not LAN).

- the "paste" option on the right-click menu is de-activated, neither am I able to drag-drop any files anywhere between folders

- My start menu bar (bottom of the desktop) is missing!!

heres the log from RogueKiller

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Administrator [Admin rights]

Mode : Remove -- Date : 03/07/2013 12:32:50

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[31] : NtConnectPort @ 0x805A45D0 -> HOOKED (Unknown @ 0x8AE56DA8)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] e1602d2d795e35b9d06a861f2c493d3b

[bSP] dcda6abd8ed780a846fb9e740d03a8c3 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 180 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 369495 | Size: 238229 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4]_D_03072013_02d1232.txt >>

RKreport[1]_S_03072013_02d1145.txt ; RKreport[2]_S_03072013_02d1227.txt ; RKreport[3]_D_03072013_02d1231.txt ; RKreport[4]_D_03072013_02d1232.txt

[cagered]

Hi Maurice,

Heres the report from Emsisoft Deep Scan. I quarantined the files detected. Please advise.

-------------------------------------------------------

Emsisoft Anti-Malware - Version 7.0

Last update: N/A

Scan settings:

Scan type: Deep Scan

Objects: Rootkits, Memory, Traces, C:\

Detect Riskware: Off

Scan archives: On

ADS Scan: On

File extension filter: Off

Advanced caching: On

Direct disk access: Off

Scan start: 3/7/2013 12:54:34 PM

C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk detected: Trace.File.SmartHDD (A)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0D000001.VBN -> (Quarantine-9) detected: Trojan.Generic.7271584 (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0D000006.VBN -> (Quarantine-9) detected: Trojan.Generic.6791511 (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0000.VBN -> (Quarantine-9) -> h6l4.class detected: Java.Trojan.Downloader.OpenConnection.AJ (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0000.VBN -> (Quarantine-9) -> Tuggoaerffb.class detected: Java.Trojan.Downloader.OpenConnection.AJ (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0002.VBN -> (Quarantine-9) -> bpac/a$1.class detected: Java.Trojan.Downloader.OpenConnection.AI (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0002.VBN -> (Quarantine-9) -> bpac/a.class detected: Java.Trojan.Downloader.OpenConnection.AI (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0002.VBN -> (Quarantine-9) -> bpac/b.class detected: Java.Trojan.Downloader.OpenConnection.AI (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0002.VBN -> (Quarantine-9) -> bpac/KAVS.class detected: Java.Trojan.Downloader.OpenConnection.AI (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0003.VBN -> (Quarantine-9) -> cpak/Crimepack$1.class detected: Java.Trojan.Downloader.OpenConnection.AH (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0003.VBN -> (Quarantine-9) -> cpak/Crimepack.class detected: Java.Trojan.Downloader.OpenConnection.AH (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0003.VBN -> (Quarantine-9) -> cpak/KAVS.class detected: Java.Trojan.Downloader.OpenConnection.AH (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0006.VBN -> (Quarantine-9) -> Exploit$1$1.class detected: Java.Exploit.CVE-2010-0094.A (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0006.VBN -> (Quarantine-9) -> Exploit$1.class detected: Java.Exploit.CVE-2010-0094.A (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0006.VBN -> (Quarantine-9) -> Exploit$2.class detected: Java.Exploit.CVE-2010-0094.A (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0006.VBN -> (Quarantine-9) -> Exploit.class detected: Java.Exploit.CVE-2010-0094.A (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0006.VBN -> (Quarantine-9) -> PayloadCreater.class detected: Java.Exploit.CVE-2010-0094.A (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0006.VBN -> (Quarantine-9) -> PayloadClassLoader.class detected: Java.Exploit.CVE-2010-0094.A (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0006.VBN -> (Quarantine-9) -> Payloader.class detected: Java.Exploit.CVE-2010-0094.A (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0006.VBN -> (Quarantine-9) -> payload.ser detected: Java.Exploit.CVE-2010-0094.A (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C000A.VBN -> (Quarantine-9) -> zzz/ttt/a13d8.class detected: Java.Trojan.Exploit.Bytverify.I (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C000A.VBN -> (Quarantine-9) -> zzz/ttt/a1500b0.class detected: Java.Trojan.Exploit.Bytverify.P (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C000A.VBN -> (Quarantine-9) -> zzz/ttt/ad3740b4.class detected: Java.Trojan.Exploit.Bytverify.P (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\113C0000.VBN -> (Quarantine-9) detected: Trojan.Generic.KDV.559585 (B)

C:\TDSSKiller_Quarantine\02.04.2012_12.57.36\mbr0000\tdlfs0000\tsk0018.dta detected: Rootkit.TDSS.BQ (B)

C:\TDSSKiller_Quarantine\02.04.2012_12.57.36\mbr0000\tdlfs0000\tsk0019.dta detected: Rootkit.TDSS.BQ (B)

Scanned 602482

Found 26

Scan end: 3/7/2013 3:19:40 PM

Scan time: 2:25:06

C:\TDSSKiller_Quarantine\02.04.2012_12.57.36\mbr0000\tdlfs0000\tsk0018.dta Quarantined Rootkit.TDSS.BQ (B)

C:\TDSSKiller_Quarantine\02.04.2012_12.57.36\mbr0000\tdlfs0000\tsk0019.dta Quarantined Rootkit.TDSS.BQ (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\113C0000.VBN -> (Quarantine-9) Quarantined Trojan.Generic.KDV.559585 (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C000A.VBN -> (Quarantine-9) -> zzz/ttt/a1500b0.class Quarantined Java.Trojan.Exploit.Bytverify.P (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0006.VBN -> (Quarantine-9) -> Exploit$1$1.class Quarantined Java.Exploit.CVE-2010-0094.A (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0003.VBN -> (Quarantine-9) -> cpak/Crimepack$1.class Quarantined Java.Trojan.Downloader.OpenConnection.AH (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0002.VBN -> (Quarantine-9) -> bpac/a$1.class Quarantined Java.Trojan.Downloader.OpenConnection.AI (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\111C0000.VBN -> (Quarantine-9) -> h6l4.class Quarantined Java.Trojan.Downloader.OpenConnection.AJ (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0D000006.VBN -> (Quarantine-9) Quarantined Trojan.Generic.6791511 (B)

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\0D000001.VBN -> (Quarantine-9) Quarantined Trojan.Generic.7271584 (B)

C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk Quarantined Trace.File.SmartHDD (A)

Quarantined 11

[Maurice Naggar]

It appears you had had a TDSS infection a year ago.

The logs show this system had had a few trojans quarantined already by Symantec Endpoint security.

You knew that, right ?

Some of those are related to the ransomware.

To be safe, you have to assume your identity & or some financial info "may" be compromised.

You are strongly advised to do the following immediately.

1. Call your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

Consumers – Identity Theft http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/index.html

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

• Turn OFF your antivirus program.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  
• If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.
  
• Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.
  
• You will see a screen similar to this:
  
  Click the checkbox to participate, and then click on Continue button.
  
• Next
  
  Click on Select onjects for scanning
  
• Next
  
  Put a checkmark by clicking on the boxes as shown.
  Do not select Temporary files or System Restore points.
  Then click on Start scanning button
  
• The scan in progress will be shown like this
  
  
• IF something is detected, you will see a screen similar to this
  
  For each item "detected", click on the Action column down arrow, like this
  
  Your options will be Cure or Ignore
  IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
  Typically, you will keep the Cute default.
  Then click on the Neutralize button.
  
• When the actions are completed, you will see this
  
  
• Click on the green Open Report line. It will pop-up the report in NOTEPAD.
  Save the report to your desktop. The report will be called Cureit.log
  
• Close Dr.Web Cureit.
  
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  
• After reboot, attach the log Cureit.log you saved previously in your next reply.
  

Re-Enable your antivirus program when all done.

[cagered]

Ok, I feel somewhat stupid. I ran a whole scan with Dr.Web CureIt and then closed the program without saving the report. So now I am running the scan again.

However...... there was only 1 infected file which I neutralized ... called "DDS.com" in a back-up folder that I created last year in "My Documents". Apparently I may have downloaded this program last year and had a copy of it on my PC.

So I doubt this found the problem.. Any thoughts?

either way I have the Dr.Web CureIt scan running again.Sorry!

[cagered]

Heres the cureit log on my second attempt scanning

Could the incomplete "Combofix" scan be the cause of the disabled services (e.g., internet, file copy/paste, etc.)

cureit__part2.txt

[cagered]

Hi Maurice,

Heres a quick update. CureIt was the last software I ran -- posted above. As of now, the problem is that all my device services are down and the PC is inordinately slow.

- The taskbar and start menus have this old grey "classic" windows look (unlike the blue Xp look). also, I do have/see icons on my desktop.

- All device interface icons are missing (e.g., printers, internet connections) from the start menu and the bottom-right of the taskbar

- The 'paste' option in the right-click menu is disabled, so no copy-paste or drag-drop capability which is preventing me from doing any file backups.

- Malwarebytes still does not run, and gives me an error 372 about "vbgal6.ocx"

- My linksys wireless adapter software shows that the adapter is running -- but I cant check or change any internet settings in "network Connections" since the icons are missing.

Thanks,

[Maurice Naggar]

The DrWeb Cure-It log shows nothing detected. as to the "dds.com", that appears to be a false positive.

We'll continue to hunt for malware. If there are other issues left that are not related to malware, I'll likely point you elsewhere for help.

You -do- need to tell me if you have a backup of the system from before "this problem" first started ?

Step 1

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 2

Please download Windows Repair (all in one) from here.

• Install the program.
  
• Please proceed to run it. On Vista, Windows 7 or 8, Right-click the executable and select Run as Administrator.
  
• Go to Step 2 and allow it to run CheckDisk by clicking on the Do It button:
  
  
• Once that is done please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:
  
  
• Go to Step 4 and under System Restore click on the Create button:
  
  
• Next, go to the Start Repairs tab and click the Start button.
  
  
• Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
  
  
• Click on the box next to the Restart System when Finished. Then click on Start.

[cagered]

I do not have a recent back-up of files (all within My documents) and hence would like to retain these files.

Will follow the instructions now as you directed.

[cagered]

I was able to run RKill (see below for log). I could install but was unable to run Windows_Repair. I get an error about "lvButton_H" file missing. WIll try downloading from a different link and try running again.

the log post is too long and am unable to post the contents. So am sending as an attachment.

[cagered]

Im unable to run Windows_Repair. Same error that I mentioned above. Any suggestions??

[Maurice Naggar]

Try to restart the system into Safe mode or in Safe mode With Networking

then do as noted.

Do tell me if you have your Windows XP operating system CD.

[cagered]

Hi Maurice,

Same problem in safe mode as well. I ran RKill in safe mode (see log below) but Windows_Repair gave the same problem after reinstalling and running ( could not find "lvButtons_h" control). Pls advise.

Rkill_safemode.txt

[cagered]

And no, I dont have a Xp CD -- it came pre-loaded.

[Maurice Naggar]

Preferably in normal mode of Windows XP ..... exit out of any apps you started. Have infinite patience & do this Online scan.....

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:

{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}

• Press the ESET Online scanner" button
• Check the I accept the terms box. Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Checkmark the Remove found threats option.
  
• Un-check Scan Archives option.
  
• Click on Advanced Settings and checkmark the following
  Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology
  click Scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.

  Look at contents of this file using Notepad or Wordpad.

  The Frequently Asked Questions for ESET Online Scanner can be viewed here

  http://www.eset.com/onlinescan/cac4.php?page=faq

  [*]Use of Internet Explorer for the online scan is preferred. If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log.

[cagered]

But I am unable to connect to the internet. My linksys wireless adapter software indicates that the adapter is running, but no internet connection.

Also, internet explorer does not start up. firefox does start but indicates that no connection is available.

Thanks,

[cagered]

Is there something I can do to restore my internet connection. Attached is a screenshot of Ipconfig output if that helps.

[Maurice Naggar]

We want to be in normal mode of Windows as much as possible !! do this in normal mode !!

Start NOTEPAD

Start NOTEPAD. Check and make sure "word wrap" is off.

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

Please copy/paste the lines in bold below to Notepad:

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset resetlog.log

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

Double-click flush.bat file to run it. Your computer will reboot.

If no internet connection -still- you will have to direct connect this pc to the router or modem via a cable connection !

NEXT

Using Internet Explorer browser (only!) go to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

Using Internet Explorer browser, run the Microsoft Fix-It on the following MS page

http://support.microsoft.com/mats/ie_performance_and_safety

If your Internet Explorer is still having issues, then see the reply by Yog Li marked as answer at the following MS Technet page

http://social.technet.microsoft.com/Forums/en-US/itprovistaie/thread/d7603c5d-b8f6-46d0-ab0a-14fb6177813c/