rplusr

I ran sfc /scannow and tried to use the Reinstallation CD but it said: (2 times) The CD you provided is the wrong CD. Please insert the Windows XP Professional Service Pack 3 CD into your CD-ROM drive. (10 times) The CD you provided is the wrong CD. Please insert the Windows XP Professional CD 2 into your CD-ROM drive.If I need to find a set of CDs, do they have to be ones that are at the Service Pack 3 level or will any Windows XP Professional CD set do? I guess this also provides a lesson to be learned: If given a choice of downloading or getting "hard media" for a major service pack upgrade, choose the hard media, even if you have to pay extra to get it.

No, but I did find a CD that says: Dell Reinstallation CD Microsoft Windows XP Professional Will that work? As an alternate, if we can identify what files are bad, can they copied from another PC that has Windows XP Professional installed?

The good news: I updated and ran Malwarebytes Anti-Malware and no objects were found so there was nothing to check or remove. The bad news: I am still getting the Windows File Protection boxes that say: Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Professional CD 2 (or 3) now.

Okay. This time ComboFix ran without problem in Safe Mode. Log follows: ComboFix 12-12-29.02 - Linda 12/29/2012 8:35.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.637 [GMT -5:00] Running from: c:\documents and settings\Linda\desktop\Combo-Fix.exe Command switches used :: /nombr AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Linda\My Documents\R119568.zip c:\windows\system32\logs c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\wt c:\windows\wt\data.wts c:\windows\wt\updater\wt.ini c:\windows\wt\webdriver.dll c:\windows\wt\webdriver\4.1.1\actorobject.dll c:\windows\wt\webdriver\4.1.1\dx5drv.dll c:\windows\wt\webdriver\4.1.1\dx7drv.dll c:\windows\wt\webdriver\4.1.1\objectbundle.dll c:\windows\wt\webdriver\4.1.1\sound.dll c:\windows\wt\webdriver\4.1.1\wdcaps.ded c:\windows\wt\webdriver\4.1.1\wdengine.dll c:\windows\wt\webdriver\4.1.1\webdriver.dll c:\windows\wt\webdriver\4.1.1\wthost.exe c:\windows\wt\webdriver\4.1.1\wthostctl.dll c:\windows\wt\webdriver\4.1.1\wtmulti.dll c:\windows\wt\webdriver\4.1.1\wtmulti.jar c:\windows\wt\webdriver\4.1.1\wtwmplug.ax c:\windows\wt\webdriver\4.1.1\wtwmplug.ini c:\windows\wt\webdriver\jdriver.dll c:\windows\wt\webdriver\rdriver.dll c:\windows\wt\webdriver\wildtangent.jar c:\windows\wt\wt3d.dll c:\windows\wt\wt3d.ini c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll c:\windows\wt\wtupdates\wtupdater\appinfo.dat c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts c:\windows\wt\wtvh.dll . . ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-29 ))))))))))))))))))))))))))))))) . . 2012-12-28 01:17 . 2008-04-14 10:42 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2012-12-28 01:17 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2012-12-28 01:17 . 2008-04-14 10:42 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll 2012-12-28 01:17 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe 2012-12-28 01:17 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe 2012-12-28 01:16 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe 2012-12-28 01:16 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys 2012-12-28 01:16 . 2008-04-14 03:04 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys 2012-12-28 01:16 . 2008-04-14 03:04 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys 2012-12-28 01:16 . 2008-04-14 10:42 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2012-12-28 01:16 . 2008-04-14 05:06 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys 2012-12-28 01:14 . 2001-08-17 17:13 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys 2012-12-28 01:14 . 2004-08-10 09:00 5632 ----a-w- c:\windows\system32\dllcache\w3svapi.dll 2012-12-28 01:14 . 2004-08-10 09:00 73728 ----a-w- c:\windows\system32\dllcache\w3ext.dll 2012-12-28 01:14 . 2004-08-10 09:00 4608 ----a-w- c:\windows\system32\dllcache\w3ctrs51.dll 2012-12-28 01:14 . 2004-08-10 09:00 48256 ----a-w- c:\windows\system32\dllcache\w32.dll 2012-12-28 01:14 . 2001-08-17 18:28 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys 2012-12-28 01:14 . 2001-08-17 18:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys 2012-12-28 01:14 . 2001-08-17 18:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys 2012-12-28 01:14 . 2001-08-17 17:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys 2012-12-28 01:14 . 2001-08-17 18:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys 2012-12-28 01:12 . 2001-08-18 03:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll 2012-12-28 01:11 . 2001-08-17 19:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys 2012-12-28 01:10 . 2001-08-17 19:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys 2012-12-28 01:09 . 2001-08-17 17:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys 2012-12-28 01:08 . 2001-08-17 17:12 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys 2012-12-28 01:07 . 2001-08-18 03:36 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll 2012-12-28 01:06 . 2001-08-17 19:56 182272 ----a-w- c:\windows\system32\dllcache\s3mt3d.dll 2012-12-28 01:05 . 2001-08-17 18:28 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys 2012-12-28 01:04 . 2001-08-17 19:04 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys 2012-12-28 01:03 . 2001-08-17 19:05 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys 2012-12-28 01:00 . 2001-08-17 17:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys 2012-12-28 00:59 . 2001-08-17 18:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys 2012-12-28 00:58 . 2008-04-14 05:16 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys 2012-12-28 00:57 . 2008-04-14 04:53 420992 ----a-w- c:\windows\system32\dllcache\ltmdmntt.sys 2012-12-28 00:56 . 2008-04-14 10:39 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll 2012-12-28 00:55 . 2001-08-17 19:06 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys 2012-12-28 00:54 . 2001-08-17 18:28 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys 2012-12-28 00:53 . 2001-08-17 19:02 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys 2012-12-26 16:08 . 2012-12-26 16:08 -------- d-----w- c:\program files\OverDrive Media Console 2012-12-19 13:36 . 2012-12-19 13:36 -------- d-----w- c:\program files\iPod 2012-12-19 13:36 . 2012-12-19 13:37 -------- d-----w- c:\program files\iTunes 2012-12-19 13:36 . 2012-12-19 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-13 03:09 . 2012-11-09 11:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2012-12-11 19:50 . 2012-12-11 19:50 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-12-02 18:27 . 2001-08-17 18:28 595647 ----a-w- c:\windows\system32\dllcache\es56cvmp.sys 2012-12-02 18:26 . 2001-08-17 17:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys 2012-12-02 18:25 . 2001-08-18 03:36 419357 ----a-w- c:\windows\system32\dllcache\dgconfig.dll 2012-12-02 18:24 . 2004-08-10 09:00 56320 ----a-w- c:\windows\system32\dllcache\convlog.exe 2012-12-02 18:23 . 2001-08-17 18:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys 2012-12-02 18:22 . 2004-08-10 09:00 9216 ----a-w- c:\windows\system32\dllcache\authfilt.dll 2012-12-02 18:21 . 2001-08-18 03:36 61440 ----a-w- c:\windows\system32\dllcache\acerscad.dll 2012-12-02 18:13 . 2004-08-10 09:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll 2012-12-02 18:13 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll 2012-12-02 18:13 . 2004-08-10 09:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe 2012-12-02 18:13 . 2004-08-10 09:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll 2012-12-02 18:13 . 2004-08-10 09:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll 2012-12-02 18:13 . 2004-08-10 09:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll 2012-12-02 18:13 . 2004-08-10 09:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe 2012-12-02 18:13 . 2004-08-10 09:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll 2012-12-02 15:32 . 2012-12-02 15:32 -------- d-----w- c:\program files\Microsoft 2012-12-02 15:32 . 2012-12-02 15:32 45056 ----a-r- c:\documents and settings\Linda\Application Data\Microsoft\Installer\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}\ARPPRODUCTICON.exe 2012-12-02 15:32 . 2012-12-02 15:32 102400 ----a-r- c:\documents and settings\Linda\Application Data\Microsoft\Installer\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe 2012-12-02 15:31 . 2012-10-17 09:04 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll 2012-12-02 15:31 . 2012-06-18 15:54 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll 2012-12-02 15:31 . 2012-06-18 15:54 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll 2012-12-02 15:31 . 2012-06-18 15:54 529808 ----a-w- c:\windows\system32\hpinksts5912.dll 2012-12-02 15:31 . 2012-06-18 15:54 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll 2012-12-02 15:31 . 2012-06-18 15:54 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll 2012-12-02 15:31 . 2012-06-18 15:21 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 12:23 . 2005-08-16 08:18 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 21:49 . 2012-11-25 15:14 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-11 19:50 . 2012-05-26 11:46 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-11 19:50 . 2011-05-21 11:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 01:25 . 2012-10-22 08:37 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-09 11:56 . 2011-03-27 01:08 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 11:53 . 2011-03-27 01:02 167344 ----a-w- c:\windows\system32\mfevtps.exe 2012-11-09 11:53 . 2011-03-27 01:08 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2012-11-09 11:52 . 2011-03-27 01:08 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-11-09 11:52 . 2011-03-27 01:08 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-11-09 11:51 . 2010-10-14 02:28 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 11:50 . 2011-03-27 01:08 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 11:50 . 2011-03-27 01:08 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-11-09 11:49 . 2011-03-27 01:08 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 11:49 . 2010-10-14 02:28 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-11-02 02:02 . 2005-08-16 08:18 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2012-06-13 08:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 12:17 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2005-08-16 08:18 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 00:35 . 2005-08-16 08:18 385024 ------w- c:\windows\system32\html.iec 2012-10-31 20:10 . 2012-10-31 20:10 773968 ----a-w- c:\windows\system32\msvcr100.dll 2012-10-31 20:10 . 2012-10-31 20:10 138056 ----a-w- c:\windows\system32\atl100.dll 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-02 18:04 . 2005-08-16 08:18 58368 ----a-w- c:\windows\system32\synceng.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752] "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-09-26 24216] "KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2012-02-03 108032] "ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\documents and settings\Linda\Start Menu\Programs\Startup\ EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-6-28 974848] Password Tracker Deluxe.lnk - c:\program files\Password Tracker Deluxe\PwTrkr.exe [2011-3-27 823296] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-1 24576] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:UDP"= 5353:UDP:Bonjour Port 5353 . R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [5/9/2011 9:59 PM 69656] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/26/2011 8:08 PM 91168] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 8:07 PM 167784] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/26/2011 8:08 PM 168880] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/26/2011 8:02 PM 167344] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/26/2011 8:08 PM 60480] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/26/2011 8:08 PM 362640] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/12/2012 10:09 PM 84432] S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.355.0\BBSvc.EXE [1/25/2012 3:23 PM 192792] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 8:07 PM 167784] S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 8:07 PM 167784] S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/24/2011 9:48 AM 91816] S3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [4/18/2012 10:04 PM 36224] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE [1/25/2012 3:23 PM 240408] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [11/17/2012 1:50 PM 146872] S3 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 10:17 AM 176848] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/12/2012 10:09 PM 84432] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/26/2011 8:08 PM 92192] S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944] S3 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [6/7/2011 5:35 PM 1775432] S3 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [3/7/2011 9:39 PM 341832] S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [4/18/2012 10:04 PM 134912] . --- Other Services/Drivers In Memory --- . *Deregistered* - ArcRec . Contents of the 'Scheduled Tasks' folder . 2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 19:50] . 2012-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2012-12-28 c:\windows\Tasks\At1.job - c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53] . 2012-12-29 c:\windows\Tasks\At2.job - c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53] . 2012-12-29 c:\windows\Tasks\At3.job - c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53] . 2012-12-28 c:\windows\Tasks\At4.job - c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53] . . ------- Supplementary Scan ------- . uStart Page = https://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204 IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . BHO-{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - c:\program files\UnfriendApp\IE\common.dll AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-29 08:44 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(920) c:\windows\system32\l3codeca.acm . Completion time: 2012-12-29 08:46:49 ComboFix-quarantined-files.txt 2012-12-29 13:46 . Pre-Run: 57,406,951,424 bytes free Post-Run: 57,824,940,032 bytes free . - - End Of File - - C227E21D4D6537ED5EFD4088E1D38F64

*** BLUE SCREEN OF DEATH *** I followed directions for download and running of ComboFix. Around Stage 20, I received the infamous Windows Blue Screen. Not sure if you need it, but I wrote down the error: STOP: 0x0000000CA (0x000000004, 0x8512CE70, 0x00000000, 0x00000000)I re-booted the PC (I hope that was OK?) and Windows seems to have come up normally (with the Windows box that said an error had occured). Before I proceed, I want to know if I should initiate ComboFix again? Waiting for your next instructions.

Browser Testing: I re-booted to get a fresh start and tested IE, Firefox, and Chrome. Directly entered links and bookmarked links were not a problem before and are not now. When searching from Google.com and clicking on a link, the page opened correctly and no longer seems to re-direct to the rouge sites. My other main applications like Outlook and Quicken seem to work correctly and the overall response on the PC seems to have improved somewhat.

Ran Combo-Fix as instructed above. Everything seems to have run with about 50 stages. After re-boot, I did receive a window that stated there was an error loading: c:\documents and settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll since I see that it was deleted by Combo-Fix. ComboFix 12-12-28.02 - Roman 12/28/2012 16:10:37.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3197.2336 [GMT -5:00] Running from: c:\documents and settings\Roman\Desktop\Combo-Fix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{516A7A9D-5659-4DF1-ADCA-3AB2770664F6}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\0574215C.TMP c:\documents and settings\All Users\invokesi.exe c:\documents and settings\Default User\WINDOWS c:\documents and settings\Roman\g2ax_expert_downloadhelper_win32_x86.exe c:\documents and settings\Roman\GoToAssistDownloadHelper.exe c:\documents and settings\Roman\Local Settings\Application Data\assembly\tmp c:\documents and settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe c:\documents and settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll c:\documents and settings\Roman\SendTo\notepad.exe c:\documents and settings\Roman\WINDOWS c:\documents and settings\UpdatusUser\WINDOWS C:\install.exe c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\gotomon.log c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 ))))))))))))))))))))))))))))))) . . 2012-12-27 22:30 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys 2012-12-27 22:29 . 2001-08-17 19:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll 2012-12-27 22:28 . 2001-08-17 19:02 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys 2012-12-27 22:27 . 2001-08-17 17:19 63360 -c--a-w- c:\windows\system32\dllcache\ess.sys 2012-12-27 22:26 . 2001-08-17 17:14 952007 -c--a-w- c:\windows\system32\dllcache\diwan.sys 2012-12-27 22:25 . 2001-08-17 18:51 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys 2012-12-27 22:23 . 2001-08-18 03:36 15360 -c--a-w- c:\windows\system32\dllcache\brmfbidi.dll 2012-12-27 22:22 . 2001-08-17 17:49 9472 -c--a-w- c:\windows\system32\dllcache\ativmdcd.sys 2012-12-27 22:21 . 2006-02-28 12:00 68608 -c--a-w- c:\windows\system32\dllcache\isatq.dll 2012-12-27 05:00 . 2012-12-27 05:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2012-12-27 04:58 . 2012-12-27 04:58 -------- d-----w- c:\program files\Common Files\Java 2012-12-27 04:57 . 2012-12-27 04:57 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-12-27 04:57 . 2012-12-27 04:57 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-12-27 04:55 . 2012-12-27 04:56 -------- d-----w- c:\program files\Wireshark 2012-12-27 04:49 . 2012-12-27 04:49 -------- d-----w- c:\documents and settings\Roman\Local Settings\Application Data\Secunia PSI 2012-12-27 04:49 . 2012-12-27 04:49 -------- d-----w- c:\program files\Secunia 2012-12-26 22:21 . 2012-12-26 22:21 -------- d-----w- C:\_OTL 2012-12-25 18:17 . 2012-12-25 18:17 -------- d-----w- c:\documents and settings\Roman\Application Data\QuickScan 2012-12-25 18:04 . 2012-12-25 18:04 -------- d-----w- C:\rsit 2012-12-25 18:04 . 2012-12-25 18:04 -------- d-----w- c:\program files\trend micro 2012-12-25 17:59 . 2012-12-25 17:59 -------- d-----w- c:\program files\ERUNT 2012-12-19 13:33 . 2012-12-19 13:33 -------- d-----w- c:\program files\Dropbox 2012-12-19 13:23 . 2012-12-19 13:23 -------- d-----w- c:\program files\iPod 2012-12-19 13:23 . 2012-12-19 13:23 -------- d-----w- c:\program files\iTunes 2012-12-19 13:23 . 2012-12-19 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-15 12:46 . 2012-11-09 11:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2012-12-14 10:46 . 2012-11-01 00:34 544160 ----a-w- c:\documents and settings\Roman\Application Data\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\SmartPrintUpdate.exe 2012-12-14 10:46 . 2012-09-21 20:02 139264 ----a-w- c:\documents and settings\Roman\Application Data\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\unzip32.dll 2012-12-07 00:36 . 2012-12-07 00:36 -------- d-----w- c:\program files\Common Files\Skype 2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-12-02 16:08 . 2012-12-02 16:08 -------- d-----w- c:\program files\QuickTime 2012-12-02 15:07 . 2012-12-02 15:07 -------- d-----w- c:\documents and settings\Roman\Application Data\Hewlett-Packard 2012-12-02 15:03 . 2012-12-02 15:03 -------- d-----w- c:\documents and settings\Roman\Application Data\Visan 2012-12-02 15:01 . 2012-12-08 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations 2012-12-02 15:01 . 2012-12-02 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Visan 2012-12-02 15:01 . 2012-12-02 15:02 -------- d-----w- c:\program files\HP Photo Creations 2012-12-02 14:44 . 2012-12-02 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2012-12-02 14:36 . 2012-10-17 09:04 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll 2012-12-02 14:36 . 2012-06-18 15:54 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll 2012-12-02 14:36 . 2012-06-18 15:54 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll 2012-12-02 14:36 . 2012-06-18 15:54 529808 ----a-w- c:\windows\system32\hpinksts5912.dll 2012-12-02 14:36 . 2012-06-18 15:54 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll 2012-12-02 14:36 . 2012-06-18 15:54 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll 2012-12-02 14:36 . 2012-06-18 15:21 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-27 04:57 . 2010-05-05 23:30 473072 -c--a-w- c:\windows\system32\deployJava1.dll 2012-12-18 12:54 . 2012-04-02 21:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-18 12:54 . 2011-05-20 21:42 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2006-02-28 19:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2006-02-28 19:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-09 11:56 . 2012-06-17 12:52 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 11:53 . 2012-06-17 12:44 167344 ----a-w- c:\windows\system32\mfevtps.exe 2012-11-09 11:53 . 2012-06-17 12:52 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2012-11-09 11:52 . 2012-06-17 12:52 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-11-09 11:52 . 2012-06-17 12:52 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-11-09 11:51 . 2012-02-22 17:29 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 11:50 . 2012-06-17 12:52 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 11:50 . 2012-06-17 12:52 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-11-09 11:49 . 2012-06-17 12:52 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 11:49 . 2012-02-22 17:29 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-11-02 02:02 . 2006-02-28 19:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2006-02-28 19:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2006-02-28 19:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2006-02-28 19:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2006-02-28 19:00 385024 ----a-w- c:\windows\system32\html.iec 2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-02 18:04 . 2006-02-28 19:00 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-30 00:54 . 2012-11-18 13:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-24 22:01 . 2012-12-24 22:01 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2012-02-10 15:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496] "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "PDF7 Registry Controller"="c:\program files\Nuance\PDF Professional 7\RegistryController.exe" [2011-09-09 141160] "PDFProHook"="c:\program files\Nuance\PDF Professional 7\pdfpro7hook.exe" [2011-11-03 1787752] "Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-09-26 24216] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424] "NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2012-09-21 466648] . c:\documents and settings\Roman\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Roman\Application Data\Dropbox\bin\Dropbox.exe [2012-12-21 28539728] Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe [2006-2-28 33280] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= "c:\\Documents and Settings\\Roman\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"= "c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"= . R1 A2DDA;A2 Direct Disk Access Support Driver;c:\documents and settings\Roman\Desktop\Run\a2ddax86.sys [12/27/2012 12:17 AM 17904] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/17/2012 7:52 AM 91168] R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 10:28 AM 193816] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/17/2012 7:52 AM 167784] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/17/2012 7:52 AM 167784] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/17/2012 7:52 AM 167784] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [6/17/2012 7:52 AM 168880] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/17/2012 7:44 AM 167344] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088] R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [1/21/2012 6:53 AM 86216] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [11/26/2012 9:09 AM 659040] R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [12/23/2012 5:39 PM 3467768] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [6/17/2012 7:52 AM 60480] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [6/17/2012 7:52 AM 362640] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/15/2012 7:46 AM 84432] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [9/5/2008 8:27 PM 277376] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 10:28 AM 240408] S3 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [6/5/2011 7:12 PM 296808] S3 gupdate1ca13132833f7e2;Google Update Service (gupdate1ca13132833f7e2);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2009 8:47 PM 133104] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [11/14/2012 3:42 AM 146872] S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/15/2012 7:46 AM 84432] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/17/2012 7:52 AM 92192] S3 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 7\PDFProFiltSrv.exe [9/9/2011 1:13 AM 135016] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544] S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [11/26/2012 9:09 AM 1225312] S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 12:21 PM 160944] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11/9/2009 12:12 PM 25088] S3 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 4:26 AM 450848] S4 CorelCreatorMessages;CorelCreatorMessages;"c:\windows\system32\CorelCreatorMessages.exe" --> c:\windows\system32\CorelCreatorMessages.exe [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:54] . 2012-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57] . 2012-12-28 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-02 07:59] . 2012-12-28 c:\windows\Tasks\HP Photo Creations Communicator.job - c:\documents and settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2011-11-18 10:11] . 2012-12-28 c:\windows\Tasks\User_Feed_Synchronization-{BDE7133C-82B2-4BF4-85C5-B5D91B4A4BA3}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 08:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Open with Nuance PDF Converter 7 - c:\program files\Nuance\PDF Professional 7\cnvres_eng.dll /100 Trusted Zone: intuit.com\ttlc Trusted Zone: microsoft.com\*.update Trusted Zone: windowsupdate.com\download Trusted Zone: xmradio.com\xmro TCP: DhcpNameServer = 192.168.0.1 DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} - hxxps://www.mydlink.com/8D/activeX//TunnelX.ocx FF - ProfilePath - c:\documents and settings\Roman\Application Data\Mozilla\Firefox\Profiles\43597dhz.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-12-02 09:58; quickprint@hp.com; c:\program files\Hewlett-Packard\SmartPrint\QPExtension FF - user.js: general.useragent.extra.brc - BRI/1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-PCShowServer - c:\documents and settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe HKCU-Run-Google - c:\documents and settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll HKU-Default-Run-Google - c:\documents and settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-28 16:16 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2120) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\program files\TeamViewer\Version8\tv_w32.dll c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WS_FTP Pro\nsftpch.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\SearchIndexer.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\TeamViewer\Version8\TeamViewer.exe c:\program files\TeamViewer\Version8\tv_w32.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe c:\windows\system32\wscntfy.exe c:\windows\system32\SearchProtocolHost.exe c:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Completion time: 2012-12-28 16:21:46 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-28 21:21 . Pre-Run: 441,686,290,432 bytes free Post-Run: 441,737,011,200 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 05783A3BE586A87E7C50581B37E5A94A

Followed directions above, Log follows. RogueKiller V8.4.1 [Dec 28 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Linda [Admin rights] Mode : Scan -- Date : 12/28/2012 15:48:58 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost 192.168.0.104 HP0018715CA82C ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3160812AS +++++ --- User --- [MBR] e15bce8557cbf995bf3c9d5391779857 [bSP] eb56c44a5e637616a189ce643b9b2203 : Dell MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 147769 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 302760990 | Size: 4753 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12282012_02d1548.txt >> RKreport[1]_S_12282012_02d1548.txt

I try to keep up with virus and malware protection and be cautious when thinking about clicking on anything. This request is for my wife's computer where she may not be as diligent. Back in November, MalwareBytes quarantined PUM.Disabled.SecurityCenter and now the computer is displaying the Windows File Protection boxes that say: Files that are required for Windows to run properly must be copied to the DLL Cache. or Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files. Insert your Windows XP Professional CD 2 (or 3) now.Since PCs haven't actually come with CDs for some time, I'm not sure if I am infected or how to get good copies of files back where they need to be. I did run sfc /scannow and it popped up the windows above about a dozen times. I could use some your expert assistance. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Linda at 20:32:52 on 2012-12-27 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.524 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\mfevtps.exe C:\Program Files\PCPitstop\PCPitstopScheduleService.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\PCPitstop\Info Center\InfoCenter.exe C:\Program Files\Kodak\KODAK Share Button App\Listener.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\Password Tracker Deluxe\PwTrkr.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.com/ uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: UnfriendApp: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120623061009.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.355.0\BingExt.dll TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN28SBWG2P05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exe mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\linda\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe StartupFolder: c:\docume~1\linda\startm~1\programs\startup\passwo~1.lnk - c:\program files\password tracker deluxe\PwTrkr.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file> IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: mcafee.com DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354470757578 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{58A0798F-DCCE-4467-A2D1-F53E3C5AD3FE} : DHCPNameServer = 192.168.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 192.168.0.104 HP0018715CA82C . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 565352] R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [2011-5-9 69656] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-26 91168] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 167784] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 167784] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 167784] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 167784] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-26 203400] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-26 168880] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-26 167344] R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-11-24 91816] R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2012-4-18 36224] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.355.0\SeaPort.EXE [2012-1-25 240408] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-26 60480] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-26 234824] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-26 65488] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-26 362640] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-12 84432] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.355.0\BBSvc.EXE [2012-1-25 192792] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-11-17 146872] S3 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-12 84432] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-26 92192] S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-6-7 1775432] S3 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-3-7 341832] S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2012-4-18 134912] . =============== Created Last 30 ================ . 2012-12-28 01:17:37 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll 2012-12-28 01:17:34 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll 2012-12-28 01:17:33 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll 2012-12-28 01:17:29 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe 2012-12-28 01:17:25 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe 2012-12-28 01:16:59 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe 2012-12-28 01:16:55 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys 2012-12-28 01:16:53 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys 2012-12-28 01:16:49 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys 2012-12-28 01:16:48 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll 2012-12-28 01:16:01 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys 2012-12-28 01:14:40 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys 2012-12-28 01:14:39 5632 ----a-w- c:\windows\system32\dllcache\w3svapi.dll 2012-12-28 01:14:28 73728 ----a-w- c:\windows\system32\dllcache\w3ext.dll 2012-12-28 01:14:28 4608 ----a-w- c:\windows\system32\dllcache\w3ctrs51.dll 2012-12-28 01:14:26 48256 ----a-w- c:\windows\system32\dllcache\w32.dll 2012-12-28 01:14:22 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys 2012-12-28 01:14:17 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys 2012-12-28 01:14:13 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys 2012-12-28 01:14:09 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys 2012-12-28 01:14:05 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys 2012-12-28 01:12:57 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll 2012-12-28 01:11:56 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys 2012-12-28 01:10:59 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys 2012-12-28 01:09:58 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys 2012-12-28 01:08:57 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys 2012-12-28 01:07:59 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll 2012-12-28 01:06:59 182272 ----a-w- c:\windows\system32\dllcache\s3mt3d.dll 2012-12-28 01:05:57 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys 2012-12-28 01:04:57 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys 2012-12-28 01:03:57 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys 2012-12-28 01:00:50 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys 2012-12-28 00:59:57 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys 2012-12-28 00:58:54 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys 2012-12-28 00:57:59 420992 ----a-w- c:\windows\system32\dllcache\ltmdmntt.sys 2012-12-28 00:56:55 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll 2012-12-28 00:55:57 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys 2012-12-28 00:54:59 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys 2012-12-28 00:53:58 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys 2012-12-28 00:52:59 24618 ----a-w- c:\windows\system32\dllcache\OLD77D.tmp 2012-12-28 00:51:59 25159 ----a-w- c:\windows\system32\dllcache\OLD6E8.tmp 2012-12-28 00:50:59 6729 ----a-w- c:\windows\system32\dllcache\OLD65D.tmp 2012-12-28 00:49:59 249856 ----a-w- c:\windows\system32\dllcache\OLD5A3.tmp 2012-12-28 00:48:40 13824 ----a-w- c:\windows\system32\dllcache\OLD408.tmp 2012-12-28 00:47:59 75136 ----a-w- c:\windows\system32\dllcache\OLD330.tmp 2012-12-28 00:44:41 7168 ----a-w- c:\windows\system32\dllcache\OLD266.tmp 2012-12-28 00:43:58 76288 ----a-w- c:\windows\system32\dllcache\OLD1F0.tmp 2012-12-28 00:43:58 46592 ----a-w- c:\windows\system32\dllcache\OLD1F3.tmp 2012-12-28 00:43:57 275968 ----a-w- c:\windows\system32\dllcache\OLD1EA.tmp 2012-12-28 00:43:57 188480 ----a-w- c:\windows\system32\dllcache\OLD1ED.tmp 2012-12-28 00:43:56 94720 ----a-w- c:\windows\system32\dllcache\OLD1E7.tmp 2012-12-28 00:43:55 16439 ----a-w- c:\windows\system32\dllcache\OLD1E4.tmp 2012-12-28 00:43:54 20540 ----a-w- c:\windows\system32\dllcache\OLD1E1.tmp 2012-12-28 00:43:52 43520 ----a-w- c:\windows\system32\dllcache\OLD1DB.tmp 2012-12-28 00:43:52 290816 ----a-w- c:\windows\system32\dllcache\OLD1DE.tmp 2012-12-28 00:43:51 20540 ----a-w- c:\windows\system32\dllcache\OLD1D5.tmp 2012-12-28 00:43:51 16439 ----a-w- c:\windows\system32\dllcache\OLD1D8.tmp 2012-12-26 16:08:37 -------- d-----w- c:\program files\OverDrive Media Console 2012-12-19 13:36:34 -------- d-----w- c:\program files\iPod 2012-12-19 13:36:22 -------- d-----w- c:\program files\iTunes 2012-12-19 13:36:22 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-13 03:09:02 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2012-12-11 19:50:29 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-12-02 18:27:59 595647 ----a-w- c:\windows\system32\dllcache\es56cvmp.sys 2012-12-02 18:26:53 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys 2012-12-02 18:25:56 419357 ----a-w- c:\windows\system32\dllcache\dgconfig.dll 2012-12-02 18:24:59 56320 ----a-w- c:\windows\system32\dllcache\convlog.exe 2012-12-02 18:23:39 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys 2012-12-02 18:22:59 9216 ----a-w- c:\windows\system32\dllcache\authfilt.dll 2012-12-02 18:21:58 61440 ----a-w- c:\windows\system32\dllcache\acerscad.dll 2012-12-02 18:13:40 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll 2012-12-02 18:13:29 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll 2012-12-02 18:13:17 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe 2012-12-02 18:13:17 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll 2012-12-02 18:13:17 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll 2012-12-02 18:13:16 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll 2012-12-02 18:13:16 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe 2012-12-02 18:13:14 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll 2012-12-02 15:32:20 -------- d-----w- c:\program files\Microsoft 2012-12-02 15:32:07 45056 ----a-r- c:\documents and settings\linda\application data\microsoft\installer\{6f1c00d2-25c2-4cba-8126-ae9a6e2e9cd5}\ARPPRODUCTICON.exe 2012-12-02 15:32:07 102400 ----a-r- c:\documents and settings\linda\application data\microsoft\installer\{6f1c00d2-25c2-4cba-8126-ae9a6e2e9cd5}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe 2012-12-02 15:31:35 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll 2012-12-02 15:31:29 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll 2012-12-02 15:31:29 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll 2012-12-02 15:31:26 529808 ----a-w- c:\windows\system32\hpinksts5912.dll 2012-12-02 15:31:26 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll 2012-12-02 15:31:26 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe 2012-12-02 15:31:26 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll . ==================== Find3M ==================== . 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-11 19:50:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-11 19:50:40 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-09 11:56:16 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 11:53:22 167344 ----a-w- c:\windows\system32\mfevtps.exe 2012-11-09 11:53:02 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2012-11-09 11:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-11-09 11:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-11-09 11:51:12 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 11:50:20 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 11:50:00 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-11-09 11:49:40 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 11:49:10 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec 2012-10-31 20:10:14 773968 ----a-w- c:\windows\system32\msvcr100.dll 2012-10-31 20:10:14 138056 ----a-w- c:\windows\system32\atl100.dll 2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll . ============= FINISH: 20:35:06.01 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 3/26/2011 7:03:34 PM System Uptime: 12/25/2012 10:17:00 AM (58 hours ago) . Motherboard: Dell Inc. | | 0HJ054 Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 144 GiB total, 49.069 GiB free. D: is CDROM () E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP651: 12/27/2012 11:45:17 AM - System Checkpoint . ==== Installed Programs ====================== . 7300 7300_Help 7300Trb Adobe AIR Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) AiO_Scan AiOSoftware Ancient Mysteries Ancient Secrets AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft MediaImpression for Kodak ATI Control Panel ATI Display Driver Azada: In Libro Banctec Service Agreement Big Fish Games: Game Manager Bing Bar BloodTies Bonjour BufferChm Conexant D850 56K V.9x DFVc Modem Copy CP_AtenaShokunin1Config cp_dwShrek2Albums1 cp_dwShrek2Cards1 CreativeProjects CreativeProjectsTemplates Crystal Reports Basic Runtime for Visual Studio 2008 CueTour Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell CinePlayer Dell Digital Jukebox Driver Dell Driver Download Manager Dell Driver Reset Tool Dell Game Console Dell Support 3.1 Dell System Restore Destinations Digital Content Portal Digital Line Detect Director DocProc Documentation & Support Launcher DocumentViewer Drawn ®: Dark Flight Collector's Edition EducateU ELIcon Enchanted Cavern Evernote v. 4.4.2 Fax Games, Music, & Photos Launcher GemMaster Mystic Ghost Chronicles - Phantom of the Faire Google Toolbar for Internet Explorer Hidden Expedition ® - Devil's Triangle Hidden Expedition: The Uncharted Islands Hidden Mysteries - White House Hotel Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB954550-v5) HP FWUpdateEDO2 HP Image Zone 4.7 HP Officejet Pro 8600 Basic Device Software HP Officejet Pro 8600 Help HP Officejet Pro 8600 Product Improvement Study HP Product Assistant HP PSC & OfficeJet 4.7 HP Software Update HP Update HPSystemDiagnostics Info Center 1.0.0.7 InstantShare InstantShareAlert Intel® PRO Network Connections Drivers Intel® PROSet for Wired Connections Internet Service Offers Launcher Interpol ISO Recorder iTunes iWin Games (remove only) Java 2 Runtime Environment, SE v1.4.2_03 Joan Jade and the Gates of Xibalba KODAK Share Button App Learn2 Player (Uninstall Only) Malwarebytes Anti-Malware version 1.70.0.1100 McAfee Security Scan Plus McAfee SecurityCenter McAfee Virtual Technician MCU Microsoft .NET Framework 1.0 Security Update (KB2698035) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Business 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft Software Update for Web Folders (English) 14 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Midnight Mysteries The Edgar Allan Poe Conspiracy MobileMe Control Panel Modem Helper MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery Case Files: Escape from Ravenhearst Mysteryville 2 (remove only) NetWaiting NetZero For Cosmi OpenAL Otto OverDrive Media Console PanoStandAlone Password Tracker Deluxe 3.62 PC Matic 1.1.0.44 PDFCreator PhotoGallery Pirateville (remove only) PrintScreen ProductContext QFolder Quicken WillMaker Plus 2011 QuickProjects QuickTime Readme RealPlayer Basic Reincarnations: Awakening Roxio DLA Roxio MyDVD LE Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data Safari Scan ScannerCopy Search Assist Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2779030) Shared C Run-time for x86 SkinsHP1 Skype Toolbars Skype™ 5.10 Sonic Activation Module Sonic Encoders Sonic Update Manager Spirits of Mystery: Amber Maiden Splashtop Remote Strange Cases - The Lighthouse Mystery Strange Cases: The Tarot Card Mystery TaxWise 2010 The Dracula Files The Legend of Crystal Valley The Lost Cases of Sherlock Holmes 2 The Treasures Of Mystery Island The Treasures of Mystery Island: The Gates of Fate The Treasures of Mystery Island: The Ghost Ship TrayApp Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Windows Media Player 10 (KB910393) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2749655) URL Assistant Vacation Quest - The Hawaiian Islands Viewpoint Media Player WebCyberCoach 3.2 Dell WebFldrs XP WebReg WildTangent Web Driver Windows Driver Package - Intel USB (08/05/2009 9.1.1.1016) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 10 Windows Media Player 11 Windows XP Service Pack 3 WordPerfect Office 12 . ==== Event Viewer Messages From Past Week ======== . 12/27/2012 8:24:17 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully. 12/27/2012 8:24:16 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\snchk.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 8:24:11 PM, information: Windows File Protection [64005] - The protected system file c:\windows\ehome\ehtray.exe was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is Linda. The file version of the bad file is 5.1.2715.2765. 12/27/2012 8:22:07 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\ehome\ehtray.exe has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2715.2765. 12/27/2012 8:22:04 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ehituner.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 8:22:01 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ehiepg.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 8:21:58 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ko\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 8:21:56 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ja\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 8:21:50 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\fr\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 8:21:46 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\de\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 8:21:41 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\zh-chs\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 8:21:31 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ehcircl.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 8:16:43 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\wmpns.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 8:03:03 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npdrmv2.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 7:47:14 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npwmsdrm.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 7:47:07 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npdsplay.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 7:46:19 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability. 12/27/2012 7:43:49 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started. 12/22/2012 3:16:59 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\ehome\ehtray.exe could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time. 12/21/2012 2:12:17 PM, information: Windows File Protection [64005] - The protected system file ehtray.exe was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is Linda. The file version of the bad file is 5.1.2715.2765. 12/20/2012 8:06:55 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\kbdus.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time. 12/20/2012 8:06:55 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\resources\themes\luna\luna.msstyles could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time. . ==== End Of File ===========================

After turning off McAfee, I ran the sfc /scannow from the command prompt. It opened up a small window with a progress bar. The process ran to completion and the progress bar window closed with no messages. The command prompt window did not display any messages either.

I have never seen ransomeware messages appear. I just saw the result line in one of the earlier logs. I guess this is good news. Step 1: The log for OTL is below. Step 2: RogueKiller. The prescan ran fine. There were no entries listed in the Registry tab so there was nothing to check and the delete button remained greyed-out. Step 3: Emsisoft Emergency Kit was downloaded (45 minutes) in Safe Mode and the deep scan was run (2 hours). It found 5 registry keys (medium risk) and 2 files (high risk) Trojan.Script.199943(B). They were quarantined. The files were default.htm from an old web site that I archived before I took it over created a replacement. OTL Log: All processes killed ========== PROCESSES ========== ========== FILES ========== C:\WINDOWS\tasks\At3.job moved successfully. C:\WINDOWS\tasks\At4.job moved successfully. C:\WINDOWS\tasks\At1.job moved successfully. C:\WINDOWS\tasks\At2.job moved successfully. C:\WINDOWS\System32\-1 moved successfully. C:\WINDOWS\System32\en folder moved successfully. C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\HomeNet\McSvHost folder moved successfully. C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\HomeNet folder moved successfully. C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data\McAfee\MCLOGS folder moved successfully. C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data\McAfee folder moved successfully. C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data folder moved successfully. C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users folder moved successfully. C:\WINDOWS\System32\헠ΰ\Documents and Settings folder moved successfully. C:\WINDOWS\System32\헠ΰ folder moved successfully. C:\RECYCLER\S-1-5-21-1687530015-1697978249-4202760790-1004 folder moved successfully. C:\RECYCLER\S-1-5-18 folder moved successfully. C:\RECYCLER folder moved successfully. E:\RECYCLER\S-1-5-21-3973020173-1465058494-1690550294-1006 folder moved successfully. E:\RECYCLER\S-1-5-21-1687530015-1697978249-4202760790-1004 folder moved successfully. E:\RECYCLER\S-1-5-18 folder moved successfully. E:\RECYCLER folder moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 131072 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 131273 bytes ->Flash cache emptied: 41661 bytes User: LocalService ->Temp folder emptied: 65536 bytes ->Temporary Internet Files folder emptied: 112166 bytes ->Flash cache emptied: 574 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 112233 bytes User: Roman ->Temp folder emptied: 1128986 bytes ->Temporary Internet Files folder emptied: 81454072 bytes ->Java cache emptied: 44717215 bytes ->FireFox cache emptied: 195304863 bytes ->Google Chrome cache emptied: 26037862 bytes ->Flash cache emptied: 42328 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 177024 bytes ->Flash cache emptied: 41661 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2176856 bytes %systemroot%\System32 .tmp files removed: 2984465 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 439 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 338.00 mb Restore point Set: OTL Restore Point [EMPTYFLASH] User: Administrator User: All Users User: Default User ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 0 bytes User: NetworkService User: Roman ->Flash cache emptied: 0 bytes User: UpdatusUser ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: Administrator User: All Users User: Default User User: LocalService User: NetworkService User: Roman ->Java cache emptied: 0 bytes User: UpdatusUser Total Java Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12262012_172140 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...

Logs continues: OTL Extras logfile created on: 12/25/2012 4:35:43 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roman\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.12 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 81.42% Memory free 4.97 Gb Paging File | 4.17 Gb Available in Paging File | 83.87% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 462.24 Gb Total Space | 412.23 Gb Free Space | 89.18% Space Free | Partition Type: NTFS Drive E: | 74.53 Gb Total Space | 48.17 Gb Free Space | 64.63% Space Free | Partition Type: NTFS Computer Name: ZTDESKTOP | User Name: Roman | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor -- (Hewlett-Packard Co.) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation) "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.) "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.) "C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation) "C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) "C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.) "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.) "C:\Documents and Settings\Roman\Local Settings\Temp\7zS4947\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Roman\Local Settings\Temp\7zS4947\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS "C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 FaxApplications -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 DigitalWizards -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 SendFaxAppExe -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Officejet Pro 8600) -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Officejet Pro 8600) -- (Hewlett-Packard Co.) "C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet Pro 8600) -- (Hewlett-Packard Co.) "C:\Documents and Settings\Roman\Local Settings\Temp\7zS1CE9\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Roman\Local Settings\Temp\7zS1CE9\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Documents and Settings\Roman\Local Settings\Temp\7zS6902\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Roman\Local Settings\Temp\7zS6902\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Documents and Settings\Roman\Local Settings\Temp\7zS5FB7\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Roman\Local Settings\Temp\7zS5FB7\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport "{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional "{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan "{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager "{0F2F77E4-4053-4108-B153-81F0B42EDCF4}" = WebIQ Technology Engine "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax "{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime "{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86 "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 23 "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1 "{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009 "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset "{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1 "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport "{38ED4745-4015-4BF0-AB17-AA4B07595137}" = Auction Sentry "{39003340-EAA2-012B-ADCD-000000000000}" = TurboTax 2009 wkyiper "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help "{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2 "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support "{46235FF7-2CBE-4A84-BEDA-87348D1F7850}" = HP Officejet Pro 8600 Help "{46CB5C9E-BE06-42B6-8B59-C037B8E93889}" = NetObjects Fusion 12.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking "{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper "{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection "{4FE224A2-C56D-4289-AE73-F7267BA0C9F6}" = NetObjects Fusion 12.0 "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone "{5F3783B7-F809-45A7-8A92-A44B441FDA7C}" = DIRECTV Player "{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011 "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery "{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan "{669B49D6-BCA8-4F7C-9248-CE5677750285}" = HP Officejet Pro 8600 Product Improvement Study "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations "{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{6F9C25B0-6ABF-4FB0-8793-176487F963EE}" = Nuance PDF Converter Professional 7 "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7752CBAC-3B2D-43c0-98CA-A1A16CCF7E3C}" = HP Smart Print 1.1.5.2 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1 "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc "{8EAB4100-B343-41AE-A880-418746998209}" = HP Officejet Pro 8600 Basic Device Software "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies "{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{97BA2B90-AF72-35CF-BFDC-E06531811B20}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CC57E3F-0478-4005-98D3-4C6850C5A6E7}" = TurboTax 2011 wkyiper "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1 "{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = TEG-PCITXR 32bit Gigabit PCI Adatper "{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.81 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.81 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help "{B762B2A5-883B-454B-A586-1DF6C4528262}" = MX-950 Editor "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director "{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3334366-BCED-4D4B-A266-23E3414FC29D}" = NetObjects Fusion 10.0 "{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0EE2F91-CC20-426F-A4D5-7FFE54E55015}" = TurboTax 2010 wkyiper "{D1CDE21A-E27A-48CE-8831-3E33E793222E}" = NetObjects Fusion 12.0 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{DF29A0E2-DF76-4932-98A9-34B441F40486}" = Auction Sentry "{E3436EE2-D5CB-4249-840B-3A0140CC34C1}" = PhoneTools "{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EA5B4DB8-BF9A-4E23-B7FB-0A387A3A0E8F}" = Free JavaScript Editor 4.7 "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0 "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11 "{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}" = Trainz "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "384C2C6074E8C219998710CE8D95B252A3A0CBAE" = Windows Driver Package - NVIDIA (nv) Display (10/16/2010 6.14.12.6099) "4E55C63BFCAACCF944B3AA49E7999CA9BAFFE208" = Windows Driver Package - NVIDIA (nv) Display (05/15/2012 6.14.13.0142) "5A3659A1699DAACF9BD615CB9AADA1F1BF3AE327" = Windows Driver Package - NVIDIA (nv) Display (06/07/2010 6.14.12.5721) "6B499777B71FB5ACC52946DD82ECB4D02826D410" = Windows Driver Package - NVIDIA (nv) Display (02/29/2012 6.14.12.9610) "86A6EABF7537A8DD39CE93DF122356CA3E99E579" = Windows Driver Package - NVIDIA (nv) Display (08/03/2011 6.14.12.8026) "8CE3EF3AF6188C2679CF2148F39931549AA983A1" = Windows Driver Package - Logitech (LVUVC) Image (09/21/2012 13.51.823.0) "971D4E9C5CED6477B8F2A6B10A77BA64785DC7B6" = Windows Driver Package - Logitech USB (01/17/2012 13.31.1044.0) "A00DACBCF80381024878EBEE918DADEFF532AC10" = Windows Driver Package - NVIDIA (nv) Display (02/09/2012 6.14.12.9573) "A261B7217DB17A0B0C1499769911A4C2763B50AC" = Windows Driver Package - Logitech (lvrs) MEDIA (01/17/2012 13.31.1044.0) "ActiveTouchMeetingClient" = Cisco WebEx Meetings "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AF5EBAB19E0AC92AFFCF6BB01BC6113C68246F96" = Windows Driver Package - NVIDIA (nv) Display (04/07/2011 6.14.12.7061) "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17 "BB85278BE9A24627B9133B324B11AE8AAED9B52B" = Windows Driver Package - NVIDIA (nv) Display (09/23/2012 6.14.13.0681) "CDE5ADE5BBAD3E7B3EDC2254E9B4AA5699C49243" = Windows Driver Package - NVIDIA (nv) Display (10/07/2011 6.14.12.8558) "CLRPassword Tracker" = Password Tracker Deluxe 3.62 "CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem "com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager "D6FC380758CCD46F9200CAD66C4A7C041CBDC50E" = Windows Driver Package - NVIDIA (nv) Display (07/09/2010 6.14.12.5896) "dcmsvc_is1" = dcmsvc 1.0 "DEF5BD9CE83771293DCFAEA94AC5FADFD235B2ED" = Windows Driver Package - NVIDIA (nv) Display (03/15/2010 6.14.11.9713) "Disney Dreams" = Disney Dreams Screen Saver "Disney Epic Mickey: Prima Official eGuide" = Disney Epic Mickey: Prima Official eGuide "E9CAC95DEDD5D81AF01EF321643F69919AB4CBB0" = Windows Driver Package - Logitech (LVUVC) Image (01/17/2012 13.31.1044.0) "ED32DE45B100947E631306FC4BC656D5E8212C18" = Windows Driver Package - NVIDIA (nv) Display (05/20/2011 6.14.12.7533) "ERUNT_is1" = ERUNT 1.1j "F4BBA3D2672296BC5BDBB7527330AD1C077B1C8C" = Windows Driver Package - Logitech (lvrs) MEDIA (09/21/2012 13.51.823.0) "Family Tree Maker 2009" = Family Tree Maker 2009 "Family Tree Maker 2010" = Family Tree Maker 2010 "FC9E8D6BEED299828396FA9693664A5B08161EBA" = Windows Driver Package - NVIDIA (nv) Display (01/07/2011 6.14.12.6658) "Google Chrome" = Google Chrome "Google Updater" = Google Updater "HP Photo & Imaging" = HP Image Zone 4.7 "HP Photo Creations" = HP Photo Creations "ie8" = Windows Internet Explorer 8 "Info Center_is1" = Info Center 1.0.0.7 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "Logitech Vid" = Logitech Vid HD "lvdrivers_12.10" = Logitech Webcam Software Driver Package "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "McAfee Virtual Technician" = McAfee Virtual Technician "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSC" = McAfee SecurityCenter "NeroMultiInstaller!UninstallKey" = Nero Suite "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Office14.SingleImage" = Microsoft Office Home and Business 2010 "Paint Shop Pro 6" = Paint Shop Pro 6.02 CD "Password Safe" = Password Safe "PC Matic_is1" = PC Matic 1.1.0.44 "PrintMaster Premier 4.00" = PrintMaster Premier 4.00 "Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009 "Quicken WillMaker Plus 2011" = Quicken WillMaker Plus 2011 "SyncBack_is1" = SyncBack "SystemRequirementsLab" = System Requirements Lab "TeamViewer 8" = TeamViewer 8 "TurboTax 2009" = TurboTax 2009 "TurboTax 2010" = TurboTax 2010 "TurboTax 2011" = TurboTax 2011 "Windows CE Services" = Microsoft ActiveSync 3.7 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "WinZip" = WinZip "Wireshark" = Wireshark 1.8.3 (32-bit) "WS_FTP Pro" = Ipswitch WS_FTP Pro ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 12/24/2012 1:41:38 PM | Computer Name = ZTDESKTOP | Source = Microsoft Office 14 | ID = 1000 Description = Faulting application outlook.exe, version 14.0.6126.5003, stamp 505b1685, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x00000000. Error - 12/24/2012 5:14:29 PM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ROMAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 12/24/2012 5:16:54 PM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ROMAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 12/24/2012 5:17:41 PM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ROMAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Error - 12/24/2012 5:17:42 PM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013 Description = The entry <C:\DOCUMENTS AND SETTINGS\ROMAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) [ System Events ] Error - 12/21/2012 7:41:47 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 12/21/2012 7:41:51 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 12/21/2012 7:41:51 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. Error - 12/21/2012 7:44:20 AM | Computer Name = ZTDESKTOP | Source = DCOM | ID = 10010 Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout. Error - 12/21/2012 7:56:51 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 12/21/2012 7:56:51 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time. Error - 12/21/2012 8:08:26 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452689 Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) Error - 12/21/2012 8:08:26 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 12/21/2012 6:30:23 PM | Computer Name = ZTDESKTOP | Source = DCOM | ID = 10010 Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout. Error - 12/23/2012 6:41:51 PM | Computer Name = ZTDESKTOP | Source = DCOM | ID = 10010 Description = The server {0006F03A-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. < End of report >

I found no toolbars that reference Bandoo, iLivid, or Searchqu. I found no add-ons for the same in either IE, Firefox, or Chrome. You may have seen it, but on one of the previous scans above, it appears that I also have a touch of ** Infection : Rans.Gendarm ** OTL logs follow: OTL logfile created on: 12/25/2012 4:35:43 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roman\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.12 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 81.42% Memory free 4.97 Gb Paging File | 4.17 Gb Available in Paging File | 83.87% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 462.24 Gb Total Space | 412.23 Gb Free Space | 89.18% Space Free | Partition Type: NTFS Drive E: | 74.53 Gb Total Space | 48.17 Gb Free Space | 64.63% Space Free | Partition Type: NTFS Computer Name: ZTDESKTOP | User Name: Roman | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/25 16:31:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roman\Desktop\OTL.exe PRC - [2012/12/21 00:41:32 | 028,539,728 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe PRC - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012/12/02 10:07:55 | 000,086,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe PRC - [2012/11/09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe PRC - [2012/11/09 06:50:10 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe PRC - [2012/11/09 06:48:10 | 000,203,400 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe PRC - [2012/10/31 19:38:02 | 000,519,584 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\SmartPrint\BootStrap.exe PRC - [2012/10/17 04:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe PRC - [2012/10/17 04:05:10 | 000,673,384 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe PRC - [2012/10/17 04:02:20 | 000,790,120 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe PRC - [2012/09/12 12:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe PRC - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE PRC - [2011/11/03 10:21:00 | 001,787,752 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\Info Center\InfoCenter.exe PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe PRC - [2011/06/05 20:41:34 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe PRC - [2008/04/14 11:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2012/11/14 03:08:11 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll MOD - [2012/11/14 03:05:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll MOD - [2012/11/14 03:05:49 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll MOD - [2012/11/14 03:05:37 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll MOD - [2012/11/14 03:04:12 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll MOD - [2012/11/14 03:03:58 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011/04/11 14:40:24 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\corelcreatorpm.dll MOD - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe MOD - [2001/12/20 15:21:10 | 000,024,576 | ---- | M] () -- C:\Program Files\WS_FTP Pro\nsftpch.dll MOD - [2001/10/11 16:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\CorelCreatorMessages.exe -- (CorelCreatorMessages) SRV - [2012/12/24 17:01:43 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/18 07:54:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012/12/02 10:07:55 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2012/11/16 21:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/11/09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2012/11/09 06:50:10 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV - [2012/11/09 06:48:10 | 000,203,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2012/09/23 09:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2012/01/18 04:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011/09/09 01:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe -- (PDFProFiltSrv) SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/06/05 19:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc) SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Roman\LOCALS~1\Temp\mbr.sys -- (mbr) DRV - [2012/11/09 06:56:16 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids) DRV - [2012/11/09 06:53:02 | 000,091,168 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k) DRV - [2012/11/09 06:52:12 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2012/11/09 06:51:12 | 000,565,352 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2012/11/09 06:50:30 | 000,084,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp) DRV - [2012/11/09 06:50:30 | 000,084,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk) DRV - [2012/11/09 06:50:20 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek) DRV - [2012/11/09 06:50:00 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2012/11/09 06:49:40 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2012/11/09 06:49:10 | 000,132,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2012/09/21 15:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) DRV - [2012/09/21 15:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HipShieldK.sys -- (HipShieldK) DRV - [2010/06/25 12:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2009/11/09 12:12:42 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2009/10/07 03:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2009/07/01 10:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2009/07/01 10:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2009/03/25 13:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2008/05/21 08:48:04 | 000,277,376 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2008/02/14 13:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt) DRV - [2004/08/12 10:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2001/09/07 09:57:00 | 000,584,336 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys -- (winachsf) DRV - [2001/09/07 09:57:00 | 000,534,125 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124) DRV - [2001/09/07 09:57:00 | 000,426,783 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56) DRV - [2001/09/07 09:57:00 | 000,310,899 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback) DRV - [2001/09/07 09:57:00 | 000,217,019 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax) DRV - [2001/09/07 09:57:00 | 000,127,405 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks) DRV - [2001/09/07 09:57:00 | 000,080,449 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\spkpnt.sys -- (SpeakerPhone) DRV - [2001/09/07 09:57:00 | 000,077,426 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2) DRV - [2001/09/07 09:57:00 | 000,067,654 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample) DRV - [2001/09/07 09:57:00 | 000,056,607 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{5496894E-FE95-4A30-9F1A-944E9259673D}: "URL" = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{A0038F32-F1DB-4E89-B3C6-BDCFBB83AEEC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKCU\..\SearchScopes\{D730CC2D-E51A-451C-BD7B-F3D5D2B6FBC5}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Secure Search" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: xvmaiknmln%40xvmaiknmln.org:2.5 FF - prefs.js..extensions.enabledAddons: %7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:15.1.0 FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/12/25 13:00:31 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@ascendo-inc/DataVault;version=1: C:\Program Files\DataVault\npapi.dll File not found FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll (NDS) FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.) FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF1 FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/12/15 09:44:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2012/12/02 09:58:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/12/25 16:34:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/24 17:01:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/05 11:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roman\Application Data\Mozilla\Extensions [2012/12/23 08:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\43597dhz.default\Extensions [2006/02/28 07:00:00 | 000,004,815 | ---- | M] () (No name found) -- C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\43597dhz.default\Extensions\xvmaiknmln@xvmaiknmln.org.xpi [2012/12/24 17:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/12/24 17:01:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/12/25 16:34:04 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE [2012/12/15 09:44:50 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2012/12/24 17:01:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/11/25 07:28:43 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/05 11:58:17 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012/11/25 07:28:43 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: NDS PCShow Plugin (Enabled) = C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll CHR - plugin: PCShow Player Plugin (Enabled) = C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: SiteAdvisor = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\ CHR - Extension: Gmail = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012/06/17 07:18:41 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (HP Smart Print BHO) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC) O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKCU..\Run: [Google] C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll (MainConcept GmbH) O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKCU..\Run: [PCShowServer] C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies) O4 - Startup: C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present O8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites) O15 - HKCU\..Trusted Domains: xmradio.com ([xmro] http in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} https://www.mydlink.com/8D/activeX//TunnelX.ocx (TunnelX Control) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class) O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP6EP1-15324/webex/ieatgpc.cab (GpcContainer Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53371D86-939F-42EB-8692-365423C01C6D}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 () - O24 - Desktop WallPaper: C:\Documents and Settings\Roman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Roman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/09/05 20:08:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.) SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) SafeBootNet: mfevtp - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.) SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023) ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: AutorunsDisabled - Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.pspgru - C:\WINDOWS\System32\PSPGRU.acm (Philips Austria GmbH - Speech Processing) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) CLEARALLRESTOREPOINTS Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/12/25 16:31:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Roman\Desktop\OTL.exe [2012/12/25 13:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Desktop\RK_Quarantine [2012/12/25 13:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Application Data\QuickScan [2012/12/25 13:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2012/12/25 13:04:11 | 000,000,000 | ---D | C] -- C:\rsit [2012/12/25 13:00:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012/12/25 12:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT [2012/12/25 12:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2012/12/25 12:57:57 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Roman\Desktop\erunt-setup.exe [2012/12/24 20:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee [2012/12/24 17:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Roman\Start Menu\Programs\Administrative Tools [2012/12/24 17:44:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Roman\Desktop\dds.scr [2012/12/24 17:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012/12/23 17:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8 [2012/12/19 08:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012/12/19 08:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2012/12/19 08:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/12/19 08:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/12/19 08:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/12/15 07:46:58 | 000,084,432 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys [2012/12/06 19:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012/12/06 19:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012/12/02 11:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2012/12/02 11:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/12/02 10:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Application Data\Hewlett-Packard [2012/12/02 10:03:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Roman\My Documents\HP Photo Creations [2012/12/02 10:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Application Data\Visan [2012/12/02 10:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan [2012/12/02 10:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations [2012/12/02 10:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations [2012/12/02 09:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant [2012/12/02 09:36:42 | 000,580,712 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5912.dll [2012/12/02 09:36:40 | 001,979,280 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanTRDrv_OJ8600.dll [2012/12/02 09:36:40 | 000,495,504 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_OJ8600.dll [2012/12/02 09:36:36 | 002,216,336 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkins5912.exe [2012/12/02 09:36:36 | 000,529,808 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5912.dll [2012/12/02 09:36:36 | 000,268,688 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5912LM.dll [2012/12/02 09:36:36 | 000,220,560 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5912.dll [2012/11/28 05:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\My Documents\Wireshark [2012/11/26 18:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Application Data\Wireshark [2012/11/26 18:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap [2012/11/26 18:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2012/11/26 18:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark [2009/08/20 17:59:23 | 003,902,784 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Roman\gosetup.exe [2009/05/18 18:24:08 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Roman\gotomypc_438.exe [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/25 16:31:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roman\Desktop\OTL.exe [2012/12/25 16:25:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2012/12/25 15:54:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/12/25 15:48:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job [2012/12/25 14:00:12 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2012/12/25 13:27:24 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BDE7133C-82B2-4BF4-85C5-B5D91B4A4BA3}.job [2012/12/25 13:25:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2012/12/25 13:23:56 | 000,758,272 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\RogueKiller.exe [2012/12/25 13:09:27 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\SecurityCheck.exe [2012/12/25 13:02:36 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\RSIT.exe [2012/12/25 12:59:11 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\NTREGOPT.lnk [2012/12/25 12:59:11 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\ERUNT.lnk [2012/12/25 12:57:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Roman\Desktop\erunt-setup.exe [2012/12/25 10:10:01 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2012/12/24 20:40:04 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2012/12/24 17:44:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Roman\Desktop\dds.scr [2012/12/24 06:23:12 | 000,001,659 | ---- | M] () -- C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2012/12/24 06:22:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/12/24 06:21:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/12/24 06:21:27 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/12/24 06:21:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2012/12/23 17:40:01 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk [2012/12/23 16:36:23 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\Microsoft Word 2010.lnk [2012/12/21 09:34:21 | 000,001,005 | ---- | M] () -- C:\WINDOWS\wsftppro.INI [2012/12/21 07:28:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/12/21 07:14:04 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Dropbox.lnk [2012/12/21 07:13:07 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\Dropbox.lnk [2012/12/19 08:24:14 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2012/12/18 07:54:50 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2012/12/18 07:54:50 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [2012/12/12 06:14:44 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/12/12 06:13:08 | 002,001,455 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2012/12/08 15:03:47 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk [2012/12/06 19:36:54 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/12/02 11:08:38 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2012/12/02 10:00:39 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\HP Printer Doctor.lnk [2012/12/02 09:45:51 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\HP Printing Software.url [2012/12/02 09:36:42 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8600.lnk [2012/12/02 09:36:42 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk [2012/12/02 08:05:27 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\Microsoft Excel 2010.lnk [2012/11/26 18:49:53 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1 [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/12/25 13:23:53 | 000,758,272 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\RogueKiller.exe [2012/12/25 13:09:27 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\SecurityCheck.exe [2012/12/25 13:02:32 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\RSIT.exe [2012/12/25 12:59:11 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\NTREGOPT.lnk [2012/12/25 12:59:11 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\ERUNT.lnk [2012/12/23 17:40:01 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk [2012/12/21 07:14:04 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Dropbox.lnk [2012/12/19 08:24:14 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2012/12/18 06:54:02 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012/12/02 11:08:38 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk [2012/12/02 10:02:04 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk [2012/12/02 10:02:03 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job [2012/12/02 10:00:39 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\HP Printer Doctor.lnk [2012/12/02 09:44:15 | 000,000,279 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\HP Printing Software.url [2012/12/02 09:38:44 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2012/12/02 09:36:42 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk [2012/12/02 09:36:41 | 000,001,945 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8600.lnk [2012/11/26 18:49:53 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1 [2012/11/26 18:49:22 | 000,001,481 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk [2012/10/28 15:20:30 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini [2012/06/17 07:11:35 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\Roman\GoToAssistDownloadHelper.exe [2012/02/16 19:57:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/30 06:29:00 | 002,473,151 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1687530015-1697978249-4202760790-1004-0.dat [2012/01/30 06:28:56 | 000,297,042 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2011/12/25 07:55:52 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc [2011/12/17 11:48:59 | 000,002,560 | ---- | C] () -- C:\Documents and Settings\Roman\repl.dat [2011/12/16 08:09:43 | 000,002,560 | ---- | C] () -- C:\WINDOWS\repl.dat [2011/09/29 17:20:07 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2011/09/29 17:19:02 | 000,068,951 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp [2011/09/29 17:19:02 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp [2011/08/19 04:26:20 | 010,919,784 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll [2011/08/19 04:26:20 | 000,338,136 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll [2011/08/19 04:26:20 | 000,103,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe [2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2011/06/27 21:34:03 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011/05/04 21:13:28 | 000,021,907 | ---- | C] () -- C:\Documents and Settings\Roman\Application Data\Microsoft Excel.ADR [2011/04/11 14:40:24 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\corelcreatorpm.dll [2011/03/05 19:25:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011/02/27 07:38:36 | 000,001,128 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat [2011/02/18 22:02:48 | 000,060,052 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/10/21 16:49:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Roman\Local Settings\Application Data\fusioncache.dat [2010/03/02 19:57:59 | 000,003,638 | ---- | C] () -- C:\Documents and Settings\Roman\Application Data\SAS7_000.DAT [2009/07/17 12:55:36 | 000,300,848 | ---- | C] ( ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe [2009/07/17 12:55:34 | 000,009,960 | ---- | C] () -- C:\Documents and Settings\All Users\invokesi.exe [2008/11/23 15:14:30 | 000,066,360 | ---- | C] () -- C:\Documents and Settings\Roman\g2ax_expert_downloadhelper_win32_x86.exe [2008/11/22 10:38:36 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Roman\default.pls [2008/11/06 20:15:14 | 000,023,139 | ---- | C] () -- C:\Documents and Settings\Roman\Application Data\Comma Separated Values (Windows).ADR ========== ZeroAccess Check ========== [2008/10/31 20:23:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 11:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 11:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > [2012/12/19 08:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012/11/23 13:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe [2008/09/05 20:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead [2011/02/14 18:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple [2011/02/12 07:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer [2011/07/15 18:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications [2009/05/27 18:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge [2012/06/17 07:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2011/07/09 16:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel [2011/07/02 11:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel PDF Fusion [2009/10/15 06:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink [2011/07/29 17:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet [2011/09/10 02:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater [2012/12/02 09:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP [2012/12/08 15:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations [2012/12/02 09:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant [2010/03/02 19:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield [2010/01/29 18:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit [2010/09/26 07:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage [2010/02/12 19:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd [2011/12/03 19:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech [2012/11/18 08:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012/11/14 03:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee [2012/10/29 15:39:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft [2012/12/12 06:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2012/11/22 06:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla [2009/08/01 07:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS [2011/12/30 11:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance [2012/10/23 05:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA [2009/10/15 07:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation [2009/08/16 14:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles [2010/06/15 17:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage [2012/12/25 13:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop [2012/01/21 06:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat [2011/12/30 11:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2009/04/15 17:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor [2012/12/06 19:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype [2010/01/27 06:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun [2008/10/29 07:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec [2012/12/25 16:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp [2012/12/02 10:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan [2010/09/26 07:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc [2008/09/05 21:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2011/12/30 11:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon [2011/02/12 07:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} < %ALLUSERSPROFILE%\Application Data\*.exe /s > [2012/08/21 13:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe [2012/08/21 13:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe [2012/12/19 08:18:42 | 000,077,288 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 11.0.1.12\SetupAdmin.exe [2009/05/27 18:23:02 | 000,599,304 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Controller.exe [2009/05/27 18:23:14 | 000,626,440 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Customer.exe [2009/05/27 18:22:51 | 000,353,544 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe [2011/04/11 09:46:50 | 115,760,736 | ---- | M] (Corel Corporation ) -- C:\Documents and Settings\All Users\Application Data\Corel PDF Fusion\1.0.0\CorelPDFFusionInstaller_x64_EN.exe [2011/04/11 09:44:38 | 099,148,288 | ---- | M] (Corel Corporation ) -- C:\Documents and Settings\All Users\Application Data\Corel PDF Fusion\1.0.0\CorelPDFFusionInstaller_x86_EN.exe [2011/06/05 20:41:34 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe [2011/06/05 20:41:34 | 000,206,112 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\dwusplay.exe [2011/06/05 20:41:34 | 000,402,720 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISDM.exe [2011/06/05 20:41:34 | 000,087,328 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\issch.exe [2011/06/05 20:41:34 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [2011/11/18 05:11:00 | 000,185,472 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2012/12/08 15:03:46 | 000,304,256 | ---- | M] (Visan / RocketLife) -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\PhotoProductCore.exe [2012/12/08 15:03:46 | 000,161,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\PhotoProductReg.exe [2011/02/11 18:26:04 | 000,265,560 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE [2010/11/29 18:26:12 | 000,026,456 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe [2010/11/29 18:26:12 | 000,026,456 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Hab\Custom\billmind.exe [2010/11/29 18:26:12 | 000,026,456 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe [2010/11/29 18:26:12 | 000,026,456 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe [2010/05/12 15:42:06 | 000,046,904 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Application Data\Logitech\LWS\PrivacyShades\LWS_PrivacyShade_Uninstall.exe [2011/05/25 01:09:21 | 000,194,152 | ---- | M] (NVIDIA Corporation) -- C:\Documents and Settings\All Users\Application Data\NVIDIA\Updatus\WLMerger.exe [2010/06/12 16:18:42 | 000,036,864 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Temp\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\PostBuild.exe [2010/04/10 17:15:10 | 000,036,864 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Temp\{516A7A9D-5659-4DF1-ADCA-3AB2770664F6}\PostBuild.exe [2010/06/12 16:17:59 | 000,036,864 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Temp\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\PostBuild.exe < %APPDATA%\*. > [2009/12/07 18:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Adobe [2008/11/02 11:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\AdobeUM [2011/10/16 10:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Ahead [2012/11/25 09:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Amazon [2011/11/18 20:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Apple Computer [2011/03/08 20:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Ascendo [2011/12/25 07:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\AuctionSentry [2009/12/07 18:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1 [2010/04/10 17:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\CyberLink [2012/12/25 16:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Dropbox [2012/05/08 20:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\DTV [2011/07/29 17:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\FLEXnet [2010/12/27 07:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\GetRightToGo [2009/08/01 20:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Google [2008/11/01 11:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Help [2012/12/02 10:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Hewlett-Packard [2012/12/02 09:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\HpUpdate [2010/10/30 19:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\ID Vault [2008/09/05 20:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Identities [2008/09/05 20:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\InstallShield [2008/12/12 16:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\InterTrust [2010/01/29 18:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Intuit [2008/11/02 08:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Ipswitch [2010/01/27 19:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Leadertech [2008/10/30 21:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Macromedia [2012/11/18 08:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Malwarebytes [2012/06/17 06:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\McAfee [2012/12/08 12:51:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Roman\Application Data\Microsoft [2011/11/05 11:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Mozilla [2011/02/22 06:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Nolo [2011/12/30 11:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Nuance [2012/10/23 06:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\NVIDIA [2010/06/15 17:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Office Genuine Advantage [2008/11/22 06:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Quicken WillMaker [2012/12/25 13:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\QuickScan [2008/09/05 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\SampleView [2012/12/07 05:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Skype [2011/05/01 09:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\skypePM [2008/11/09 12:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Sun [2008/09/05 21:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Symantec [2012/12/23 17:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\TeamViewer [2010/04/11 06:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Uniblue [2012/12/02 10:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Visan [2012/11/09 15:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\webex [2011/07/17 18:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Windows Desktop Search [2011/07/17 18:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Windows Search [2012/11/27 18:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Wireshark [2011/12/30 11:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Zeon < %APPDATA%\*.exe /s > [2012/12/21 00:41:32 | 028,539,728 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe [2012/12/21 00:42:04 | 000,203,416 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\DropboxUninstaller.exe [2012/04/12 01:46:46 | 000,872,040 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\DropboxUpdateHelper.exe [2012/05/24 13:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Uninstall.exe [2010/02/18 21:04:43 | 000,038,784 | ---- | M] () -- C:\Documents and Settings\Roman\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012/08/21 13:42:04 | 000,509,280 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Roman\Application Data\McAfee\Supportability\MVTLogs\mfehidin.exe [2012/12/02 09:43:47 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{069730C2-755A-485B-A205-27A1AAFA836A}\ARPPRODUCTICON.exe [2012/09/30 10:13:49 | 000,017,006 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_0385F1E82453815F656276.exe [2012/09/30 10:13:49 | 000,017,006 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_05B106666D04F6BA8A2E9A.exe [2012/09/30 10:13:49 | 000,017,006 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_2699BB552378E37916F4D2.exe [2012/09/30 10:13:49 | 000,017,006 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_853F67D554F05449430E7E.exe [2012/09/30 10:13:49 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_EB83BA19A4CD2A871AC3B4.exe [2011/12/03 19:22:33 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2012/05/08 20:37:51 | 000,063,080 | R--- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe [2009/01/09 18:54:05 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\ARPPRODUCTICON.exe [2009/01/09 18:54:05 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\DocumentationShortcu_EDEA8AB776834ED2AA19E6C078064C0D.exe [2012/10/31 19:34:26 | 000,544,160 | ---- | M] (Hewlett-Packard) -- C:\Documents and Settings\Roman\Application Data\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\SmartPrintUpdate.exe < %SYSTEMDRIVE%\*.exe > [2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < c:|Fun4IM;true;true;true; /FP > < c:|Bandoo;true;true;true; /FP > < c:|Searchn;true;true;true; /FP > < c:|Searchq;true;true;true; /FP > < c:|datamngr;true;true;true; /FP > < c:|iLivid;true;true;true; /FP > < c:|whitesmoke;true;true;true; /FP > < %USERPROFILE%\..|smtmp;true;true;true /FP > < %systemroot%\*. /mp /s > ========== Files - Unicode (All) ========== [2012/02/15 06:28:23 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\헠ΰ [2012/02/15 06:28:23 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\헠ΰ ========== Alternate Data Streams ========== @Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0574215C @Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0FF263E8 @Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:F35A93AD @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D95ACC7D < End of report >

Logs Continued: QuickScan 32-bit v0.9.9.118 --------------------------- Scan date: Tue Dec 25 13:17:31 2012 Machine ID: 4489E2EA No infection found. ------------------- Processes --------- Bing Bar 3780 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE Bonjour 264 C:\Program Files\Bonjour\mDNSResponder.exe dcmsvc.exe 492 C:\Program Files\dcmsvc\dcmsvc.exe Dropbox 3664 C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe HP Digital Imaging 2220 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe HP Digital Imaging 784 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe HP Digital Imaging 4028 C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe HP Smart Print 5536 C:\Program Files\Hewlett-Packard\SmartPrint\BootStrap.exe InstallShield Update Service 584 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe iTunes 272 C:\Program Files\iPod\bin\iPodService.exe iTunes 2920 C:\Program Files\iTunes\iTunesHelper.exe Logitech Camera Software 872 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe McAfee SecurityCenter 4808 C:\Program Files\McAfee.com\Agent\mcagent.exe McAfee Shared Service Host 808 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe McAfee SiteAdvisor 6020 C:\PROGRA~1\McAfee\SITEAD~1\saUI.exe Microsoft® Office 1772 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE Microsoft® Windows® Operating System 1876 C:\WINDOWS\system32\spoolsv.exe Microsoft® Windows® Operating System 5852 C:\WINDOWS\system32\wscntfy.exe MobileDeviceService 2032 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe NDSPCSho Application 2192 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe Nuance PDF Products 1756 C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe NVIDIA Driver Helper Service, Version 3 1304 C:\WINDOWS\system32\nvsvc32.exe PC Pitstop Scheduler 1340 C:\Program Files\PCPitstop\PCPitstopScheduleService.exe PC Show power management wrapper 3816 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe PCPitstopInfoCenter 2000 C:\Program Files\PCPitstop\Info Center\InfoCenter.exe Software Manager 3692 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe SYSCORE 2436 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe SYSCORE 1072 C:\WINDOWS\system32\mfevtps.exe TeamViewer 1640 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe VSCORE 544 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (verified) Microsoft® Windows® Operating System 2392 C:\WINDOWS\explorer.exe (verified) Microsoft® Windows® Operating System 3740 C:\WINDOWS\system32\alg.exe (verified) Microsoft® Windows® Operating System 1068 C:\WINDOWS\system32\csrss.exe (verified) Microsoft® Windows® Operating System 3552 C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System 1148 C:\WINDOWS\system32\lsass.exe (verified) Microsoft® Windows® Operating System 2420 C:\WINDOWS\system32\rundll32.exe (verified) Microsoft® Windows® Operating System 2660 C:\WINDOWS\system32\rundll32.exe (verified) Microsoft® Windows® Operating System 180 C:\WINDOWS\system32\rundll32.exe (verified) Microsoft® Windows® Operating System 3712 C:\WINDOWS\system32\rundll32.exe (verified) Microsoft® Windows® Operating System 2836 C:\WINDOWS\system32\searchindexer.exe (verified) Microsoft® Windows® Operating System 1136 C:\WINDOWS\system32\services.exe (verified) Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\smss.exe (verified) Microsoft® Windows® Operating System 1316 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 672 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 504 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1624 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1800 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1964 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1600 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1552 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1400 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\winlogon.exe (verified) Windows® Internet Explorer 2196 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 4312 C:\Program Files\Internet Explorer\iexplore.exe (verified) Windows® Internet Explorer 4860 C:\Program Files\Internet Explorer\iexplore.exe Network activity ---------------- Process HPNetworkCommunicatorCom.exe (784) connected on port 8080 (HTTP Proxy) --> 192.168.0.190 Process McSvHost.exe (808) connected on port 443 (HTTP over SSL) --> 161.69.92.10 Process HPNetworkCommunicator.exe (2220) connected on port 8080 (HTTP Proxy) --> 192.168.0.190 Process Dropbox.exe (3664) connected on port 80 (HTTP) --> 199.47.217.144 Process iexplore.exe (4312) connected on port 80 (HTTP) --> 72.247.191.139 Process iexplore.exe (4312) connected on port 80 (HTTP) --> 74.125.137.102 Process iexplore.exe (4312) connected on port 80 (HTTP) --> 74.125.137.102 Process iexplore.exe (4312) connected on port 80 (HTTP) --> 173.194.37.57 Process iexplore.exe (4312) connected on port 80 (HTTP) --> 74.125.140.154 Process iexplore.exe (4312) connected on port 80 (HTTP) --> 74.125.130.106 Process McSvHost.exe (808) listens on ports: 6646 Process svchost.exe (1400) listens on ports: 135 (RPC) Process svchost.exe (1800) listens on ports: 2869 (SSDP event notification, UPNP) Process Dropbox.exe (3664) listens on ports: 17500 Autoruns and critical files --------------------------- Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe Communicator.exe C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exe dcmsvc.exe C:\Program Files\dcmsvc\dcmsvc.exe Dropbox C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe HP Digital Imaging C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe HP Digital Imaging C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe iTunes C:\Program Files\iTunes\iTunesHelper.exe Logitech Camera Software C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe MainConcept® ImageScaler Dll C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll McAfee SecurityCenter C:\Program Files\McAfee.com\Agent\mcagent.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll Nuance PDF Products C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe Nuance PDF Products C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe NVIDIA Media Center Library C:\WINDOWS\system32\NvMCTray.dll NVIDIA Windows Display driver, Version C:\WINDOWS\system32\NvCpl.dll nwiz.exe C:\Program Files\NVIDIA Corporation\nview\nwiz.exe PC Show power management wrapper C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe PCPitstopInfoCenter C:\Program Files\PCPitstop\Info Center\InfoCenter.exe Recguard Application C:\WINDOWS\SMINST\RECGUARD.EXE Software Manager C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll (verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe (verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll Browser plugins --------------- AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll AmazonMP3DownloaderPlugin C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll atcliun C:\WINDOWS\Downloaded Program Files\atcliun.exe Bing Bar c:\program files\microsoft\bingbar\7.1.361.0\bingext.dll Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll Bonjour C:\Program Files\Bonjour\mdnsNSP.dll Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll Google Update C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll Google Updater C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll HP Smart Print C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe HP Smart Print C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll InterTrust Redemption Wizard C:\Program Files\Internet Explorer\plugins\NPDocBox.dll Java Platform SE 6 U23 c:\program files\java\jre6\bin\jp2ssv.dll Java Platform SE 6 U23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll Java Platform SE 6 U23 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll McAfee SiteAdvisor C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll McAfee SiteAdvisor c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll McAfee SiteAdvisor C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll McAfee Virtual Technician C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll Messenger C:\Program Files\Messenger\msmsgs.exe mhLbl Module C:\WINDOWS\Downloaded Program Files\mhLbl.dll Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL Microsoft Office 2010 c:\program files\microsoft office\office14\urlredir.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll mydlink C:\WINDOWS\Downloaded Program Files\TunnelX.ocx NDS PCShow Plugin C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll npMcSnFFPl.dll c:\Program Files\McAfee\MSC\npMcSnFFPl.dll NPSWF32_11_5_502_135.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll PC Pitstop C:\WINDOWS\Downloaded Program Files\PCPitStop.dll PC Pitstop C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll PC Pitstop C:\WINDOWS\Downloaded Program Files\PCPitstop3D.dll PC Pitstop C:\WINDOWS\Downloaded Program Files\PCPitstopAntiVirus2.dll PC Pitstop DiskMD3 C:\WINDOWS\Downloaded Program Files\DiskMD3Ctrl.dll PCShow Player Plugin C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll PlusIEContextMenu c:\program files\nuance\pdf professional 7\bin\plusiecontextmenu.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll RocketLife Secure Plug-In Layer C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll Sunbelt AntiMalware Common SDK Merge Mo C:\WINDOWS\Downloaded Program Files\SBTE.DLL Sunbelt AntiMalware Common SDK Merge Mo C:\WINDOWS\Downloaded Program Files\SPURSDOWNLOAD.DLL VIPRE Threat detection and remediation C:\WINDOWS\Downloaded Program Files\VIPRE.DLL WebEx Download Module C:\WINDOWS\Downloaded Program Files\ieatgpc.dll Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll wsbho2k0 Module c:\program files\ws_ftp pro\wsbho2k0.dll ZeonIEFavClient c:\program files\nuance\pdf professional 7\bin\zeoniefavclient.dll (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe (verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Missing files ------------- File not found: "c:\program files\microsoft\bingbar\7.1.361.0\bingext.dll" --> HKLM\Software\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}\InprocServer32\"(default)" Scan ---- MD5: 6bf7676296d5359afc135a5397000053 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe MD5: 62712a07b8dcc497e57bd8b74eb1dd85 C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exe MD5: f51ec06aac2e7c2ad8f4d0bf23d01963 C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll MD5: 5596cb8e20cec08a1307274a02356c70 C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe MD5: d1f4ef194a129726fbf30e2f514824aa C:\Documents and Settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll MD5: 56629acf84c1d1f42d35761b8f17c55d C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\boost_thread-vc90-mt-1_39.dll MD5: 108564ef272d62a5ed2e04612e6229d5 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\CatalogDll.dll MD5: d5e60f8ed43707c608bccc91b5ce6e11 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\DrmSingleton.dll MD5: fdaf8c36a5742365a0df502e20f69a28 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\gsttspplugin.dll MD5: 9edcaf5058f9626638ee8f0ac6af8976 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libglib-2.0-0.dll MD5: 9aff67245ce824328ffd26134edc6759 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libgmodule-2.0-0.dll MD5: 9f3ffac085263828f032a52f9b838419 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libgobject-2.0-0.dll MD5: 2c997d1df778ee61046bf5de3082ad43 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libgstreamer-0.10.dll MD5: 7ab4fdd2299a9c7ddedc0c6c77c5c454 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libgthread-2.0-0.dll MD5: f5be4fa3ba8c3727fe062fab9112e5b0 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libiconv-2.dll MD5: eabdd9e3e36069d68d55ed0f0a446c6e C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libxml2-2.dll MD5: 020d010677f04243b400d75fa4f33eb2 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\ndsLogStore.dll MD5: f365d4b0a5b5552f0d2fa3e4aba36d91 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe MD5: e347e05b060c0c57c56406de5b12a020 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll MD5: adee98380dfb75550304dba850078c98 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll MD5: 6b8de507dd6324134826e594c88838b9 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerDll.dll MD5: 52f4a51ca22ab2d4701ac5faf9c845b8 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe MD5: c627f5a7e414a4d5bb00999fc895f1c4 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\TSB.dll MD5: 6ce680bbee0ba239c8abd02aa88be104 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\XferManagerDll.dll MD5: 016f69e8fcd9afe5081781b1487306c5 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\z.dll MD5: a2cb17c6ecd68ab13d3589f626cf3e86 C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll MD5: d1506baa5dd4bc62b54b2a9a3743ace4 C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll MD5: cf000d9a2df8568dc86b35e12b3531e0 C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll MD5: 1224d741ce1a54d67429e04a5b1ec4e2 C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe MD5: 897493762a427d94b66a30ee6ab35966 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll MD5: 848bc9a0bb2361e549fd4c22d7548fb8 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll MD5: c26b09276755e0698b31cf0bae0bf182 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe MD5: f6fd367c9eaaedf90cd7a7952ae0b336 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll MD5: af54247f97ccf3539de7505c09972ff9 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll MD5: ef8cd3c64ee9c08980d6d06ccce46c68 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll MD5: ff9831030678c7b6d70bac00f68f8976 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll MD5: 73862ff693168369a90f046e7f227b83 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MD5: 78865abc5f5d13190f8b35bd9044714a C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll MD5: 152f8772d5a5cd7883305c3b8d28470e C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll MD5: 64894527838c86454e2f378ff39fa336 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MD5: a5299d04ed225d64cf07a568a3e1bf8c C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe MD5: 4e4edf9ca82e95bab2977dd9f21b00f6 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll MD5: ab781c0e4c09e08f464081d17c0f6184 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll MD5: 31fb275f3384353592fc908535b46e18 C:\Program Files\Common Files\Apple\Mobile Device Support\LIBEAY32.dll MD5: 0e1b02c9cc352a1f61703b7d1a8a2c45 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll MD5: 3353fa13f36e0694ee92eed9f0225135 C:\Program Files\Common Files\Apple\Mobile Device Support\SSLEAY32.dll MD5: d2aeadfd998706b4216315b2bd3fa79e C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe MD5: 1663a135865f0ba6e853353e98e67f2a C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe MD5: 3dc635b66dd7412e1c9c3a77b8d78f25 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe MD5: c12476de1affb1bba1a48a459ceb3d39 C:\Program Files\Common Files\LightScribe\LSSrvc.exe MD5: 67a95b9d129ed5399e7965cd09cf30e7 C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe MD5: 156399dae7a45d83827d1b9fb0a53df2 C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\Main_Help.dll MD5: 28e60c4ec03340ee7c5d51d79c19498b c:\Program Files\Common Files\Mcafee\Core\mccoreps.dll MD5: c3333dd48a39c17689414275e09d7cc7 c:\Program Files\Common Files\Mcafee\Core\McEvtBrk.dll MD5: 43979c30662f322e720b50b3d95f5d95 c:\Program Files\Common Files\Mcafee\HackerWatch\HWAPI.dll MD5: f0012f09428ad9952ff57c93acaab585 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll MD5: ecab006ac6136f1307e140b633cdb8c2 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe MD5: f721987c5a710ef2eda2cba9cffafaf7 C:\Program Files\Common Files\Mcafee\MNA\McNASvc.dll MD5: ae02e6dac99fa4dc642c71b10fee9971 C:\Program Files\Common Files\McAfee\MSC\LangSel.dll MD5: b1e8af364027029272758c8e34776144 C:\Program Files\Common Files\McAfee\MSC\LogCntrl.dll MD5: 85ad707f3c3af8079b2f22c1dc7238c0 C:\Program Files\Common Files\Mcafee\MSC\mcbrwsr2.dll MD5: 017ec72c3c9add080daa10956374884a c:\Program Files\Common Files\Mcafee\MSC\McDspWrp.dll MD5: 4be8d8fb641f43f4c4d6cf6ab5ade968 C:\Program Files\Common Files\McAfee\MSC\McRtMui.dll MD5: 2e50b9e0c0647475116247dce4357161 c:\Program Files\Common Files\Mcafee\MSC\mcutil\11,6,277,0\mcutil.dll MD5: 32d2c44247c8f9cac70de1f3ae121964 C:\Program Files\Common Files\Mcafee\MSC\sqlite3.dll MD5: b17440a103bc883b57974d63f43b7485 C:\Program Files\Common Files\Mcafee\NMC\McDisc.dll MD5: 3eca9b282687a529995953e1c048bb2d c:\Program Files\Common Files\Mcafee\NMC\McMPFEvt.dll MD5: a518d3c9fb121f0f37f86b3f1f5d1c32 C:\Program Files\Common Files\Mcafee\NMC\McNDSv.dll MD5: 6c169a7b9cd228cd56bd95814ebc6194 C:\Program Files\Common Files\Mcafee\NMC\McNmcSrv.dll MD5: 6c2d89c52da8592c57fb0dc7bab36ff7 C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe MD5: 4e13ea496e202bcb4fcc342d96faf83a C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe MD5: 250304dc7238574a6cecc88f13e07538 C:\Program Files\Common Files\McAfee\SystemCore\FTL.Dll MD5: a4d46b6fa6ad0e3aa309d060f00a3808 C:\Program Files\Common Files\McAfee\SystemCore\LockDown.dll MD5: 240f879f13cffae974b8929adc42a257 C:\Program Files\Common Files\McAfee\SystemCore\McShield.dll MD5: 6c2d89c52da8592c57fb0dc7bab36ff7 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe MD5: f0898390403be08777978b4f483953a8 C:\Program Files\Common Files\McAfee\SystemCore\mfeapfa.dll MD5: da7212a2e5df4058ff72840bf4ef67ec C:\Program Files\Common Files\McAfee\SystemCore\mfeavfa.dll MD5: e64585a16e4452df3f756ec4ca809e75 C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dll MD5: 4e13ea496e202bcb4fcc342d96faf83a C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe MD5: fc76f0803bf2b86e3abd2c63bb0fdefd C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll MD5: 7509744ad3eca4d625520b55633cb2cf C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll MD5: 55e8267140290d8e1bf291252f3723d1 C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll MD5: 01e8d9b07eeb603cc6bf5cdb21f1dcc9 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3.dll MD5: 8d3ff64e90496c73c0344774329581b6 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_server.dll MD5: d37356755af6b5a6c84735258edbbc57 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_worker.dll MD5: d51e1ff7f4aa27fa10f95b3150741f35 C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121215074655.dll MD5: d51e1ff7f4aa27fa10f95b3150741f35 C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121224175840.dll MD5: a4d46b6fa6ad0e3aa309d060f00a3808 C:\Program Files\Common Files\McAfee\VSCore\Lockdown.dll MD5: d5761dd586c54bf710174e992fa83eaa C:\Program Files\Common Files\Nuance\dgnsvc.exe MD5: 36143067e041a98083fb204dac49293c C:\Program Files\dcmsvc\dcmsvc.exe MD5: 408ddd80eede47175f6844817b90213e C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe MD5: b78f4c2c592c87df54e8e0c6aaef3874 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll MD5: 358878e398ab0fb8b1ee176c2e3edf48 C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll MD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll MD5: f8ecc22460ffb1326aa7d35dcbae67e8 C:\Program Files\Hewlett-Packard\SmartPrint\BootStrap.exe MD5: 1a3a1a8beffb1fc15091f64f588c1cb5 C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe MD5: 3cc2f1568c2d4c1383cb0aa05a52e455 C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll MD5: add4425af62c314f8c49033db7561bc5 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe MD5: 135724d3f79e261b63628d75a6dd0817 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe MD5: f4cc196e5633297c2122e5d7d92ce0ee C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe MD5: ef7a25631c5ffa09324206816a248708 C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll MD5: 203cc41b7693bc3ce131561af33c6f2e C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusUI.dll MD5: 395bcc9122e705f6586217e32cd01cc9 C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe MD5: ce22799e6b81b336021d611a432c4e32 C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationUI.dll MD5: b306ab1a1cf5a3c652466f74f7ee27d2 C:\Program Files\Internet Explorer\ieproxy.dll MD5: 0cbe3e4166a08fc379eabf532b4efe18 C:\Program Files\Internet Explorer\plugins\NPDocBox.dll MD5: 4687b6f8cf5f62ddcf21916114142ff7 C:\Program Files\Internet Explorer\plugins\nppdf32.dll MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin.dll MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll MD5: 854274ac89f9b0aa0dd7dee518c225a7 C:\Program Files\Internet Explorer\xpshims.dll MD5: e8a39d41474be42fd8830ced32932d6c C:\Program Files\iPod\bin\iPodService.exe MD5: 7df0decd3006b8ba450aec714086ff3c C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL MD5: 280013e1ca1a648a6b896d884cc46601 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL MD5: c85eccbaa179719e658ffdbf99221e1e C:\Program Files\iTunes\iTunesHelper.dll MD5: e4401cf27225c1d6e664e86195978562 C:\Program Files\iTunes\iTunesHelper.exe MD5: 9df319f1c2d4b80d8ce8214ea4899adf C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL MD5: 814a169c40b55178bd8e1f79d1ada649 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL MD5: 3fcf47bd73094fa62d81373515f46110 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll MD5: 67e74163c6178aa696e2b4a726770a02 c:\program files\java\jre6\bin\jp2ssv.dll MD5: e731921db2e17dcd3db472fad5549c57 C:\Program Files\Java\jre6\bin\jqs.exe MD5: ea8fcf30d2961369435c84ce3b3063f1 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll MD5: 054dcc54b7de3a9511f50b9fcbf4cdd1 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll MD5: af51b4250f9a37eb88d8f92e4a3c2f79 C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll MD5: c12479cc7830aec5f35a2750094a9d14 C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll MD5: 8ffcfe3351f51e19b856a2347e19b850 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe MD5: 9c11630d403b2768f3eaf9230181e01a C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll MD5: 58fbf6ef281bf78cf16c3b7f58530673 C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll MD5: 5d1d4f50129e4b35c44f3d4f341ef51f C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll MD5: 581a9fe27c17b1679085a066b069b65d C:\Program Files\McAfee.com\Agent\mcagent.exe MD5: a727eaf1c956f05f51592d715e50f725 c:\Program Files\McAfee\MPF\MpfApi.dll MD5: 355db4f5e585ca04c08519ce98cd5ca2 c:\Program Files\McAfee\MPF\MpfEvt.dll MD5: a75338fabf3c24ebc4058faf8a7203d7 c:\Program Files\McAfee\MPF\MpfShm.dll MD5: 8cd7f18d1ef09160fd201446ca70a2fd c:\Program Files\McAfee\MPF\MpfSvc.dll MD5: 5fb8031590222674792690fe7f7ae004 C:\Program Files\McAfee\MPF\Twerp.dll MD5: f891d113ae1488653db2c0fa34a6fbe9 c:\Program Files\McAfee\MQS\QCProgressIcon.dll MD5: 45df6a66256026df51d719c87c16b2ce c:\Program Files\McAfee\MSC\McDBMgr.dll MD5: 9aa3ee13e8cb7671db730015a23f5af5 c:\Program Files\McAfee\MSC\McGsShm.dll MD5: 7c51822e2c94257f3c39551b2e4b8d6a c:\Program Files\McAfee\MSC\McIPTShm.dll MD5: fd83993dbfec4eee7c13bc8fa74dfacc C:\Program Files\McAfee\MSC\mclwapi.dll MD5: d390cda2d132c6d8cc27db7e007970fa c:\Program Files\McAfee\MSC\mcmispps.dll MD5: c76be4b014d2fad9a3e38f2a773bd912 c:\Program Files\McAfee\MSC\mcmschlp.dll MD5: b01860e256305c775c4678f66710aa60 c:\Program Files\McAfee\MSC\McMscShm.dll MD5: cac6f6f206c978deea928b9302646a09 c:\Program Files\McAfee\MSC\mcmscsub.dll MD5: 9adea7a6e21e72de50a152194c8510fe C:\Program Files\McAfee\MSC\McOemRes.dll MD5: 2b07418ae23172777fe4ad68361f24df C:\Program Files\McAfee\MSC\mcprlalt.dll MD5: 516f2ed421d9689696d38d5b5f825370 C:\Program Files\McAfee\MSC\mcprlres.dll MD5: 49f62a7d70c930dba98c8ff8b5d6850c c:\Program Files\McAfee\MSC\mcregobj\11,6,434,0\mcregobj.dll MD5: e6d44bf4a7a11bc06520b8ce54128f7b c:\Program Files\McAfee\MSC\mcsubmgr\11,6,434,0\mcsubmgr.dll MD5: e7abc004978055616431654f63a3e5a7 c:\Program Files\McAfee\MSC\mcuicfg.dll MD5: 354277d6e1b93f111351d523845b6257 c:\Program Files\McAfee\MSC\McUpdShm.dll MD5: 4b06ba13e36358ddabb87b59abe16c3b C:\Program Files\McAfee\MSC\mscjsres.dll MD5: 3234e4bb71dad2c13dc5c8cd85203e8b c:\Program Files\McAfee\MSC\mscuild.dll MD5: a44bffa5d6cc1e909e6a3c16d9bb009b c:\Program Files\McAfee\MSC\npMcSnFFPl.dll MD5: 6a9a136c7403fa7452834ff025ecfa9d C:\Program Files\McAfee\MSC\OemUI.dll MD5: 2e72f6bd5d0c055780537b6711e14eaa c:\Program Files\McAfee\MSC\oemuild.dll MD5: 5686edb3b234003c5e110f49c07a99b8 c:\Program Files\McAfee\SiteAdvisor\mcbrwctl.dll MD5: 5c4ba8ef8fba80397c33cc33f7f3922f c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll MD5: 4011e202d10468cd68ef1791a7f5e2f3 c:\Program Files\McAfee\SiteAdvisor\McPlgUI.dll MD5: f9f003ecab0ac26e2aba43e672f15bd9 c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll MD5: c6fd288c265157410a17ae0531d3af4c C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll MD5: e84b3cb28ab4d95c07738ae9937c2734 c:\Program Files\McAfee\SiteAdvisor\sahook.dll MD5: 1d702a6e768510f2623171c963afae36 c:\Program Files\McAfee\SiteAdvisor\SaSSHMod.dll MD5: cd64b78db77d443181a9e2e834796863 c:\Program Files\McAfee\SiteAdvisor\saUI.exe MD5: 7ded7521eb8b8d56dadcd044d1b77709 c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll MD5: fa910662b178e09857ca6b98e3e22435 C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll MD5: 80a617849b004d1c6c4beab7aa86f021 C:\Program Files\McAfee\VirusScan\Engine\5500.1093\mcscan32.dll MD5: b776af46bbcb0a48d6a18efaa49e6fa4 c:\Program Files\McAfee\VirusScan\EScnPlug.dll MD5: 9bd0c29c5c78c74a8d177399f07bd194 c:\Program Files\McAfee\VirusScan\McOasShm.dll MD5: c7da06c9a9aeefbe37aac281ea6385d5 C:\Program Files\McAfee\VirusScan\mcods.exe MD5: 93624b1849df1f5ed709522a302a1db2 c:\Program Files\McAfee\VirusScan\mcodsax.dll MD5: b8b742537bfa1ac4f742b36beb310bf6 c:\Program Files\McAfee\VirusScan\McVsPs.dll MD5: 2e645c11aab7a7e5f607355f6cbdf068 c:\Program Files\McAfee\VirusScan\MVsCfg.dll MD5: 2f25b52b0cf0f6f5be2d789181d61735 c:\Program Files\McAfee\VirusScan\mvslog.dll MD5: 7cc9484fbc922f7dc0b1d767a256c1e5 c:\Program Files\McAfee\VirusScan\NaiAnn.dll MD5: 149da63ed179de9b46d5c38a867f3199 c:\Program Files\McAfee\VirusScan\NaiAnnPs.dll MD5: 618b5e4d16dcba693b421c5062d84f9a c:\Program Files\McAfee\VirusScan\VSJsRes.dll MD5: bfcce364e88a2cb9d64327f7ba7a77f5 C:\Program Files\McAfee\VirusScan\vsores.dll MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe MD5: a5d08b86e8a437aa6deaf7a187bf6ca5 c:\program files\microsoft office\office14\urlredir.dll MD5: 9013599b12923a45c029c34e8d2211ac c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll MD5: a2494901e7226b356b8c1005c45f1c5f C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe MD5: 809263143a1622f9768a4f68431bd45d c:\program files\microsoft\bingbar\7.1.361.0\bingext.dll MD5: 63b1cbbae4790b5bac98f01bf9449722 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE MD5: 313265cf4f5f02ed927774da1db3fe00 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe MD5: b74db0119593f722ef6fb3d407c2da3a c:\program files\nuance\pdf professional 7\bin\plusiecontextmenu.dll MD5: 08603efc5a8f1aa8d2cdec4fc00325e4 c:\program files\nuance\pdf professional 7\bin\zeoniefavclient.dll MD5: 869cc2b32e989bf203165ee6d27d0c8c C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe MD5: 3f87885cb3767bfd27811b3ca3cc608d C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe MD5: d6fb9634096473c3a54fbeac10139203 C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe MD5: 210ee09cb9c2655e55bd48d851369dc1 C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe MD5: bf9addb37c6f5f3159aa78df586dda8d C:\Program Files\NVIDIA Corporation\nview\nwiz.exe MD5: d9c2c7c1552093da582e1ab9b3432b55 C:\Program Files\NVIDIA Corporation\Update Common\easyDaemonAPIU.DLL MD5: 0ba077efedbd024029d2f77c355cadde C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll MD5: a15b420eeb9850b22d803a676e3423cc C:\Program Files\NVIDIA Corporation\Update Common\NVUPDTR.DLL MD5: 59325d3245246df17235a4a551b9853a C:\Program Files\PCPitstop\Info Center\InfoCenter.exe MD5: 1aef52f2cc9acb260cdc93904a0b36df C:\Program Files\PCPitstop\PCPitstopScheduleService.exe MD5: d0c0b700152b1f610f10b356483b3401 C:\Program Files\Skype\Updater\Updater.exe MD5: 9f3e7cabe86bbdeca009de291db6d9e2 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe MD5: 11e618a8a8c56a2063428ba1c3b615d0 C:\Program Files\TeamViewer\Version8\tv_w32.dll MD5: 0e3d30f8cdd82e7e64938459ca90d9f0 C:\Program Files\Windows Media Player\wmpband.dll MD5: b60f58f175de20a6739194e85b035178 C:\Program Files\WinPcap\rpcapd.exe MD5: 2e0fe4c6595296051a1533f2e19a7eb2 C:\Program Files\WS_FTP Pro\nsftpch.dll MD5: b570f2f4031ae076f58a53d6b238ca05 c:\program files\ws_ftp pro\wsbho2k0.dll MD5: cd64b78db77d443181a9e2e834796863 C:\PROGRA~1\McAfee\SITEAD~1\saUI.exe MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL MD5: 7a4d7b91bc815ed33e63122ca7078fd0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll MD5: 878f6183cef9bef0019fe03ee10ad269 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll MD5: c1a1f10bd3839c6c583ae84c9d6d0b22 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll MD5: bb5b7e95212d816aff7a329f248a1adf C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll MD5: 89be7f1e47ade757e0460027ec5cd998 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll MD5: c2b9b86d3037ad3902058939954d6109 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll MD5: 5cffbd7d881a175ca94b4972157f8034 C:\WINDOWS\Downloaded Program Files\atcliun.exe MD5: 84bc80b9d12f8611592346fe1477069e C:\WINDOWS\Downloaded Program Files\DiskMD3Ctrl.dll MD5: 1b71f118d7393976b5e53e99f3f4d695 C:\WINDOWS\Downloaded Program Files\ieatgpc.dll MD5: 3f4413dcd8d3bbabf08f68f25e6d60e1 C:\WINDOWS\Downloaded Program Files\isusweb.dll MD5: 6c079a0e753cbcd7f34ae8446589199a C:\WINDOWS\Downloaded Program Files\mhLbl.dll MD5: 0a69653cdc454f714b1e2e86923bc2f9 C:\WINDOWS\Downloaded Program Files\PCPitStop.dll MD5: d8c4d4b92b29b5856293da270cfaae44 C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll MD5: 6ef25bb1191df8a37e863551de4f4a45 C:\WINDOWS\Downloaded Program Files\PCPitstop3D.dll MD5: ef46173fa99251ad3994fa2c9a194f93 C:\WINDOWS\Downloaded Program Files\PCPitstopAntiVirus2.dll MD5: 56940b50ab0e5923822f47b0e4463885 C:\WINDOWS\Downloaded Program Files\qsax.dll MD5: b0af3f6c7ee623eedc275f34e69ce692 C:\WINDOWS\Downloaded Program Files\SBTE.DLL MD5: 861884fc6522c2ee25d86c84e5384d42 C:\WINDOWS\Downloaded Program Files\SPURSDOWNLOAD.DLL MD5: c95bbeda7cb9b019229aa8706254f6b4 C:\WINDOWS\Downloaded Program Files\TunnelX.ocx MD5: dfe4a062ffed0c938867de4647a55c48 C:\WINDOWS\Downloaded Program Files\VIPRE.DLL MD5: 860fad57b4668a9f5f350a9d5444ae89 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll MD5: b560a085eed4d5d72b039929f9ae4991 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll MD5: f282d4edd85d53e20d902cc92190c5f5 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll MD5: fb53a700132d9a97d1e10e9f80bd6174 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: d3cc7a3813123e955b3a497c04b404e2 C:\WINDOWS\SMINST\RECGUARD.EXE MD5: c85670ab64068f8080998aeba6c5019c C:\WINDOWS\system32\ATL100.DLL MD5: cfd4e51402da9838b5a04ae680af54a0 c:\windows\system32\browser.dll MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll MD5: 698f56b7f74bdf9433a30f2c323169ee C:\WINDOWS\system32\corelcreatorpm.dll MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll MD5: 06f2aea1065838aae394553063cdf28e C:\WINDOWS\system32\CRTDLL.dll MD5: 6bee5d4eff0a0341bcc4a462d81ccfc1 C:\WINDOWS\system32\CRYPT32.dll MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll MD5: 062373995eae5f0eac9eaa9192136bfb C:\WINDOWS\system32\dnssd.dll MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys MD5: 9372cc48814a17e67c28945eb4acc189 C:\WINDOWS\system32\DRIVERS\basic2.sys MD5: 67b20da4727f54aea29fddad810c898d C:\WINDOWS\system32\drivers\cfwids.sys MD5: 9ea76a7f28cd968f8adc709e479f23b2 C:\WINDOWS\system32\DRIVERS\fallback.sys MD5: 413cfa795cad19a010889df0ec060408 C:\WINDOWS\system32\DRIVERS\faxnt.sys MD5: b7b262d0431374f3afd1349e35b368d9 C:\WINDOWS\system32\DRIVERS\fsksnt.sys MD5: 185ada973b5020655cee342059a86cbb C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys MD5: d61e53e3fec0c92bc8dd3969fad63f87 C:\WINDOWS\system32\drivers\HipShieldK.sys MD5: a941aa38e3951058e584c4bbddd56ed9 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys MD5: 970178e8e003eb1481293830069624b9 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys MD5: ebb354438a4c5a3327fb97306260714a C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys MD5: a4e3277398c8aba999483d4c658c9696 C:\WINDOWS\system32\DRIVERS\k56nt.sys MD5: ba1347822d01b2d29c14cf09663a6457 C:\WINDOWS\system32\DRIVERS\lvrs.sys MD5: e2c99d3b692ba2173114c9df79313b70 C:\WINDOWS\system32\DRIVERS\lvuvc.sys MD5: b73ec688c29f81f9da0fcf63682b3ecb C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys MD5: 195741aee20369980796b557358cd774 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys MD5: ba3004f4c0a0cd19db9c2c0ab3a84efe C:\WINDOWS\system32\drivers\mfeapfk.sys MD5: 39c20b7d9ac19bfe616ca09dd3a240af C:\WINDOWS\system32\drivers\mfeavfk.sys MD5: e3470decda0a4015a0ca00ed645f2ebe C:\WINDOWS\system32\drivers\mfebopk.sys MD5: c8ac8147e02ed8795e1fd946165baccf C:\WINDOWS\system32\drivers\mfefirek.sys MD5: 7aaf92954d8d2801b17a1163c60abfe9 C:\WINDOWS\system32\drivers\mfehidk.sys MD5: 3474b9391903c0ab2e9987cb4de943d8 C:\WINDOWS\system32\DRIVERS\mfendisk.sys MD5: 62d55d882d58a1250348f324bc0afc06 C:\WINDOWS\system32\drivers\mferkdet.sys MD5: fcfab391e3736769fe5865f3acb3dccb C:\WINDOWS\system32\drivers\mfetdi2k.sys MD5: 9fa7207d1b1adead88ae8eed9cdbbaa5 C:\WINDOWS\system32\drivers\monfilt.sys MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys MD5: b48dc6abcd3aeff8618350ccbdc6b09a C:\WINDOWS\system32\drivers\npf.sys MD5: 68b8c35782ffd20973524f748234b5a9 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys MD5: a12ec731bb00adad2d016d41c1f18fa4 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys MD5: 5dc6a149897820de315916b6ec984ec9 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys MD5: 4c35e57300a2dc5932a8e29efa527c32 C:\WINDOWS\system32\DRIVERS\rksample.sys MD5: a9573045baa16eab9b1085205b82f1ed C:\WINDOWS\system32\DRIVERS\serscan.sys MD5: c11082c80723771c1979eacf7fdde1c3 C:\WINDOWS\system32\DRIVERS\spkpnt.sys MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys MD5: 9101fffcfccd1a30e870a5b8a9091b10 C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys MD5: e0f10a379239b4fab319c55a9cd6bc96 C:\WINDOWS\system32\DRIVERS\tonesnt.sys MD5: 8bf5d980cdce35fb26f05047144bb57e C:\WINDOWS\System32\Drivers\usbaapl.sys MD5: 177b65899d418f8c8f037b20567a99d6 C:\WINDOWS\system32\DRIVERS\v124nt.sys MD5: 5822017d17d7f14cb5a57c04767135d1 C:\WINDOWS\system32\drivers\viahduaa.sys MD5: 4c0b8ef721783f52f8e531fbdc4b1f74 C:\WINDOWS\system32\DRIVERS\wceusbsh.sys MD5: ffb3115aa757abefba7fba90bad5dd0a C:\WINDOWS\system32\en-us\tQuery.dll.mui MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll MD5: fb034de7f0d706eba9513d8ed7478acb C:\WINDOWS\system32\HPDiscoPM5912.dll MD5: 5f923ae1c8cdff1d6890a2994ed33e0e C:\WINDOWS\system32\hpgwiamd.dll MD5: b4cd580096ede5be874fa5b92a34aec4 C:\WINDOWS\system32\hpinksts5912LM.dll MD5: efc067aab4af13c03f9fb8c385351a60 C:\WINDOWS\system32\HPScanTRDrv_OJ8600.dll MD5: 0e40a02ddc65f33af80c962a3b00345a C:\WINDOWS\system32\hptcpmib.dll MD5: b3d7330f19c7ad35b4bf8bb2fbecf372 C:\WINDOWS\system32\hptcpmon.dll MD5: fb5a1d9e11e1cdad9d0cda06d7e86981 C:\WINDOWS\system32\HPTcpMUI.dll MD5: aea9ed3acafe9f47735f8e048ca21b19 C:\WINDOWS\system32\HPWia1_OJ8600.dll MD5: 2d091a99624fb9e7eef0a86d872ec0c3 C:\WINDOWS\system32\HPZipm12.exe MD5: b85ec14c7a5f7b2c8d70d4443486dd77 C:\WINDOWS\system32\hpzjrd01.dll MD5: 52417880ac75ac4b7f4e5c3b54ca6621 C:\WINDOWS\system32\hpzlnt12.dll MD5: 903c8c110131b8a71501514b61a17761 C:\WINDOWS\system32\ieframe.dll MD5: 7b6f5a09bcb1e8017a964ffe0992e8f6 C:\WINDOWS\system32\iepeers.dll MD5: 994b77915ea49a467cda144806ae42d6 C:\WINDOWS\system32\iertutil.dll MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll MD5: 63e8d944afbeebb243f25c4ed07e74c5 C:\WINDOWS\system32\inetmib1.dll MD5: b6932761058dc21beaa7a1245b1b20e6 C:\WINDOWS\system32\infosoft.dll MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\JScript.dll MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll MD5: 6fe42512ab1b89f32a7407f261b1d2d0 C:\WINDOWS\system32\kernel32.dll MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll MD5: 5677dfe438ec1f009273fc84feed6b10 C:\WINDOWS\system32\localspl.dll MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll MD5: 25def2ef843275862ffbf55487cefddd C:\WINDOWS\system32\Macromed\Flash\Flash32_11_5_502_135.ocx MD5: 95ce557d16a75606ccc2d7f3b0b0bccb C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe MD5: 54fc590185d7d00d65e53b9a5990dc14 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll MD5: 82b7415d5a8fb24d3f6736400f5e1600 C:\WINDOWS\system32\mfevtps.exe MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime MD5: bd4d9d7b6a3880d42cda8492452c9e71 C:\WINDOWS\system32\msfeeds.dll MD5: 9c46e5c82f94d9aedd2ce798f0df1158 C:\WINDOWS\system32\mshtml.dll MD5: 29bd913d8fd1feb6728dc9b43b55c1d2 C:\WINDOWS\system32\MSRATING.dll MD5: bc83108b18756547013ed443b8cdb31b C:\WINDOWS\system32\MSVCP100.dll MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\WINDOWS\system32\MSVCR100.dll MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll MD5: acfee2392503dd5e457363a0510b8bcb c:\Windows\System32\msxml3.dll MD5: a0ae7f043497c9971e9d7fe291099d40 C:\WINDOWS\system32\msxml6.dll MD5: cac752bf84db4666ed3ce0948e6ea937 C:\WINDOWS\system32\NETAPI32.dll MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\netshell.dll MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll MD5: 981027c4b940bbe220eccb00f0b159b4 C:\WINDOWS\system32\nvapi.dll MD5: ed43760c9a61c0abd91a473762e5a791 C:\WINDOWS\system32\NvCpl.dll MD5: b3c1ba5f5ab8f9d8fc3b00f907522631 C:\WINDOWS\system32\NvMCTray.dll MD5: ffd30daaf62d605069f6eb42d2e807c3 C:\WINDOWS\system32\nvsvc32.exe MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll MD5: b84990566b1a5611818e36379e49dad2 C:\WINDOWS\system32\pdfports.dll MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll MD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS\system32\schannel.dll MD5: f0a0ebf086597e645bc14b0d98f8ba58 C:\WINDOWS\system32\scrrun.dll MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll MD5: e73f18195ccf4aaaa87b2d22e83f791c C:\WINDOWS\system32\serwvdrv.dll MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll MD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS\system32\SHELL32.dll MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll MD5: ef588ebd27aa2124f83c630c61c126bc C:\WINDOWS\System32\spool\PRTPROCS\W32X86\WfxPrint2000.dll MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\T2EMBED.DLL MD5: ec2ad9ac452e0a8d976fb1b1718517ce C:\WINDOWS\system32\umdmxfrm.dll MD5: bca608797a3e8eec0094cd6d596d77d7 C:\WINDOWS\system32\urlmon.dll MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\VBScript.dll MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll MD5: 9ad88ea663124336e88eb031f917ce20 C:\WINDOWS\system32\WININET.dll MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll MD5: d458b738b4c2ce33174cfb2ce12412db C:\WINDOWS\system32\WINTRUST.dll MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll MD5: bdc0c99e472176c8c2c853a68adc5073 C:\WINDOWS\system32\wups2.dll MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll MD5: c701d4500d0cb03ff4543f9907b624ea C:\WINDOWS\system32\xmllite.dll MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll The following file(s) must be uploaded for server-side scanning: C:\WINDOWS\system32\hptcpmib.dll C:\Program Files\Internet Explorer\plugins\npqtplugin.dll C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll C:\Program Files\Internet Explorer\plugins\NPDocBox.dll C:\WINDOWS\system32\hptcpmon.dll C:\WINDOWS\Downloaded Program Files\isusweb.dll C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll C:\Program Files\Internet Explorer\plugins\nppdf32.dll C:\WINDOWS\SMINST\RECGUARD.EXE C:\WINDOWS\system32\corelcreatorpm.dll C:\WINDOWS\System32\spool\PRTPROCS\W32X86\WfxPrint2000.dll C:\Program Files\dcmsvc\dcmsvc.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll C:\Program Files\WS_FTP Pro\nsftpch.dll C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll C:\WINDOWS\system32\hpzjrd01.dll C:\WINDOWS\system32\pdfports.dll C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll c:\program files\ws_ftp pro\wsbho2k0.dll C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\HPTcpMUI.dll Upload started - 28 file(s) dcmsvc.exe (30440) LSSrvc.exe (53248) HPZipm12.exe (73728) issch.exe (81920) RECGUARD.EXE (212992) WfxPrint2000.dll (16840) pdfports.dll (20584) nsftpch.dll (24576) npjp2.dll (69632) hptcpmib.dll (73728) adistres.dll (77824) nppdf32.dll (103344) hptcpmon.dll (122880) corelcreatorpm.dll (126976) wsbho2k0.dll (131072) hpzjrd01.dll (139264) npqtplugin.dll (159744) eqsnx.dll (208896) HPTcpMUI.dll (212992) NPDocBox.dll (225280) isusweb.dll (401408) System.Configuration.ni.dll (971264) Upload speed - 20 KB/s Upload finished - 28 uploaded, 0 failed The uploaded file(s) were found clean. Scan finished - communication took 174 sec Total traffic - 3.42 MB sent, 0.88 KB recvd Scanned 809 files and modules - 250 seconds ============================================================================== RogueKiller V8.4.1 [Dec 24 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Roman [Admin rights] Mode : Scan -- Date : 12/25/2012 13:26:37 ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] PCShowServerPMWrapper.exe -- C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe -> KILLED [TermProc] [DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll -> KILLED [TermProc] [sUSP PATH] NDSPCShowServer.exe -- C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 13 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer (C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe) -> FOUND [RUN][sUSP PATH] HKCU\[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND [RUN][sUSP PATH] HKUS\.DEFAULT[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-19[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-20[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1687530015-1697978249-4202760790-1004[...]\Run : PCShowServer (C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1687530015-1697978249-4202760790-1004[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-18[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND [services][Rans.Gendarm] HKLM\[...]\ControlSet001\Services\CorelCreatorMessages ("C:\WINDOWS\system32\CorelCreatorMessages.exe") -> FOUND [services][Rans.Gendarm] HKLM\[...]\ControlSet003\Services\CorelCreatorMessages ("C:\WINDOWS\system32\CorelCreatorMessages.exe") -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 localhost [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST380012A +++++ --- User --- [MBR] 63d314d6f97c15e54d341fb66a926441 [bSP] ab90a61d0cadfefa0824665e9ce9ec94 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST3500320AS +++++ --- User --- [MBR] 2422b9798518f2263a8cf51995fac452 [bSP] 8312934f688144256aeb1d7b8230715f : Legit2 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 7373835 | Size: 473337 Mo 1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 3600 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12252012_02d1326.txt >> RKreport[1]_S_12252012_02d1326.txt

Logs Continued: Logfile of random's system information tool 1.09 (written by random/random) Run by Roman at 2012-12-25 13:04:11 Microsoft Windows XP Professional Service Pack 3 System drive C: has 422 GB (89%) free of 473 GB Total RAM: 3197 MB (76% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:04:44 PM, on 12/25/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PCPitstop\PCPitstopScheduleService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\dcmsvc\dcmsvc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe C:\Program Files\PCPitstop\Info Center\InfoCenter.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Program Files\Hewlett-Packard\SmartPrint\bootstrap.exe C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\PROGRA~1\mcafee\SITEAD~1\saui.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\Roman\Desktop\RSIT.exe C:\Program Files\trend micro\Roman.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: QpBHO Class - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121224175840.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing) O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [PDF7 Registry Controller] C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe O4 - HKLM\..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe O4 - HKLM\..\Run: [info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iSUSPM] "C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [PCShowServer] C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN28SBWG2P05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 O4 - HKCU\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW O4 - HKUS\S-1-5-19\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: Open with Nuance PDF Converter 7 - res://C:\Program Files\Nuance\PDF Professional 7\cnvres_eng.dll /100 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://download.windowsupdate.com O15 - Trusted Zone: http://xmro.xmradio.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} (TunnelX Control) - https://www.mydlink.com/8D/activeX//TunnelX.ocx O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/WBXclient-T28L10NSP6EP1-15324/webex/ieatgpc.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file) O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe O23 - Service: Google Update Service (gupdate1ca13132833f7e2) (gupdate1ca13132833f7e2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 17583 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Adobe Flash Player Updater.job C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\At1.job C:\WINDOWS\tasks\At2.job C:\WINDOWS\tasks\At3.job C:\WINDOWS\tasks\At4.job C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\HP Photo Creations Communicator.job C:\WINDOWS\tasks\User_Feed_Synchronization-{BDE7133C-82B2-4BF4-85C5-B5D91B4A4BA3}.job =========Mozilla firefox========= ProfilePath - C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\43597dhz.default prefs.js - "browser.startup.homepage" - "http://www.google.com/" prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=mcafee&p=" "{1650a312-02bc-40ee-977e-83f158701739}"=C:\Program Files\SiteAdvisor\FF1 "{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ "quickprint@hp.com"=C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension "{D19CA586-DD6C-4a0a-96F8-14644F340D60}"=C:\Program Files\Common Files\McAfee\SystemCore [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.5.502.135 Plugin "Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=] "Description"=iTunes Detector Plug-in "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0] "Description"= "Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10] "Description"=McAfee Total Protection MIME Plugin "Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MVT] "Description"=McAfee Virtual Technician Plugin "Path"=C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/SAFFPlugin] "Description"= "Path"=C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1] "Description"=Microsoft Download Manager "Path"=C:\WINDOWS\ [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] "Description"=Office Authorization plug-in for NPAPI browsers "Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] "Description"=Microsoft SharePoint Plug-in for Firefox "Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5] "Description"=Windows Presentation Foundation plug-in for Mozilla browsers "Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14] "Description"=Google Updater "Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5] "Description"=A component of your photo software powered by RocketLife "Path"=C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll C:\Program Files\Mozilla Firefox\extensions\ {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} {972ce4c6-7e08-4474-a285-3208198ce6fd} C:\Program Files\Mozilla Firefox\components\ binary.manifest browsercomps.dll nsIQTScriptablePlugin.xpt C:\Program Files\Mozilla Firefox\searchplugins\ amazondotcom.xml bing.xml eBay.xml google.xml McSiteAdvisor.xml twitter.xml wikipedia.xml yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30 61888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1658D3A1-9E13-4196-A82A-D70D70880F36}] HP Smart Print BHO - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll [2012-10-31 644000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}] PlusIEEventHelper Class - C:\Program Files\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll [2011-06-30 245016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}] WsftpBrowserHelper Class - C:\Program Files\WS_FTP Pro\wsbho2k0.dll [2001-12-20 131072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121224175840.dll [2012-11-09 89040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-09-10 761840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-06-21 261568] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9}] ZeonIEEventHelper Class - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll [2011-07-08 488728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - DocuCom PDF - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll [2011-07-08 488728] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-06-21 261568] {eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992] "dcmsvc"=C:\Program Files\dcmsvc\dcmsvc.exe [2009-04-07 30440] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920] "APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280] "LWS"=C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [2011-08-12 205336] "PDF7 Registry Controller"=C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe [2011-09-09 141160] "PDFProHook"=C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe [2011-11-03 1787752] "Info Center"=C:\Program Files\PCPitstop\Info Center\InfoCenter.exe [2011-09-26 24216] "mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2012-09-12 1278648] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-09-23 15512424] "NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login [] "nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-09-23 1634112] ""= [] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-12-12 152544] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "ISUSPM"=C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [2011-06-05 222496] "PCShowServer"=C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe [2012-03-01 351888] "HP Officejet Pro 8600 (NET)"=C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2012-10-17 1837672] "Google"=rundll32 C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll,CreateIScalerW [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048] C:\Documents and Settings\Roman\Start Menu\Programs\Startup Dropbox.lnk - C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - C:\WINDOWS\system32\RunDll32.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoRun"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server" "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote" "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe" "C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox" "C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server" "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager" "C:\Program Files\Logitech\Vid HD\Vid.exe"="C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD" "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe" "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe"="C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host" "C:\Documents and Settings\Roman\Local Settings\Temp\7zS4947\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Roman\Local Settings\Temp\7zS4947\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS" "C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 FaxApplications" "C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 DigitalWizards" "C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 SendFaxAppExe" "C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Officejet Pro 8600)" "C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Officejet Pro 8600)" "C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet Pro 8600)" "C:\Documents and Settings\Roman\Local Settings\Temp\7zS1CE9\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Roman\Local Settings\Temp\7zS1CE9\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS" "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit" "C:\Documents and Settings\Roman\Local Settings\Temp\7zS6902\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Roman\Local Settings\Temp\7zS6902\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Documents and Settings\Roman\Local Settings\Temp\7zS5FB7\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Roman\Local Settings\Temp\7zS5FB7\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application" "C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "midimapper"=midimap.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msadpcm"=msadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.trspch"=tssoft32.acm "vidc.cvid"=iccvid.dll "VIDC.I420"=lvcodec2.dll "vidc.iv31"=ir32_32.dll "vidc.iv32"=ir32_32.dll "vidc.iv41"=ir41_32.ax "VIDC.IYUV"=iyuv_32.dll "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVU9"=tsbyuv.dll "VIDC.YVYU"=msyuv.dll "wavemapper"=msacm32.drv "msacm.msg723"=msg723.acm "vidc.M263"=msh263.drv "vidc.M261"=msh261.drv "msacm.msaudio1"=msaud32.acm "msacm.sl_anet"=sl_anet.acm "msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax "vidc.iv50"=ir50_32.dll "msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm "wave1"=serwvdrv.dll "MSVideo8"=VfWWDM32.dll "MSVideo"=vfwwdm32.dll "msacm.siren"=sirenacm.dll "wave3"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv "wave4"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux3"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "msacm.pspgru"=pspgru.acm "MSACM.CEGSM"=mobilev.acm "wave2"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv ======List of files/folders created in the last 1 month====== 2012-12-25 13:04:11 ----D---- C:\rsit 2012-12-25 13:04:11 ----D---- C:\Program Files\trend micro 2012-12-25 13:00:31 ----D---- C:\WINDOWS\ERDNT 2012-12-25 12:59:10 ----D---- C:\Program Files\ERUNT 2012-12-21 16:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$ 2012-12-19 08:33:59 ----D---- C:\Program Files\Dropbox 2012-12-19 08:23:29 ----D---- C:\Program Files\iPod 2012-12-19 08:23:25 ----D---- C:\Program Files\iTunes 2012-12-19 08:23:25 ----D---- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-15 07:46:58 ----A---- C:\WINDOWS\system32\drivers\mfendisk.sys 2012-12-12 06:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$ 2012-12-12 06:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$ 2012-12-12 06:14:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$ 2012-12-12 06:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842$ 2012-12-12 06:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$ 2012-12-06 19:36:54 ----D---- C:\Program Files\Common Files\Skype 2012-12-02 11:08:11 ----D---- C:\Program Files\QuickTime 2012-12-02 10:07:15 ----D---- C:\Documents and Settings\Roman\Application Data\Hewlett-Packard 2012-12-02 10:03:07 ----D---- C:\Documents and Settings\Roman\Application Data\Visan 2012-12-02 10:01:52 ----D---- C:\Program Files\HP Photo Creations 2012-12-02 10:01:52 ----D---- C:\Documents and Settings\All Users\Application Data\Visan 2012-12-02 10:01:52 ----D---- C:\Documents and Settings\All Users\Application Data\HP Photo Creations 2012-12-02 09:44:03 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant 2012-12-02 09:36:42 ----N---- C:\WINDOWS\system32\HPDiscoPM5912.dll 2012-12-02 09:36:40 ----A---- C:\WINDOWS\system32\HPWia1_OJ8600.dll 2012-12-02 09:36:40 ----A---- C:\WINDOWS\system32\HPScanTRDrv_OJ8600.dll 2012-12-02 09:36:36 ----A---- C:\WINDOWS\system32\hpinksts5912LM.dll 2012-12-02 09:36:36 ----A---- C:\WINDOWS\system32\hpinksts5912.dll 2012-12-02 09:36:36 ----A---- C:\WINDOWS\system32\hpinkins5912.exe 2012-12-02 09:36:36 ----A---- C:\WINDOWS\system32\hpinkcoi5912.dll 2012-11-26 18:55:27 ----D---- C:\Documents and Settings\Roman\Application Data\Wireshark 2012-11-26 18:49:51 ----D---- C:\Program Files\WinPcap 2012-11-26 18:49:18 ----D---- C:\Program Files\Wireshark ======List of files/folders modified in the last 1 month====== 2012-12-25 13:04:44 ----RSHDC---- C:\WINDOWS\system32\dllcache 2012-12-25 13:04:44 ----D---- C:\WINDOWS\Temp 2012-12-25 13:04:43 ----AD---- C:\Documents and Settings\All Users\Application Data\Temp 2012-12-25 13:04:11 ----RD---- C:\Program Files 2012-12-25 13:03:35 ----D---- C:\WINDOWS\Prefetch 2012-12-25 13:00:31 ----D---- C:\WINDOWS 2012-12-25 00:23:31 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop 2012-12-24 18:10:02 ----D---- C:\Documents and Settings\Roman\Application Data\Dropbox 2012-12-24 17:58:40 ----D---- C:\Program Files\Mozilla Firefox 2012-12-24 17:42:36 ----D---- C:\WINDOWS\system32\drivers 2012-12-24 16:54:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2012-12-24 06:22:19 ----D---- C:\WINDOWS\system32\CatRoot2 2012-12-24 06:21:17 ----D---- C:\WINDOWS\PIXTRAN 2012-12-23 17:44:20 ----D---- C:\Documents and Settings\Roman\Application Data\TeamViewer 2012-12-23 17:40:06 ----RSD---- C:\WINDOWS\Fonts 2012-12-23 17:39:45 ----D---- C:\Program Files\TeamViewer 2012-12-22 01:11:00 ----D---- C:\WINDOWS\ie8updates 2012-12-21 17:26:41 ----D---- C:\WINDOWS\system32 2012-12-21 16:33:09 ----HD---- C:\WINDOWS\inf 2012-12-21 16:32:06 ----HD---- C:\WINDOWS\$hf_mig$ 2012-12-21 09:34:21 ----AC---- C:\WINDOWS\wsftppro.INI 2012-12-19 08:24:54 ----SHD---- C:\WINDOWS\Installer 2012-12-19 08:23:29 ----D---- C:\Program Files\Common Files\Apple 2012-12-18 07:54:50 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe 2012-12-18 06:54:02 ----SD---- C:\WINDOWS\Tasks 2012-12-16 07:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll 2012-12-15 09:42:24 ----D---- C:\Program Files\Common Files\Mcafee 2012-12-15 07:48:19 ----D---- C:\WINDOWS\system32\config 2012-12-12 06:14:44 ----A---- C:\WINDOWS\imsins.BAK 2012-12-12 06:14:28 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2012-12-12 06:13:08 ----AC---- C:\WINDOWS\iis6.BAK 2012-12-12 06:11:53 ----D---- C:\Program Files\Internet Explorer 2012-12-12 06:07:29 ----AC---- C:\WINDOWS\system32\MRT.exe 2012-12-09 06:20:25 ----SD---- C:\WINDOWS\Downloaded Program Files 2012-12-08 12:51:53 ----SD---- C:\Documents and Settings\Roman\Application Data\Microsoft 2012-12-07 05:41:04 ----D---- C:\Documents and Settings\Roman\Application Data\Skype 2012-12-06 19:37:00 ----D---- C:\Documents and Settings\All Users\Application Data\Skype 2012-12-06 19:36:54 ----RD---- C:\Program Files\Skype 2012-12-06 19:36:54 ----D---- C:\Program Files\Common Files 2012-12-02 11:10:59 ----DC---- C:\WINDOWS\system32\DRVSTORE 2012-12-02 09:44:20 ----D---- C:\Documents and Settings\Roman\Application Data\HpUpdate 2012-12-02 09:44:04 ----D---- C:\WINDOWS\WinSxS 2012-12-02 09:38:05 ----D---- C:\WINDOWS\system32\CatRoot 2012-12-02 09:36:30 ----D---- C:\Documents and Settings\All Users\Application Data\HP 2012-12-02 09:36:28 ----D---- C:\WINDOWS\twain_32 2012-12-02 09:05:59 ----RSD---- C:\WINDOWS\assembly 2012-12-02 09:05:43 ----D---- C:\Program Files\Hewlett-Packard 2012-11-26 05:59:48 ----D---- C:\Program Files\Mozilla Maintenance Service ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2012-11-09 565352] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2012-11-09 91168] R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\fallback.sys [2001-09-07 310899] R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\fsksnt.sys [2001-09-07 127405] R2 K56;K56; C:\WINDOWS\system32\DRIVERS\k56nt.sys [2001-09-07 426783] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-28 11868] R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-06-25 35088] R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\faxnt.sys [2001-09-07 217019] R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\system32\DRIVERS\spkpnt.sys [2001-09-07 80449] R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\tonesnt.sys [2001-09-07 56607] R2 V124;V124; C:\WINDOWS\system32\DRIVERS\v124nt.sys [2001-09-07 534125] R3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\basic2.sys [2001-09-07 77426] R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2012-11-09 60480] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2012-09-21 310504] R3 LVUVC;Logitech Webcam Pro 9000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2012-09-21 4261224] R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2012-11-09 132912] R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2012-11-09 234824] R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2012-11-09 362640] R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2012-11-09 84432] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-09-23 12557728] R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-01 13824] R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\rksample.sys [2001-09-07 67654] R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432] R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784] R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2008-05-21 277376] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2001-09-07 584336] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-10-07 23832] S3 HipShieldK;McAfee Inc. HipShieldK; C:\WINDOWS\system32\drivers\HipShieldK.sys [2012-04-20 146872] S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2006-02-28 1041536] S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2006-02-28 220032] S3 mbr;mbr; \??\C:\DOCUME~1\Roman\LOCALS~1\Temp\mbr.sys [] S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys [] S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2012-11-09 65488] S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2012-11-09 84432] S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2012-11-09 92192] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-01 66688] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-09-28 44544] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [] S4 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784] R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784] R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784] R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784] R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784] R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784] R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2012-11-09 203400] R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 168880] R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2012-11-09 167344] R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-09-23 164200] R2 PCPitstop Scheduling;PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [2012-12-02 86216] R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-12-12 553440] R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 250808] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 DragonSvc;Dragon Service; C:\Program Files\Common Files\Nuance\dgnsvc.exe [2011-06-05 296808] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gupdate1ca13132833f7e2;Google Update Service (gupdate1ca13132833f7e2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-01 133104] S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-01 133104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-10 194104] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2010-08-23 13672] S3 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672] S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376] S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248] S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2012-11-16 279048] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-25 115168] S3 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-09-23 1258856] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 PDFProFiltSrv;PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2011-09-09 135016] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264] S3 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944] S3 UMVPFSrv;UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S4 CorelCreatorMessages;CorelCreatorMessages; C:\WINDOWS\system32\CorelCreatorMessages.exe [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

First, I really appreciate the quick response and even on Christmas Day! I did not get a notification of your reply and will check my Notification settings, otherwise I would have completed this sooner. I completed all 7 steps and logs follow: info.txt logfile of random's system information tool 1.09 2012-12-25 13:04:46 ======Uninstall list====== -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe -maintain activex Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -maintain plugin Adobe Reader 8.3.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A83000000003} Amazon MP3 Downloader 1.0.17-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly Apple Application Support-->MsiExec.exe /I{CCE825DB-347A-4004-A186-5F4A6FDD8547} Apple Mobile Device Support-->MsiExec.exe /I{459699C3-9430-4381-964B-4248D87B49F9} Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} Auction Sentry-->MsiExec.exe /I{38ED4745-4015-4BF0-AB17-AA4B07595137} Auction Sentry-->MsiExec.exe /X{DF29A0E2-DF76-4932-98A9-34B441F40486} Bing Bar-->MsiExec.exe /X{D6C3C9E7-D334-4918-BD57-5B1EF14C207D} Bing Rewards Client Installer-->MsiExec.exe /X{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17} Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B} CameraHelperMsi-->MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3} Cisco WebEx Meetings-->C:\WINDOWS\DOWNLO~1\atcliun.exe Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Conexant HSF V92 56K RTAD Speakerphone PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0 dcmsvc 1.0-->"C:\Program Files\dcmsvc\unins000.exe" Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{99F50845-55E3-4E06-9A5A-17D37F4D4FB9}" "1033" "0" DIRECTV Player-->MsiExec.exe /X{5F3783B7-F809-45A7-8A92-A44B441FDA7C} Disney Dreams Screen Saver-->C:\WINDOWS\system32\Disney Dreams.scr /u Disney Epic Mickey: Prima Official eGuide-->"C:\Program Files\Prima Games\DisneyEpicMickeyPrimaOfficialeGuide\Uninstall.exe" Dragon NaturallySpeaking 11-->MsiExec.exe /I{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA} erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C} ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" Family Tree Maker 2009-->C:\Program Files\InstallShield Installation Information\{27711CB0-26B3-4D99-88A9-4E4D60C34850}\setup.exe -runfromtemp -l0x0409 Family Tree Maker 2010-->"C:\Program Files\InstallShield Installation Information\{89EAD745-088B-4160-B964-42C4D4D273AD}\setup.exe" -runfromtemp -l0x0409 -removeonly Family Tree Maker 2010-->MsiExec.exe /X{89EAD745-088B-4160-B964-42C4D4D273AD} Free JavaScript Editor 4.7-->MsiExec.exe /I{EA5B4DB8-BF9A-4E23-B7FB-0A387A3A0E8F} Google Chrome-->"C:\Program Files\Google\Chrome\Application\23.0.1271.64\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Earth-->MsiExec.exe /X{28E82311-8616-11E1-BEB0-B8AC6F97B88E} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB2756822)-->"C:\WINDOWS\$NtUninstallKB2756822$\spuninst\spuninst.exe" Hotfix for Windows XP (KB2779562)-->"C:\WINDOWS\$NtUninstallKB2779562$\spuninst\spuninst.exe" HP FWUpdateEDO2-->MsiExec.exe /I{415FA9AD-DA10-4ABE-97B6-5051D4795C90} HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Officejet Pro 8600 Basic Device Software-->MsiExec.exe /I{8EAB4100-B343-41AE-A880-418746998209} HP Officejet Pro 8600 Help-->MsiExec.exe /I{46235FF7-2CBE-4A84-BEDA-87348D1F7850} HP Officejet Pro 8600 Help-->MsiExec.exe /I{B6F5C6D8-C443-4B55-932F-AE11B5743FC4} HP Officejet Pro 8600 Product Improvement Study-->MsiExec.exe /I{669B49D6-BCA8-4F7C-9248-CE5677750285} HP Photo Creations-->"C:\Program Files\HP Photo Creations\uninst.exe" HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC} HP Product Detection-->MsiExec.exe /I{4F38594F-2C4A-4C42-B2C4-505E225F6F80} HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat HP Smart Print 1.1.5.2-->MsiExec.exe /I{7752CBAC-3B2D-43C0-98CA-A1A16CCF7E3C} HP Update-->MsiExec.exe /X{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5} I.R.I.S. OCR-->MsiExec.exe /I{CA6BCA2F-EDEB-408F-850B-31404BE16A61} Info Center 1.0.0.7-->"C:\Program Files\PCPitstop\Info Center\unins000.exe" InstantShareAlert-->MsiExec.exe /I{069730C2-755A-485B-A205-27A1AAFA836A} Ipswitch WS_FTP Pro-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\WS_FTP Pro\uninst.isu" -c"C:\Program Files\WS_FTP Pro\FTPInstUtils.dll" iSEEK AnswerWorks English Runtime-->MsiExec.exe /I{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3} iTunes-->MsiExec.exe /I{B0261E53-B6F1-474A-864B-E7C3CBF468E0} Java 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF} Logitech Vid HD-->C:\Program Files\Logitech\Vid HD\uninst.exe Logitech Webcam Software Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_12.10" /clone_wait /hide_progress Logitech Webcam Software-->"C:\Program Files\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe" /lang=ENU /guid="{D40EB009-0499-459c-A8AF-C9C110766215}" LWS Gallery-->MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD} LWS Help_main-->MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9} LWS Launcher-->MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6} LWS Motion Detection-->MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA} LWS Pictures And Video-->MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967} LWS Twitter-->MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48} LWS Video Mask Maker-->MsiExec.exe /I{EED027B7-0DB6-404B-8F45-6DFEE34A0441} LWS VideoEffects-->MsiExec.exe /I{138A4072-9E64-46BD-B5F9-DB2BB395391F} LWS Webcam Software-->MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189} LWS WLM Plugin-->MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D} LWS YouTube Plugin-->MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E} Malwarebytes Anti-Malware version 1.65.1.1000-->"C:\Program Files\Malwarebytes\unins000.exe" McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall McAfee Virtual Technician-->C:\Program Files\McAfee\Supportability\MVT\MVTInstaller.exe /uninstall Microsoft .NET Framework 1.1 Security Update (KB2656370)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp" Microsoft .NET Framework 1.1 Security Update (KB2698023)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2698023\M2698023Uninstall.msp" Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft ActiveSync 3.7-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll" Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Download Manager-->MsiExec.exe /X{654977DB-0001-0002-0001-EABD228DDE8B} Microsoft Office 2003 Primary Interop Assemblies-->MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9} Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0" Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0" Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE} Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE} Microsoft Office Home and Business 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-0081-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9} Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE} Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE} Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7} Microsoft Visual Studio 2010 Tools for Office Runtime (x86)-->c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exe Microsoft Visual Studio 2010 Tools for Office Runtime (x86)-->MsiExec.exe /X{97BA2B90-AF72-35CF-BFDC-E06531811B20} Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F} Microsoft WSE 3.0-->MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D} Mozilla Firefox 17.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe" MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MultiScreen-->C:\Program Files\InstallShield Installation Information\{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}\setup.exe -runfromtemp -l0x0009 -removeonly MX-950 Editor-->MsiExec.exe /X{B762B2A5-883B-454B-A586-1DF6C4528262} Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID="" NetObjects Fusion 10.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3334366-BCED-4D4B-A266-23E3414FC29D}\setup.exe" -l0x9 anything -uninst NetObjects Fusion 12.0-->"C:\Program Files\InstallShield Installation Information\{46CB5C9E-BE06-42B6-8B59-C037B8E93889}\setup.exe" -runfromtemp -l0x0009anything -uninst -removeonly Nuance PDF Converter Professional 7-->MsiExec.exe /I{6F9C25B0-6ABF-4FB0-8793-176487F963EE} NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI NVIDIA Graphics Driver 306.81-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.7\NVI2.DLL",UninstallPackage Display.Driver NVIDIA nView 136.28-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.7\NVI2.DLL",UninstallPackage Display.NView NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall NVIDIA Update 1.10.8-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.7\NVI2.DLL",UninstallPackage Display.Update OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18} Paint Shop Pro 6.02 CD-->C:\Program Files\Paint Shop Pro 6\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG Password Safe-->"C:\Program Files\Password Safe\Uninstall.exe" Password Tracker Deluxe 3.62-->"C:\Program Files\Password Tracker Deluxe\PwTrkr.exe" /uninstall PC Matic 1.1.0.44-->"C:\Program Files\PCPitstop\PC Matic\unins000.exe" PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C1}\setup.exe" ControlPanel PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PrintMaster Premier 4.00-->c:\PROGRA~1\pmw\msrun.exe Unins Quicken 2011-->MsiExec.exe /X{5FE545A1-D215-4216-9189-E7B39C9D1CC1} Quicken WillMaker Plus 2009-->C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2009\uninstal.log Quicken WillMaker Plus 2011-->C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2011\uninstal.log QuickTime-->MsiExec.exe /I{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A} Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT="" Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder Client Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder Client Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{73CC972E-6ABF-456B-9E1E-BADC0E65B57A}" "1033" "0" Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{D267D0F7-9770-467D-ACF3-FB2F7E0AC532}" "1033" "0" Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1033" "0" Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}" "1033" "0" Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}" "1033" "0" Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CC39BA1F-7A25-440C-86A7-77E35D8CC88C}" "1033" "0" Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1033" "0" Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DAB57906-C0A9-486D-BBAB-7F71BD701C96}" "1033" "0" Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{54A1B66B-F5B2-45AD-8B19-5F51A027A1B9}" "1033" "0" Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B5489515-6DD4-47A5-AE4E-64751D15F10E}" "1033" "0" Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{9FF4E0C9-11BB-4B32-AC5E-EAB896CB4216}" "1033" "0" Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A5E549EB-FDD3-4CD1-8163-50D429A36516}" "1033" "0" Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{61461470-8168-4F4B-97B7-617AF354F028}" "1033" "0" Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{0A682BA4-3C78-42C3-8DDF-EB9A6ABE5535}" "1033" "0" Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F8243081-3FB0-4EE8-9B2A-6F7D70AF5269}" "1033" "0" Security Update for Windows Internet Explorer 8 (KB2761465)-->"C:\WINDOWS\ie8updates\KB2761465-IE8\spuninst\spuninst.exe" Security Update for Windows XP (KB2724197)-->"C:\WINDOWS\$NtUninstallKB2724197$\spuninst\spuninst.exe" Security Update for Windows XP (KB2727528)-->"C:\WINDOWS\$NtUninstallKB2727528$\spuninst\spuninst.exe" Security Update for Windows XP (KB2753842)-->"C:\WINDOWS\$NtUninstallKB2753842$\spuninst\spuninst.exe" Security Update for Windows XP (KB2753842-v2)-->"C:\WINDOWS\$NtUninstallKB2753842-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB2758857)-->"C:\WINDOWS\$NtUninstallKB2758857$\spuninst\spuninst.exe" Security Update for Windows XP (KB2761226)-->"C:\WINDOWS\$NtUninstallKB2761226$\spuninst\spuninst.exe" Security Update for Windows XP (KB2770660)-->"C:\WINDOWS\$NtUninstallKB2770660$\spuninst\spuninst.exe" Security Update for Windows XP (KB2779030)-->"C:\WINDOWS\$NtUninstallKB2779030$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Shared C Run-time for x86-->MsiExec.exe /I{1945A4B5-73B6-4DE9-99A3-05261B7FDED0} Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120} Skype™ 6.0-->MsiExec.exe /X{EA17F4FC-FDBF-4CF8-A529-2D983132D053} SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe" System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe TeamViewer 8-->C:\Program Files\TeamViewer\Version8\uninstall.exe TEG-PCITXR 32bit Gigabit PCI Adatper-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly Trainz-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}\setup.exe" -l0x9 TRS2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE1289F-4025-41A5-AD17-101DB4D82CA7}\setup.exe" -l0x9 TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000} TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000} TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000} TurboTax 2009 wkyiper-->MsiExec.exe /I{39003340-EAA2-012B-ADCD-000000000000} TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000} TurboTax 2009-->C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /a TurboTax 2010 WinPerFedFormset-->MsiExec.exe /I{3782EC09-4000-475E-8A59-9CABD6F03B4C} TurboTax 2010 WinPerReleaseEngine-->MsiExec.exe /I{A525E00B-6609-442E-9DCD-64453C233E8D} TurboTax 2010 WinPerTaxSupport-->MsiExec.exe /I{05BDC796-3451-4F81-B91D-E98F7ADA76C2} TurboTax 2010 wkyiper-->MsiExec.exe /I{D0EE2F91-CC20-426F-A4D5-7FFE54E55015} TurboTax 2010 wrapper-->MsiExec.exe /I{4F2FCCCF-29F3-44B9-886F-6D16F8417522} TurboTax 2010-->C:\Program Files\TurboTax\Deluxe 2010\Installer\TurboTax 2010 Installer.exe /u /t /a TurboTax 2011 WinPerReleaseEngine-->MsiExec.exe /I{E463E171-4082-4744-A466-F7CBE8502789} TurboTax 2011 WinPerTaxSupport-->MsiExec.exe /I{CAF5B770-082F-40C4-853D-3973BB81BDAA} TurboTax 2011 wkyiper-->MsiExec.exe /I{9CC57E3F-0478-4005-98D3-4C6850C5A6E7} TurboTax 2011 wrapper-->MsiExec.exe /I{EE556A3E-EB37-4392-9637-BAA8EC2F47FA} TurboTax 2011-->C:\Program Files\TurboTax\Deluxe 2011\Installer\TurboTax 2011 Installer.exe /u /t /a Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1033" "0" Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1033" "0" Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{18B3CF2A-73F7-4716-B1AE-86D68726D408}" "1033" "0" Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{73E67A3A-8D61-44EF-90C2-1697C3DBE668}" "1033" "0" Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1033" "0" Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1033" "0" Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{C4F26A9B-B121-4135-8084-A0D9C780C7C8}" "1033" "0" Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{460FF681-BC66-4C38-99DF-7012E03F1EBA}" "1033" "0" Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{C633216E-FF30-45B6-B2AB-21922A9353EF}" "1033" "0" Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{1CBEDB37-C438-473F-8BA0-2535B0D237E2}" "1033" "0" Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{9865DC3A-2898-48D9-B96A-46397571C934}" "1033" "0" Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}" "1033" "0" Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{47894754-0FEC-4920-9A65-6C1E732587AC}" "1033" "0" Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}" "1033" "0" Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}" "1033" "0" Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}" "1033" "0" Update for Windows XP (KB2661254-v2)-->"C:\WINDOWS\$NtUninstallKB2661254-v2$\spuninst\spuninst.exe" Update for Windows XP (KB2749655)-->"C:\WINDOWS\$NtUninstallKB2749655$\spuninst\spuninst.exe" VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Visual C++ 9.0 Runtime for Dragon NaturallySpeaking-->MsiExec.exe /I{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F} Visual C++ Runtime for Dragon NaturallySpeaking-->MsiExec.exe /I{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F} Visual Studio 2005 Tools for Office Second Edition Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe Warner Bros. Digital Copy Manager-->msiexec /qb /x {0E6EC2D7-5C9B-28B7-C848-171EDACB9625} Warner Bros. Digital Copy Manager-->MsiExec.exe /I{0E6EC2D7-5C9B-28B7-C848-171EDACB9625} WebIQ Technology Engine-->MsiExec.exe /X{0F2F77E4-4053-4108-B153-81F0B42EDCF4} Windows 7 Upgrade Advisor-->MsiExec.exe /I{AB05F2C8-F608-403b-95E1-FD8ADFACD31E} Windows Driver Package - Logitech (lvrs) MEDIA (01/17/2012 13.31.1044.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5s_EC6F58D0768F50BA52841701F07D93224CCBC418\lvpro5s.inf Windows Driver Package - Logitech (lvrs) MEDIA (09/21/2012 13.51.823.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5s_B2A99D387D2BC7834AC22520D8B1925C395063F6\lvpro5s.inf Windows Driver Package - Logitech (LVUVC) Image (01/17/2012 13.31.1044.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5v_D2C9E2D5867D472251514011BBE78B5772FF85F4\lvpro5v.inf Windows Driver Package - Logitech (LVUVC) Image (09/21/2012 13.51.823.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5v_8009832C96BA2EC6FBB36C272247C99207D2CF34\lvpro5v.inf Windows Driver Package - Logitech USB (01/17/2012 13.31.1044.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5c_CFEA30E7EC4EFEFA29100B1389F8CC4E7815C557\lvpro5c.inf Windows Driver Package - NVIDIA (nv) Display (01/07/2011 6.14.12.6658)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_023219CF3A4917CCA41B16B1E8B93E1DDC0892D0\nv4_disp.inf Windows Driver Package - NVIDIA (nv) Display (02/09/2012 6.14.12.9573)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_D57F88388DBB75A1A9F016A4439CE7941366B9CC\nv4_disp.inf Windows Driver Package - NVIDIA (nv) Display (02/29/2012 6.14.12.9610)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_F40C8CD5B9A6521F54F4F7E14A360CB5AE46AB6B\nv4_disp.inf Windows Driver Package - NVIDIA (nv) Display (03/15/2010 6.14.11.9713)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_01A1720D7453D730F20FAFBEA4D6B9A2105287C9\nv4_disp.inf Windows Driver Package - NVIDIA (nv) Display (04/07/2011 6.14.12.7061)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_CCC0A428AE64891D9B1B7F5C8E54AC2C95FE3671\nv4_disp.inf Windows Driver Package - NVIDIA (nv) Display (05/15/2012 6.14.13.0142)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_7D446CFBFA4A85956C4FA21B72A07064B3CD147E\nv4_disp.inf Windows Driver Package - NVIDIA (nv) Display (05/20/2011 6.14.12.7533)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_14FA122036C65C3E9AA05BF676F2EE944AFC831C\nv4_disp.inf Windows Driver Package - NVIDIA (nv) Display (06/07/2010 6.14.12.5721)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_6B8341AFD9CC5A9A6A5B2D844EEBBD241AB9C81C\nv4_disp.inf Windows Driver Package - NVIDIA (nv) Display (07/09/2010 6.14.12.5896)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_6691F1BDB0DC3B805E5970F75D7834FC0D37C6EE\nv4_disp.inf Windows Driver Package - NVIDIA (nv) Display (08/03/2011 6.14.12.8026)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_2E7B5C052AFEB20F28FCD99D5AE9F5DB070782DB\nv4_disp.inf Windows Driver Package - NVIDIA (nv) Display (09/23/2012 6.14.13.0681)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_dispi_C9E7FAAB72598782BB81E5D97AE9C3200C96917C\nv4_dispi.inf Windows Driver Package - NVIDIA (nv) Display (10/07/2011 6.14.12.8558)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_90681DB143FDAFA00A0689935B55440102A1AF67\nv4_disp.inf Windows Driver Package - NVIDIA (nv) Display (10/16/2010 6.14.12.6099)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_01CF2A199AEBDA193CB0ABAB5E8168F9160AA86F\nv4_disp.inf Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71} Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5} Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinPcap 4.1.2-->C:\Program Files\WinPcap\uninstall.exe WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Wireshark 1.8.3 (32-bit)-->"C:\Program Files\Wireshark\uninstall.exe" ======Hosts File====== ======Security center information====== AV: McAfee Anti-Virus and Anti-Spyware FW: McAfee Firewall ======System event log====== Computer Name: ZTDESKTOP Event Code: 10010 Message: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout. Record Number: 83768 Source Name: DCOM Time Written: 20121123101934.000000-300 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: ZTDESKTOP Event Code: 7001 Message: The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Record Number: 83744 Source Name: Service Control Manager Time Written: 20121123101138.000000-300 Event Type: error User: Computer Name: ZTDESKTOP Event Code: 7001 Message: The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Record Number: 83743 Source Name: Service Control Manager Time Written: 20121123101138.000000-300 Event Type: error User: Computer Name: ZTDESKTOP Event Code: 7001 Message: The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Record Number: 83742 Source Name: Service Control Manager Time Written: 20121123101138.000000-300 Event Type: error User: Computer Name: ZTDESKTOP Event Code: 64008 Message: The protected system file c:\windows\system32\kbdus.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time. Record Number: 83738 Source Name: Windows File Protection Time Written: 20121123101036.000000-300 Event Type: warning User: =====Application event log===== Computer Name: ZTDESKTOP Event Code: 3013 Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Record Number: 46054 Source Name: Windows Search Service Time Written: 20121214182735.000000-300 Event Type: error User: Computer Name: ZTDESKTOP Event Code: 3013 Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Record Number: 46053 Source Name: Windows Search Service Time Written: 20121214182735.000000-300 Event Type: error User: Computer Name: ZTDESKTOP Event Code: 3013 Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Record Number: 46052 Source Name: Windows Search Service Time Written: 20121214182735.000000-300 Event Type: error User: Computer Name: ZTDESKTOP Event Code: 3013 Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f) Record Number: 46051 Source Name: Windows Search Service Time Written: 20121214182735.000000-300 Event Type: error User: Computer Name: ZTDESKTOP Event Code: 902 Message: The Software Protection service has started. 14.0.370.400 Record Number: 46034 Source Name: Office Software Protection Platform Service Time Written: 20121214053108.000000-300 Event Type: User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_REVISION"=0f0b "NUMBER_OF_PROCESSORS"=4 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "asl.log"=Destination=file "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! McAfee Anti-Virus and Anti-Spyware Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 23 Free JavaScript Editor 4.7 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (17.0) Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 2% ````````````````````End of Log``````````````````````

I noticed intermittent redirects in IE and Firefox when clicking links from Google searches. Ran Malwarebytes and got a hit on Trojan.Happili. Logs show quarantined and deleted. Rebooted and keep getting the same type of re-directs. Could use some of that expert help please. Requested logs follow: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Roman at 17:45:10 on 2012-12-24 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3197.2412 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* . ============== Running Processes ================ . C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\PCPitstop\PCPitstopScheduleService.exe C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\TeamViewer\Version8\TeamViewer.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\TeamViewer\Version8\tv_w32.exe C:\Program Files\dcmsvc\dcmsvc.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe C:\Program Files\PCPitstop\Info Center\InfoCenter.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\RunDLL32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\System32\alg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files\Hewlett-Packard\SmartPrint\bootstrap.exe C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\PROGRA~1\mcafee\SITEAD~1\saui.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: AutorunsDisabled - <orphaned> BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: HP Smart Print BHO: {1658D3A1-9E13-4196-A82A-D70D70880F36} - c:\program files\hewlett-packard\smartprint\QuickPrintBHO.dll BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: WsftpBrowserHelper Class: {601ED020-FB6C-11D3-87D8-0050DA59922B} - c:\program files\ws_ftp pro\wsbho2k0.dll BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned> BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: DocuCom PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [iSUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler uRun: [PCShowServer] c:\documents and settings\roman\local settings\application data\directv player\PCShowServerPMWrapper.exe uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN28SBWG2P05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 uRun: [Google] rundll32 "c:\documents and settings\roman\local settings\application data\hp\google\eqsnx.dll",CreateIScalerW mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide mRun: [PDF7 Registry Controller] c:\program files\nuance\pdf professional 7\RegistryController.exe mRun: [PDFProHook] c:\program files\nuance\pdf professional 7\pdfpro7hook.exe mRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exe mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [Google] rundll32 "c:\documents and settings\roman\local settings\application data\hp\google\eqsnx.dll",CreateIScalerW dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 StartupFolder: c:\docume~1\roman\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\roman\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\roman\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 IE: Open with Nuance PDF Converter 7 - c:\program files\nuance\pdf professional 7\cnvres_eng.dll /100 IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\HPQuickPrintLauncher.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} - hxxps://www.mydlink.com/8D/activeX//TunnelX.ocx DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP6EP1-15324/webex/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{53371D86-939F-42EB-8692-365423C01C6D} : DHCPNameServer = 192.168.0.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll Handler: AutorunsDisabled - <Clsid value has no data> Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\roman\application data\mozilla\firefox\profiles\43597dhz.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\documents and settings\all users\application data\visan\plugins\npRLSecurePluginLayer.dll FF - plugin: c:\documents and settings\roman\local settings\application data\directv player\npPCShowPlugin.dll FF - plugin: c:\documents and settings\roman\local settings\application data\directv player\npPlayerPlugin.dll FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\windows\npMSDM.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll FF - ExtSQL: 2012-12-02 09:58; quickprint@hp.com; c:\program files\hewlett-packard\smartprint\QPExtension . ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.brc - BRI/1 . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-2-22 565352] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-6-17 91168] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-17 167784] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-17 167784] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-17 167784] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-17 167784] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-6-17 203400] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-6-17 168880] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-6-17 167344] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088] R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-1-21 86216] R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-23 3467768] R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-6-17 60480] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-6-17 234824] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-6-17 362640] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-15 84432] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-9-5 277376] S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-5 296808] S3 gupdate1ca13132833f7e2;Google Update Service (gupdate1ca13132833f7e2);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-11-14 146872] S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-6-17 65488] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-15 84432] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-6-17 92192] S3 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 7\PDFProFiltSrv.exe [2011-9-9 135016] S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-9 25088] S3 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 CorelCreatorMessages;CorelCreatorMessages;"c:\windows\system32\corelcreatormessages.exe" --> c:\windows\system32\CorelCreatorMessages.exe [?] . =============== Created Last 30 ================ . 2012-12-19 13:33:59 -------- d-----w- c:\program files\Dropbox 2012-12-19 13:23:29 -------- d-----w- c:\program files\iPod 2012-12-19 13:23:25 -------- d-----w- c:\program files\iTunes 2012-12-19 13:23:25 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-15 12:46:58 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2012-12-15 12:46:51 33944 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll 2012-12-14 10:46:14 544160 ----a-w- c:\documents and settings\roman\application data\microsoft\internet explorer\hewlett-packard\smartprint\SmartPrintUpdate.exe 2012-12-14 10:46:14 139264 ----a-w- c:\documents and settings\roman\application data\microsoft\internet explorer\hewlett-packard\smartprint\unzip32.dll 2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2012-12-02 16:08:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2012-12-02 15:03:07 -------- d-----w- c:\documents and settings\roman\application data\Visan 2012-12-02 15:01:52 -------- d-----w- c:\program files\HP Photo Creations 2012-12-02 15:01:52 -------- d-----w- c:\documents and settings\all users\application data\Visan 2012-12-02 15:01:52 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations 2012-12-02 14:36:42 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll 2012-12-02 14:36:40 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll 2012-12-02 14:36:40 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll 2012-12-02 14:36:36 529808 ----a-w- c:\windows\system32\hpinksts5912.dll 2012-12-02 14:36:36 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll 2012-12-02 14:36:36 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe 2012-12-02 14:36:36 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll 2012-11-26 23:55:27 -------- d-----w- c:\documents and settings\roman\application data\Wireshark 2012-11-26 23:49:51 -------- d-----w- c:\program files\WinPcap 2012-11-26 23:49:18 -------- d-----w- c:\program files\Wireshark 2012-11-25 14:33:48 -------- d-----w- c:\program files\Amazon 2012-11-25 12:28:45 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2012-11-25 12:28:44 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2012-11-25 12:28:44 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2012-11-25 12:28:43 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2012-11-25 12:28:43 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe . ==================== Find3M ==================== . 2012-12-18 12:54:50 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-18 12:54:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-09 11:56:16 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 11:53:22 167344 ----a-w- c:\windows\system32\mfevtps.exe 2012-11-09 11:53:02 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2012-11-09 11:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-11-09 11:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-11-09 11:51:12 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 11:50:20 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 11:50:00 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-11-09 11:49:40 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 11:49:10 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec 2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-24 20:08:38 1101436 -c--a-w- c:\windows\system32\nvdrsdb1.bin 2012-10-24 20:08:38 1 -c--a-w- c:\windows\system32\nvdrssel.bin 2012-10-24 20:04:23 1101436 -c--a-w- c:\windows\system32\nvdrsdb0.bin 2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll 2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-28 15:32:56 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-09-28 15:32:56 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys . ============= FINISH: 17:45:43.87 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 10/28/2008 9:11:13 AM System Uptime: 12/24/2012 6:21:14 AM (11 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5N73-AM Processor: Intel® Core™2 Quad CPU Q6700 @ 2.66GHz | Socket 775 | 2666/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 462 GiB total, 412.18 GiB free. D: is CDROM () E: is FIXED (NTFS) - 75 GiB total, 48.17 GiB free. F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: NVIDIA nForce Networking Controller Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV07DC\4&1BE66D70&1&000 Manufacturer: NVIDIA Name: NVIDIA nForce 10/100 Mbps Ethernet PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV07DC\4&1BE66D70&1&000 Service: NVENETFD . ==== System Restore Points =================== . RP1500: 12/22/2012 4:37:33 PM - System Checkpoint RP1501: 12/23/2012 6:00:42 PM - System Checkpoint . ==== Installed Programs ====================== . 7300 7300_Help 7300Trb Adobe Acrobat 5.0 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.3.1 AiO_Scan AiOSoftware Amazon MP3 Downloader 1.0.17 AnswerWorks 5.0 English Runtime Apple Application Support Apple Mobile Device Support Apple Software Update Auction Sentry Bing Bar Bing Rewards Client Installer Bonjour BufferChm CameraHelperMsi Cisco WebEx Meetings Compatibility Pack for the 2007 Office system Conexant HSF V92 56K RTAD Speakerphone PCI Modem Copy CP_AtenaShokunin1Config cp_dwShrek2Albums1 cp_dwShrek2Cards1 CreativeProjects CreativeProjectsTemplates CueTour dcmsvc 1.0 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations Director DIRECTV Player Disney Dreams Screen Saver Disney Epic Mickey: Prima Official eGuide DocProc DocumentViewer Dragon NaturallySpeaking 11 Dropbox erLT Family Tree Maker 2009 Family Tree Maker 2010 Fax Free JavaScript Editor 4.7 Google Chrome Google Earth Google Update Helper Google Updater Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2756822) Hotfix for Windows XP (KB2779562) Hotfix for Windows XP (KB954550-v5) HP FWUpdateEDO2 HP Image Zone 4.7 HP Officejet Pro 8600 Basic Device Software HP Officejet Pro 8600 Help HP Officejet Pro 8600 Product Improvement Study HP Photo Creations HP Product Assistant HP Product Detection HP PSC & OfficeJet 4.7 HP Smart Print 1.1.5.2 HP Update HPSystemDiagnostics I.R.I.S. OCR Info Center 1.0.0.7 InstantShare InstantShareAlert Ipswitch WS_FTP Pro iSEEK AnswerWorks English Runtime iTunes Java Auto Updater Java™ 6 Update 23 LightScribe 1.4.44.1 Logitech Vid HD Logitech Webcam Software Logitech Webcam Software Driver Package LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.65.1.1000 McAfee SecurityCenter McAfee Virtual Technician Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft ActiveSync 3.7 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Download Manager Microsoft Office 2003 Primary Interop Assemblies Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Home and Business 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Edition 2003 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft Software Update for Web Folders (English) 14 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual Studio 2005 Tools for Office Runtime Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Microsoft Works 6-9 Converter Microsoft WSE 3.0 Mozilla Firefox 17.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MultiScreen MX-950 Editor Nero Suite NetObjects Fusion 10.0 NetObjects Fusion 12.0 Nuance PDF Converter Professional 7 NVIDIA Control Panel 306.81 NVIDIA Drivers NVIDIA Graphics Driver 306.81 NVIDIA Install Application NVIDIA nView 136.28 NVIDIA nView Desktop Manager NVIDIA Update 1.10.8 NVIDIA Update Components OGA Notifier 2.0.0048.0 Paint Shop Pro 6.02 CD PanoStandAlone Password Safe Password Tracker Deluxe 3.62 PC Matic 1.1.0.44 PhoneTools PhotoGallery Platform PowerDVD PrintMaster Premier 4.00 ProductContext QFolder Quicken 2011 Quicken WillMaker Plus 2009 Quicken WillMaker Plus 2011 QuickTime Readme Scan ScannerCopy Scansoft PDF Professional Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Security Update for Windows Internet Explorer 8 (KB2761465) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2727528) Security Update for Windows XP (KB2753842-v2) Security Update for Windows XP (KB2753842) Security Update for Windows XP (KB2758857) Security Update for Windows XP (KB2761226) Security Update for Windows XP (KB2770660) Security Update for Windows XP (KB2779030) Security Update for Windows XP (KB923789) Segoe UI Shared C Run-time for x86 SkinsHP1 Skype Click to Call Skype™ 6.0 SyncBack System Requirements Lab TeamViewer 8 TEG-PCITXR 32bit Gigabit PCI Adatper Trainz TrayApp TRS2004 TurboTax 2009 TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wkyiper TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wkyiper TurboTax 2010 wrapper TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wkyiper TurboTax 2011 wrapper Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2749655) VIA Platform Device Manager Visual C++ 9.0 Runtime for Dragon NaturallySpeaking Visual C++ Runtime for Dragon NaturallySpeaking Visual Studio 2005 Tools for Office Second Edition Runtime Warner Bros. Digital Copy Manager WebFldrs XP WebIQ Technology Engine WebReg Windows 7 Upgrade Advisor Windows Driver Package - Logitech (lvrs) MEDIA (01/17/2012 13.31.1044.0) Windows Driver Package - Logitech (lvrs) MEDIA (09/21/2012 13.51.823.0) Windows Driver Package - Logitech (LVUVC) Image (01/17/2012 13.31.1044.0) Windows Driver Package - Logitech (LVUVC) Image (09/21/2012 13.51.823.0) Windows Driver Package - Logitech USB (01/17/2012 13.31.1044.0) Windows Driver Package - NVIDIA (nv) Display (01/07/2011 6.14.12.6658) Windows Driver Package - NVIDIA (nv) Display (02/09/2012 6.14.12.9573) Windows Driver Package - NVIDIA (nv) Display (02/29/2012 6.14.12.9610) Windows Driver Package - NVIDIA (nv) Display (03/15/2010 6.14.11.9713) Windows Driver Package - NVIDIA (nv) Display (04/07/2011 6.14.12.7061) Windows Driver Package - NVIDIA (nv) Display (05/15/2012 6.14.13.0142) Windows Driver Package - NVIDIA (nv) Display (05/20/2011 6.14.12.7533) Windows Driver Package - NVIDIA (nv) Display (06/07/2010 6.14.12.5721) Windows Driver Package - NVIDIA (nv) Display (07/09/2010 6.14.12.5896) Windows Driver Package - NVIDIA (nv) Display (08/03/2011 6.14.12.8026) Windows Driver Package - NVIDIA (nv) Display (09/23/2012 6.14.13.0681) Windows Driver Package - NVIDIA (nv) Display (10/07/2011 6.14.12.8558) Windows Driver Package - NVIDIA (nv) Display (10/16/2010 6.14.12.6099) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Messenger Windows Live Sign-in Assistant Windows Live Upload Tool Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinPcap 4.1.2 WinZip Wireshark 1.8.3 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 12/21/2012 6:56:51 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 12/21/2012 6:41:47 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 12/21/2012 5:26:00 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\sclgntfy.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time. 12/21/2012 5:26:00 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\kbdus.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time. . ==== End Of File ===========================