Virus found but computer still slow. Still infected?

[krome]

Hello,

My computer has been running slow for quite a bit. My symantec anti-virus keeps getting errors which I think slows it down some, but I also think im infected. I scanned ESET online scanner and this it what it found...

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=e604968c0f5a9b4cbfa46fec09ebd966

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-23 04:39:04

# local_time=2012-05-22 11:39:04 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=55000

# found=3

# cleaned=3

# scan_time=6613

C:\Documents and Settings\Owner\Local Settings\Temp\ICReinstall\cnet_audacity-win-1_2_6_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\Local Settings\Temp\is1598539481\zgInstaller.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Owner\My Documents\cnet_audacity-win-1_2_6_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Despite what it found my computer is moving like lava. Any recommendations? Thanks.

[Maurice Naggar]

Hello Krome and welcome to MalwareBytes forums.

Have you done an update run with your antivirus app, and then done a full scan? Results all clean?

A slow system may not necessarily indicate an infection !!

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

• Double click on RSIT.exe to run RSIT.
  
• Click Continue at the disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

• Run Security Check
• Follow the onscreen instructions inside of the command window.
• A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 6

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Click on Scan.
  
• Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

[AdvancedSetup]

{just FYI that I closed the other topic - http://forums.malwarebytes.org/index.php?showtopic=110031}

[Maurice Naggar]

<Thank you for catching that. Had no idea otherwise. >

[krome]

Maybe I missed something, but what did I catch?

[Maurice Naggar]

You had a previous Open topic already before this one. I was unaware. Now Ron has closed the older one.

How are "you" coming along with my suggestions ?

[AdvancedSetup]

Other topic was reopened as user says these are 2 different computers.

[krome]

The previous topic was for my work computer. This topic is for my home computer. I wasn't aware that I couldn't have 2 topics open. At any rate, I won't be home until late tonite so I might be able to try it out Saturday. Please be patient with me because I do have a busy weekend and the it seems it may take a while to perform your solution. I understand after a certain amount of days of no response the topic gets closed. I'll try to get to it asap. Thank you.

[Maurice Naggar]

Read and noted. Just keep in touch & let me know if you will be out for an extended period. I will keep this open.

[krome]

Thank you, I'll keep you posted.

[krome]

Hi Maurice,

Here are the logs...

log.txt...

Logfile of random's system information tool 1.09 (written by random/random)

Run by Owner at 2012-05-27 18:58:08

Microsoft Windows XP Professional Service Pack 3

System drive C: has 15 GB (40%) free of 38 GB

Total RAM: 503 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:59:09 PM, on 5/27/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Nuance\PaperPort\pptd40nt.exe

C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe

C:\Program Files\Browny02\Brother\BrStMonW.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\ControlCenter4\BrCtrlCntr.exe

C:\Program Files\Browny02\BrYNSvc.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\ControlCenter4\BrCcUxSys.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Owner\Desktop\RSIT.exe

C:\Program Files\trend micro\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe

O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe

O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun

O4 - HKLM\..\Run: [brStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe -update activex

O4 - HKUS\S-1-5-19\..\Run: [AdobeData] rundll32.exe "C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\AdobeData\Adobedata.dll",DllRegisterServer (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AdobeData] rundll32.exe "C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\AdobeData\Adobedata.dll",DllRegisterServer (User 'NETWORK SERVICE')

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Open with PDF Viewer Plus - res://C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.271\McCHSvc.exe

O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--

End of file - 13407 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\EasyShare Registration Task.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{14DB1040-9A1C-4845-BB9F-5713E3E473A3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}]

PlusIEEventHelper Class - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-01-15 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-02-17 281600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-01-15 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-01-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-15 817936]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-02-17 281600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

"RoxioEngineUtility"=C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-02-27 69632]

"RoxioDragToDisc"=C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-02-27 757760]

"RoxioAudioCentral"=C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [2003-02-26 253952]

"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-12-18 115560]

"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]

"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2011-02-18 49208]

""= []

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-03-07 421160]

"IndexSearch"=C:\Program Files\Nuance\PaperPort\IndexSearch.exe [2010-03-09 46368]

"PaperPort PTD"=C:\Program Files\Nuance\PaperPort\pptd40nt.exe [2010-03-09 29984]

"PPort12reminder"=C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [2010-02-09 328992]

"PDFHook"=C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [2010-03-05 636192]

"PDF5 Registry Controller"=C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [2010-03-05 62752]

"ControlCenter4"=C:\Program Files\ControlCenter4\BrCcBoot.exe [2011-04-20 139264]

"BrStsMon00"=C:\Program Files\Browny02\Brother\BrStMonW.exe [2010-12-23 2629632]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"ISUSPM"=C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [2009-05-05 222496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe [2012-03-26 250528]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup

ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"

"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"

"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=tsbyuv.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=l3codecx.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-05-27 18:58:16 ----D---- C:\Program Files\trend micro

2012-05-27 18:58:08 ----D---- C:\rsit

2012-05-27 18:23:08 ----D---- C:\WINDOWS\ERDNT

2012-05-27 18:19:54 ----D---- C:\Program Files\ERUNT

2012-05-22 21:33:41 ----D---- C:\Program Files\ESET

======List of files/folders modified in the last 1 month======

2012-05-27 18:58:16 ----RD---- C:\Program Files

2012-05-27 18:57:52 ----D---- C:\WINDOWS\Prefetch

2012-05-27 18:23:08 ----D---- C:\WINDOWS

2012-05-27 16:54:58 ----D---- C:\WINDOWS\Temp

2012-05-25 06:32:01 ----A---- C:\WINDOWS\SchedLgU.Txt

2012-05-24 10:25:05 ----D---- C:\WINDOWS\system32\CatRoot2

2012-05-22 21:34:00 ----SD---- C:\WINDOWS\Downloaded Program Files

2012-04-30 21:58:07 ----D---- C:\WINDOWS\system32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-02-27 64208]

R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-02-27 24839]

R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-02-27 249344]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]

R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-02-27 118422]

R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []

R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-12-19 280112]

R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-12-19 43824]

R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-08-21 191536]

R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-02-27 206464]

R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-12-23 20747]

R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2009-06-17 10384]

R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-13 112288]

R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-13 78496]

R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]

R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2003-05-15 43136]

R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-14 15295]

R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-02-27 21654]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2003-03-13 90395]

R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]

R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]

R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]

R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120526.006\NAVENG.SYS []

R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120526.006\NAVEX15.SYS []

R3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096]

R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-12-19 539008]

R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []

R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-08-21 27696]

R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-10-14 49536]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]

R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []

S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]

S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []

S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-07-09 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-07-09 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-09 21568]

S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-02-27 22758]

S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-07-30 18048]

S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-07-30 23040]

S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]

S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-12-19 319792]

S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-07-30 8192]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 usbscan;Usbscan; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]

S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-07-30 8192]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2009-02-02 91976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2008-12-10 558456]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-12-18 108392]

R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-12-18 108392]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-01-15 153376]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2012-01-13 95200]

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-03-09 144672]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2009-02-02 1799496]

R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-02-02 2440120]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 BrYNSvc;BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [2010-01-25 245760]

R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-03-07 820520]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-22 136176]

S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-22 136176]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-07-20 121360]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-12-10 3093880]

S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.271\McCHSvc.exe [2012-03-13 237272]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]

S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2009-02-02 320840]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.09 2012-05-27 18:59:17

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

32 Bit HP CIO Components Installer-->MsiExec.exe /I{A80FA752-C491-4ED9-ABF0-4278563160B2}

Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe -maintain activex

Adobe Reader 9.5.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}

Amazon MP3 Downloader 1.0.12-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe

Apple Application Support-->MsiExec.exe /I{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}

Apple Mobile Device Support-->MsiExec.exe /I{CACAEB5F-174D-4C7C-AC56-A33289A807CA}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1AlbumPage

ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Funhouse

ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1GreetingCard

ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1PhotoBook

ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Calendar

ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1ScrapBook

ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9 -1Slimline

ArcSoft Print Creations-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}\setup.exe" -l0x9

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8}

Broadcom 440x 10/100 Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61}

Brother MFL-Pro Suite MFC-J430W-->"C:\Program Files\InstallShield Installation Information\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}\Setup.exe" -runfromtemp -l0x0009 UNINSTALL Reg=BHmini11 -removeonly

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}

CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}

Easy CD & DVD Creator 6-->MsiExec.exe /I{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}

erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}

ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}

ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}

ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}

ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}

ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}

ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}

ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}

essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}

fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}

Google Earth Plug-in-->MsiExec.exe /X{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

HP Customer Participation Program 12.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot

HP Imaging Device Functions 12.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Officejet 6000 E609 Series-->C:\Program Files\HP\Digital Imaging\{716F4A62-0548-42b3-BAEA-44BC4F8E187C}\setup\hpzscr01.exe -datfile hpwscr24.dat -forcereboot

HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat

HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot

HP Update-->MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}

HPDiagnosticAlert-->MsiExec.exe /I{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}

Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562

Internet Explorer (Enable DEP)-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb"

iTunes-->MsiExec.exe /I{2A697B53-0DE3-42DA-B41D-C3F804B1C538}

Java 6 Update 30-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216030FF}

KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}

Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_140d2ca6\Setup.exe /APR-REMOVE

Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9

LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE

LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly

Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"

McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}

MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}

MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}

netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}

Nokia Connectivity Cable Driver-->MsiExec.exe /I{4216D328-0FE8-48B8-85B8-BD300E6F080F}

Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}

Nuance PaperPort 12-->MsiExec.exe /I{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}

Nuance PDF Viewer Plus-->MsiExec.exe /I{28656860-4728-433C-8AD4-D1A930437BC8}

OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}

PaperPort Image Printer-->MsiExec.exe /X{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}

PC Connectivity Solution-->MsiExec.exe /I{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}

PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"

SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}

SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}

Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat

skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}

SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}

SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"

staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}

Symantec Endpoint Protection-->MsiExec.exe /I{06B594A0-2D2B-4376-94E4-13A0BD4A88F8}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"

Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"

Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"

Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"

Update for Windows XP (KB2616676-v2)-->"C:\WINDOWS\$NtUninstallKB2616676-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}

Watchtower Library 2011 - English-->C:\Program Files\Watchtower\Watchtower Library 2011\E\uninst.exe

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows PowerShell 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}

Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: Symantec Endpoint Protection

FW: Symantec Endpoint Protection

======System event log======

Computer Name: OWNER-4AB3EBFEB

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 001C106D22C1. The following

error occurred:

The operation was canceled by the user.

.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.

Record Number: 105817

Source Name: Dhcp

Time Written: 20120419151353.000000-300

Event Type: warning

User:

Computer Name: OWNER-4AB3EBFEB

Event Code: 7011

Message: Timeout (30000 milliseconds) waiting for a transaction response from the wscsvc service.

Record Number: 105769

Source Name: Service Control Manager

Time Written: 20120418202336.000000-300

Event Type: error

User:

Computer Name: OWNER-4AB3EBFEB

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 001C106D22C1. The following

error occurred:

The operation was canceled by the user.

.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.

Record Number: 105754

Source Name: Dhcp

Time Written: 20120418161126.000000-300

Event Type: warning

User:

Computer Name: OWNER-4AB3EBFEB

Event Code: 36

Message: The time service has not been able to synchronize the system time

for 49152 seconds because none of the time providers has been able to

provide a usable time stamp. The system clock is unsynchronized.

Record Number: 105672

Source Name: W32Time

Time Written: 20120417090202.000000-300

Event Type: warning

User:

Computer Name: OWNER-4AB3EBFEB

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the

DHCP Server) for the Network Card with network address 001C106D22C1. The following

error occurred:

The operation was canceled by the user.

.

Your computer will continue to try and obtain an address on its own from

the network address (DHCP) server.

Record Number: 105556

Source Name: Dhcp

Time Written: 20120415114827.000000-300

Event Type: warning

User:

=====Application event log=====

Computer Name: OWNER-4AB3EBFEB

Event Code: 45

Message:

SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe

Event Info: Suspend Thread

Action Taken: Logged

Actor Process: C:\WINDOWS\system32\dumprep.exe (PID 3000)

Time: Wednesday, May 02, 2012 8:02:26 PM

Record Number: 36555

Source Name: Symantec AntiVirus

Time Written: 20120502200226.000000-300

Event Type: error

User: OWNER-4AB3EBFEB\Owner

Computer Name: OWNER-4AB3EBFEB

Event Code: 1002

Message: Hanging application snes9x.exe, version 1.4.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 36478

Source Name: Application Hang

Time Written: 20120430223857.000000-300

Event Type: error

User:

Computer Name: OWNER-4AB3EBFEB

Event Code: 1002

Message: Hanging application snes9x.exe, version 1.4.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 36164

Source Name: Application Hang

Time Written: 20120420232127.000000-300

Event Type: error

User:

Computer Name: OWNER-4AB3EBFEB

Event Code: 13

Message:

LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Record Number: 36061

Source Name: SescLU

Time Written: 20120417194506.000000-300

Event Type: error

User:

Computer Name: OWNER-4AB3EBFEB

Event Code: 1002

Message: Hanging application snes9x.exe, version 1.4.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 35968

Source Name: Application Hang

Time Written: 20120414215606.000000-300

Event Type: error

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32\WindowsPowerShell\v1.0

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel

"PROCESSOR_REVISION"=0209

"NUMBER_OF_PROCESSORS"=1

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"PS5ROOT"=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\

"asl.log"=Destination=file

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

checkup.txt...

Results of screen317's Security Check version 0.99.38

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Symantec Endpoint Protection

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

McAfee SiteAdvisor

Malwarebytes Anti-Malware version 1.60.1.1000

CCleaner

Java 6 Update 30

Java version out of date!

Adobe Reader 9 Adobe Reader out of date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

[krome]

continued...

QuickScan 32-bit v0.9.9.114

---------------------------

Scan date: Sun May 27 19:14:48 2012

Machine ID: 902BC6DA

No infection found.

-------------------

Processes

---------

hpwuSchd Application 3736 C:\Program Files\HP\HP Software Update\hpwuschd2.exe

Adobe Reader and Acrobat Manager 3256 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

ArcSoft Connect 3720 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

ArcSoft Connect 1528 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

Bonjour 1756 C:\Program Files\Bonjour\mDNSResponder.exe

Brother ControlCenter 2300 C:\Program Files\ControlCenter4\BrCcUxSys.exe

Brother ControlCenter 3596 C:\Program Files\ControlCenter4\BrCtrlCntr.exe

Brother Status Monitor Application 2988 C:\Program Files\Browny02\Brother\BrStMonW.exe

BrYNCSvc 2572 C:\Program Files\Browny02\BrYNSvc.exe

Drag-to-Disc 3652 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

GPCore COM object 3332 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

hp digital imaging - hp all-in-one seri 2864 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

hp digital imaging - hp all-in-one seri 2836 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

iTunes 3608 C:\Program Files\iPod\bin\iPodService.exe

iTunes 248 C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE 6 U30 304 C:\Program Files\Java\jre6\bin\jqs.exe

Java Platform SE Auto Updater 2 0 3472 C:\Program Files\Common Files\Java\Java Update\jucheck.exe

Java Platform SE Auto Updater 2 0 3088 C:\Program Files\Common Files\Java\Java Update\jusched.exe

LiveUpdate 1284 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

Logitech SetPoint 4008 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

Logitech SetPoint 2360 C:\Program Files\Logitech\SetPoint\SetPoint.exe

McAfee Security Scanner 844 C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe

McAfee SiteAdvisor 820 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe

Microsoft® Windows® Operating System 1112 C:\WINDOWS\system32\spoolsv.exe

MobileDeviceService 1540 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

Nuance PDF Products 2876 C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

PaperPort 1496 C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

PaperPort 1944 C:\Program Files\Nuance\PaperPort\pptd40nt.exe

PowerDVD 3480 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

Software Manager 3536 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe

Software Manager 3064 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

Symantec AntiVirus 1832 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

Symantec Client Management Component 1836 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

Symantec Client Management Component 2092 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

Symantec Security Technologies 3676 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

Symantec Security Technologies 676 C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(verified) Microsoft® Visual Studio .NET 972 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

(verified) Microsoft® Windows® Operating System 1936 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 2228 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 1052 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 3440 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 1164 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 2188 C:\WINDOWS\system32\rundll32.exe

(verified) Microsoft® Windows® Operating System 1152 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 988 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 240 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 3268 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1448 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 260 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1384 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1024 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 2044 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1340 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1892 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 192 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1592 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 128 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1636 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1084 C:\WINDOWS\system32\winlogon.exe

(verified) Microsoft® Windows® Operating System 1576 C:\WINDOWS\system32\wuauclt.exe

(verified) Windows® Internet Explorer 2448 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 2764 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process svchost.exe (1448) listens on ports: 135 (RPC)

Autoruns and critical files

---------------------------

hpwuSchd Application C:\Program Files\HP\HP Software Update\hpwuschd2.exe

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

ArcSoft Connect C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

AudioCentral Media Manager C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

AUTOBACK.EXE C:\Program Files\ERUNT\AUTOBACK.EXE

Brother ControlCenter C:\Program Files\ControlCenter4\BrCcBoot.exe

Brother Status Monitor Application C:\Program Files\Browny02\Brother\BrStMonW.exe

Drag-to-Disc C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

Flash® Player Installer/Uninstaller C:\WINDOWS\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe

hp digital imaging - hp all-in-one seri C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

iTunes C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe

Kodak EasyShare Software C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

Logitech SetPoint C:\Program Files\Logitech\SetPoint\SetPoint.exe

Logitech SetPoint C:\WINDOWS\KHALMNPR.EXE

McAfee Security Scanner C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\dumprep.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\sstext3d.scr

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

Nuance PDF Products C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

Nuance PDF Products C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe

PaperPort C:\Program Files\Nuance\PaperPort\IndexSearch.exe

PaperPort C:\Program Files\Nuance\PaperPort\pptd40nt.exe

PowerDVD C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

QuickTime C:\Program Files\QuickTime\qttask.exe

Roxio Engine Compatibility Wizard C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

Software Manager C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

SSEreg C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe

Symantec Security Technologies C:\Program Files\Common Files\Symantec Shared\ccApp.exe

新注音 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll

(verified) Microsoft IME 2002 C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rundll32.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll

Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

Google Update C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

HP Smart Web Printing c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

Java Platform SE 6 U30 c:\program files\java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U30 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

Java Platform SE 6 U30 c:\program files\java\jre6\bin\ssv.dll

Java Platform SE 6 U30 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

McAfee SiteAdvisor c:\program files\mcafee\siteadvisor\mcieplg.dll

McAfee SiteAdvisor C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

PlusIEContextMenu c:\program files\nuance\pdf viewer plus\bin\plusiecontextmenu.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Scan

----

MD5: 0cc32256f89f156ceb9129e5bd8a5fc9 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\_ispmres.dll

MD5: b8fcab4e83c20a970af4f7739482f6d0 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\_isusres.dll

MD5: e970929b7fc9ce646a78b5ecabaf9136 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe

MD5: 6bf7676296d5359afc135a5397000053 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

MD5: 505f022493d471025add399a4162208b C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MD5: c69dbfa61fe3dea653a9b83c3a2b052b C:\Program Files\Bonjour\mdnsNSP.dll

MD5: f832f1505ad8b83474bd9a5b1b985e01 C:\Program Files\Bonjour\mDNSResponder.exe

MD5: b11f7db91e12bbca71be88bfb2120faf C:\Program Files\Brother\BrUtilities\BrLogAPI.dll

MD5: b431f2725136a9a2b64acd9cd6624d52 C:\Program Files\Browny02\brlm03a.dll

MD5: f71ec3fec2ebeb67d067e9da1469a9e0 C:\Program Files\Browny02\brlmw03a.dll

MD5: 8b0a56c93b519426793dda8fa408d087 C:\Program Files\Browny02\BrMonitor.dll

MD5: b907641b954b7c8c7f81ea8679314bfd C:\Program Files\Browny02\Brother\BrFirmUpdateCheck.dll

MD5: 6b2f9cac0125f88c9c13ed0d658b8138 C:\Program Files\Browny02\Brother\BrStMonW.exe

MD5: caa5e8de421c5875731cd3ba5233f162 C:\Program Files\Browny02\Brother\BrStMonWRes.dll

MD5: ea7e57f87d6fee5fd6c5f813c04e8cd2 C:\Program Files\Browny02\BrYNSvc.exe

MD5: 1f9b3487739b31c3d770728cb157a54d c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll

MD5: 2c60b1fbfa906a1549b58f88ee40c75a C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

MD5: d855b0e63ecafe9ebd086af6691e0016 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL

MD5: 749cf03badc40453f61fd7025e2ba2f5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 90e11d62f692f5a0b7dfc548f776baaf C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll

MD5: c7b2c357f485a3046da50da779068648 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll

MD5: 0ef9d6c6c04cab0b87c57330910d20a6 C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll

MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll

MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: dc70310b3d079d667b67f0c7067209f3 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 7548c242d95cbff76908360ad629c09f C:\Program Files\Common Files\ArcSoft\Bin\ArcCon.dll

MD5: a7810b302294793de88542aae177d1b1 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

MD5: 7d04f8cf659d852bc8d7275bd92dc000 C:\Program Files\Common Files\Java\Java Update\jucheck.exe

MD5: 6e3245df783e58375b3465f03274743e C:\Program Files\Common Files\Java\Java Update\jusched.exe

MD5: a589d4bd91c15a0112e2f5def235dd67 c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

MD5: 9db55c2361e0974a9630eecd70c69fab C:\Program Files\Common Files\Logishrd\KHAL2\KHALHPP.DLL

MD5: d7a835db03cfe8168574893bf7e5c886 C:\Program Files\Common Files\Logishrd\KHAL2\KHALITCH.DLL

MD5: 70d4f5e5490a8947262a0d591309ceb4 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMOU.DLL

MD5: 2be37815b1fca885119612c658db8ca8 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMW.DLL

MD5: a7e8525fa8788ca52f728414a65ba349 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL

MD5: 3745e5510eb76db9182d22392b5dc89a C:\Program Files\Common Files\Roxio Shared\DLLShared\apm.dll

MD5: 734fd9956e1d34dec9c54cca0f1a727f C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

MD5: f00dc8ab9f32eb853f21011f12098ff6 C:\Program Files\Common Files\Symantec Shared\ccAlert.dll

MD5: d95faeb91ff5fd94f9c069b7e98a2a26 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

MD5: 5972d99082129fe358049bbec8dc07ab C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dll

MD5: dae269cb0ac842de33760c2f6b449e0f C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll

MD5: 1ea74c686b6f1df7b4e799b89a791115 C:\Program Files\Common Files\Symantec Shared\ccEvtPlg.dll

MD5: 7b3c9880d285e68bd73b9de3ec44d16f C:\Program Files\Common Files\Symantec Shared\ccL60.dll

MD5: 5a3386c6d3b0a7aa5cecced581a9832f C:\Program Files\Common Files\Symantec Shared\ccL608.dll

MD5: ee6b23a59472527d52bb4d63b5e43c15 C:\Program Files\Common Files\Symantec Shared\ccL60U.dll

MD5: e571ac58b572a0730c5b5dbac310d7a1 C:\Program Files\Common Files\Symantec Shared\ccL60U8.dll

MD5: 223c11bd04dca64e433c524cdfe950f9 C:\Program Files\Common Files\Symantec Shared\ccProSub.dll

MD5: 32d08c998bf9ba91d4d33fefe6bf46d3 C:\Program Files\Common Files\Symantec Shared\ccScanw.dll

MD5: ffbbc280c754d6ef035eae6d2f132a9d C:\Program Files\Common Files\Symantec Shared\ccSet.dll

MD5: a1499a91ce0358a777d717111bdc9108 C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll

MD5: 34d5064cd271c9068fab22ee4c7f8a48 C:\Program Files\Common Files\Symantec Shared\ccSetPlg.dll

MD5: 54f5afc3410cba8a9e78eb1284797d65 C:\Program Files\Common Files\Symantec Shared\ccSvc.dll

MD5: 4aa730bb7b79b7ba70b1e30acf97d6ab C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

MD5: 0ef73de8d7cb8084f6cab41563050214 C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll

MD5: 94204425623c2ee41695b82959abb859 C:\Program Files\Common Files\Symantec Shared\COH\sesHlp.dll

MD5: 2ee898b0b43fe6b68b69b82b19305e2d C:\Program Files\Common Files\Symantec Shared\COH\sh0000.dll

MD5: a4a692e71639b17628c48b5d0a6decce C:\Program Files\Common Files\Symantec Shared\dec_abi.dll

MD5: 25d7a040a493ab91052f9170d4db80d4 C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL

MD5: 579a6b6135d32b857faf0e3a974535d8 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

MD5: 028d50f059bd0d2ccb209e9011b9a9a4 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

MD5: 44e4a08fb13f810ea618273e94ef04ab C:\Program Files\Common Files\Symantec Shared\Global Exceptions\GEDataStore.dll

MD5: 3f5b2bc2feac9909a340608dc08cb1bd C:\Program Files\Common Files\Symantec Shared\rcEmlPxy.dll

MD5: 193fcb937fb9e6012022309d0f247361 C:\Program Files\Common Files\Symantec Shared\SAVSubmissionEngine\SUBCONN.dll

MD5: 9273010e92317803d7c7a4bdab4b7775 C:\Program Files\Common Files\Symantec Shared\SAVSubmissionEngine\SUBENG.dll

MD5: 67c5af84809468061121fbcbecb19285 C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

MD5: 3bb9e775542a2b453ef1613146a79a94 C:\Program Files\Common Files\Symantec Shared\SNDSvc.dll

MD5: e8348678b3e6b97ab52051521ca55b69 C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll

MD5: d7bb213566e16bca372e2cb517eda907 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

MD5: fc72bd4b17acabf0ebfe1c01a8263b89 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll

MD5: a5a66fcdb8bf351cba3dea1fc64a09c8 C:\Program Files\Common Files\Symantec Shared\SRTSP\Srtsp32.dll

MD5: d5857104b6bdb7325fbc58f196505758 C:\Program Files\ControlCenter4\BrCcAssoc.dll

MD5: 016b31b67acdf4aeb325fac166684e5d C:\Program Files\ControlCenter4\BrCcBoot.exe

MD5: 6aa7883986d3b351cb068919daf2f309 C:\Program Files\ControlCenter4\BrCcDlgRc.dll

MD5: aecdbac5fb4ba4829e498b7d394fc8f3 C:\Program Files\ControlCenter4\BrCcGrImg.dll

MD5: 13abb2fb39889bc5fb5f28d3c1ed7cbb C:\Program Files\ControlCenter4\BrCcLUsa.dll

MD5: 7cfd44edd74553fc8ee8479a79987579 C:\Program Files\ControlCenter4\BrCcUxSys.exe

MD5: e3564d023dcca4a1854dc2226c99120d C:\Program Files\ControlCenter4\BrCtrlCntr.exe

MD5: 535203dea5820f3b5f3faace0d51252c C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll

MD5: 8fb740d758b14b1bc950cc347c21e461 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

MD5: e00de20f0f6bed5cd2160247ddc9443b C:\Program Files\ERUNT\AUTOBACK.EXE

MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

MD5: a697146db30116c8fe0a147adcee3c2e C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll

MD5: ca22ff0c71d7684ad48266fbc9faa4ff C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll

MD5: 27d157ef6aeadc855af6cbf019a8fb1c C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

MD5: 31fc9ecbebb9dfb43c8554d1a5b2803b C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll

MD5: ce0fcec4d4d860f36d972759b11eaf0f c:\program files\hp\digital imaging\bin\hpqcxs08.dll

MD5: 159fac880722b49645e056a558b03e26 c:\program files\hp\digital imaging\bin\hpqddcmn.dll

MD5: 7da3211ac63edd90b8eca1ca1abfd43b c:\program files\hp\digital imaging\bin\hpqddsvc.dll

MD5: 347a39b69ac03b8f56d8807b989f5ca8 C:\Program Files\HP\Digital Imaging\bin\hpqgpb01.dll

MD5: 883008a9b5bff94a153d99dba54cb5c1 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

MD5: cc190b07e357bcd40c2afb57b9a67b7f C:\Program Files\HP\Digital Imaging\bin\hpqgpreh.dll

MD5: 546bd1e611b5eb346ff3d7176ba320a1 C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc

MD5: 964a0b0f29019053eaf47491f0d7d947 C:\Program Files\HP\Digital Imaging\bin\HpqSplh08.dll

MD5: 3b766ae36058a826704fa7da68892102 C:\Program Files\HP\Digital Imaging\bin\hpqssm08.dll

MD5: 34940fb2078064a6aac63c04af3bb86a C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

MD5: 870b426def5164694d84b783d9815c8f C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll

MD5: 11de3d137594423393a7c1dce067fda7 C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll

MD5: 8b6b53abbd7fbf268f48bad25710122e C:\Program Files\HP\Digital Imaging\bin\hpqstp08.rsc

MD5: 22a6446883efb70f82ad96e510ad5a1c C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

MD5: f0842cf3c0b33c07b2ca1692900f21b4 C:\Program Files\HP\Digital Imaging\bin\hpqwso08.dll

MD5: 14229263aa19c704e0d6d2e7404a8455 c:\program files\hp\digital imaging\bin\hpslpsvc32.dll

MD5: cbbaf06c2ac8882d239c8dc5bfa197fd C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll

MD5: c285b5064f4fccc95e0354345681d906 c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

MD5: 9b4c1dd94be0d6bd64025f39a8f1cd65 c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

MD5: fdd4f5f7c4bad248ab16233a1639c078 C:\Program Files\HP\HP Software Update\hpwuschd2.exe

MD5: 630a79b805ce654edb42d27ed0269a0e C:\Program Files\Internet Explorer\ieproxy.dll

MD5: 1fa3b42da40d0f387a7899a9731a2e94 C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: d99e62c440b4a0463baa47b1256ff0a7 C:\Program Files\Internet Explorer\xpshims.dll

MD5: 9033d67b7112d23eded6789bacded128 C:\Program Files\iPod\bin\iPodService.exe

MD5: 8a902eae00a28c96c375dd4e7b38a6f5 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL

MD5: 3ccc253c106ca03eb9b1842c682a2a0d C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL

MD5: 55520af0f65d5bd7a337dcedde886125 C:\Program Files\iTunes\iTunesHelper.dll

MD5: 0cfbe2d135a73ca98381fc8cc8bc5a03 C:\Program Files\iTunes\iTunesHelper.exe

MD5: 4f99047d255b77fda6e51ea97721e3d8 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 795aea2511a1c5082fa690d6bd8d202e C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 15a40ada2cfcc400348e37a40237337e C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

MD5: f2121482c2968cd3b53ed53acc9277a5 c:\program files\java\jre6\bin\jp2ssv.dll

MD5: 9aa67569d5257462e230767510b0c815 C:\Program Files\Java\jre6\bin\jqs.exe

MD5: ccc24faa47c47e66be61bf22603c5e3a C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

MD5: e810acafa8e6d80117414b7ca036d626 c:\program files\java\jre6\bin\ssv.dll

MD5: af73ecd9e9231f40e60c218626fecdc8 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

MD5: 4f1341cc18173ac6fffca8421e15b473 C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

MD5: 8a5092ae59d6ed5b181292cdbfb22b2f C:\Program Files\Logitech\SetPoint\GameHook.dll

MD5: 145d7cb9862d6fa5a6f068f9f8b61b39 C:\Program Files\Logitech\SetPoint\IMHook.dll

MD5: 13710783a04d427b6f621ee697569217 C:\Program Files\Logitech\SetPoint\kgame.dll

MD5: d20af468fa7f09b9561c8232bb80d4ba C:\Program Files\Logitech\SetPoint\khalwrapper.dll

MD5: 5146b1592cd05550f5ecbdcb3d39b974 C:\Program Files\Logitech\SetPoint\LCabHandler.dll

MD5: 4b1eb3ad2771ae8d0390ed1444b7b493 C:\Program Files\Logitech\SetPoint\lgscroll.dll

MD5: 2c3196c163bef55a404a2549c7b69589 C:\Program Files\Logitech\SetPoint\Macros\MacroAppSwitch.dll

MD5: b736e9a31edb4d7ce3632ffcfbd69304 C:\Program Files\Logitech\SetPoint\Macros\MacroCore.dll

MD5: 559dc15b74c66ec38c4ecf81503c7757 C:\Program Files\Logitech\SetPoint\SetPointCOM.dll

MD5: c0f8561d8f32926eb25165cbdc7bba3f C:\Program Files\Logitech\SetPoint\WebBrowserSupport.dll

MD5: 485405de203e88b3fe4294a2ea48d7ee C:\Program Files\McAfee Security Scan\3.0.271\McCHSvc.exe

MD5: 6d535e30ae233fd5e23a96c164d46551 C:\Program Files\McAfee Security Scan\3.0.271\SSScheduler.exe

MD5: 7b17107d054a88c6d1ecc285b502d2d9 c:\program files\mcafee\siteadvisor\mcieplg.dll

MD5: 6c3d154fff0a97a6c3d9f78d60c41655 c:\Program Files\McAfee\SiteAdvisor\McSACore.exe

MD5: 92f9cfd755e97d684d3fab48a037623c c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll

MD5: 22e020fa26223c12bb32e7ab39703db7 C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

MD5: a85403902f18ff6d34407d52a89f42fd c:\Program Files\McAfee\SiteAdvisor\sahook.dll

MD5: 1d8f0323ee013643a9b613269b6ca5f1 c:\Program Files\McAfee\SiteAdvisor\SaSSHMod.dll

MD5: 4868ccbbf0fa9b0293b858c5ff8b3c02 c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: 992776dd978494547dd1ce211d978868 C:\Program Files\Nuance\PaperPort\BindRes.dll

MD5: e2bf206e5164569500742637b5459402 C:\Program Files\Nuance\PaperPort\blicectr.dll

MD5: 0d1d2fbae112bddb9f77b7bc7a956d3a C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe

MD5: 07c4ebd3107799774fa3103956cd1c40 C:\Program Files\Nuance\PaperPort\IndexSearch.exe

MD5: 519835d8c5215b09dc6d60f356625a66 C:\Program Files\Nuance\PaperPort\MaxRes.dll

MD5: c1c3baf078be5a14384a4ba2d730817d C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

MD5: e5f1d2c7d51c816437bbe2306828bc4b C:\Program Files\Nuance\PaperPort\pptd40nt.exe

MD5: 874650bf7c7063fb2455e0498456d29c C:\Program Files\Nuance\PaperPort\XMAXUTIL.dll

MD5: 198e148b007b7a14a4d2e5efffc6f2cc c:\program files\nuance\pdf viewer plus\bin\plusiecontextmenu.dll

MD5: 9f0acaa725cf5a391af7e2067ae45746 C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

MD5: 154420a93e4f676aa33a055a116255d9 C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe

MD5: 7d3903af48e6c1dc2704eafcb608d031 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll

MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts

MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe

MD5: 684542e1b3c019f26df3973d6c946a37 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

MD5: 623cd049d0cc68c9b0aa15cb31e5f47e C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

MD5: 3acc556807917bbd8092069a5148198c C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

MD5: fa0d2099e9f6cdbf8e2c5a242172ecdd C:\Program Files\Symantec\LiveUpdate\PSLuComServer_3_3.DLL

MD5: 99643c410ee4da1da7706fd8c96d3fac C:\Program Files\Symantec\Symantec Endpoint Protection\AVMan.plg

MD5: 2ba001d85500a90bb1da9417bc4fe98a C:\Program Files\Symantec\Symantec Endpoint Protection\AvPluginImpl.dll

MD5: d3e521aaffa1de2b3d2988bf17f1f484 C:\Program Files\Symantec\Symantec Endpoint Protection\Cliproxy.dll

MD5: 68a5d99e18c71d42e14351b3f299a286 C:\Program Files\Symantec\Symantec Endpoint Protection\DataMan.dll

MD5: a2e0f5172feeee058d27aeb08a3190b1 C:\Program Files\Symantec\Symantec Endpoint Protection\deuParser.dll

MD5: 3b14b3aac3679941de4c0b202cebd4bf C:\Program Files\Symantec\Symantec Endpoint Protection\devman.plg

MD5: 31c957240bf8443196449c078ae48b1d C:\Program Files\Symantec\Symantec Endpoint Protection\GUProxy.plg

MD5: 6858b36f915cba357148a677f2ce1e53 C:\Program Files\Symantec\Symantec Endpoint Protection\HPPProtectionProviderUI.dll

MD5: 63a0f8c2d16779095cd3a574d71994c0 C:\Program Files\Symantec\Symantec Endpoint Protection\I2ldvp3.dll

MD5: 19d3aba827ad4355ace5b78d74190d20 C:\Program Files\Symantec\Symantec Endpoint Protection\IdsTrafficPipe.dll

MD5: bf39d378045fa077e5d3061576806504 C:\Program Files\Symantec\Symantec Endpoint Protection\IMail.dll

MD5: 392d2d6d0cb9116ea263a81495280f90 C:\Program Files\Symantec\Symantec Endpoint Protection\LuMan.plg

MD5: 5401bb6e64fa7682447ef46d52c3aa35 C:\Program Files\Symantec\Symantec Endpoint Protection\ManagedUnloader.dll

MD5: 07e50a8bc902297dcc2a27efb02df1b5 C:\Program Files\Symantec\Symantec Endpoint Protection\NacManager.plg

MD5: 90fae41e472a697ad9b9777d5cfc7618 C:\Program Files\Symantec\Symantec Endpoint Protection\NAVNTUTL.DLL

MD5: 5b548a6e8a646e172f5db47fed94855d C:\Program Files\Symantec\Symantec Endpoint Protection\Netport.dll

MD5: 417284a4bc47c92bd2fcf21f6efa2d8b C:\Program Files\Symantec\Symantec Endpoint Protection\ProtectionProviderPS.dll

MD5: 55f36dc2cea9766726656c0a87f9c505 C:\Program Files\Symantec\Symantec Endpoint Protection\ProtectionUtil.dll

MD5: 9a52ce07ada6334a688ad0d9df4155d8 C:\Program Files\Symantec\Symantec Endpoint Protection\PSSensor.dll

MD5: 489c6f8de50d0d49dfa8a6c37b6a6643 C:\Program Files\Symantec\Symantec Endpoint Protection\RasSymEap.dll

MD5: c01291ad0c6366e51fd6f2a223a1ed27 C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\ActaRes.dll

MD5: cb4e0dcc351534d4bedbb970f38a2d34 C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\AvManRes.dll

MD5: c8c5ffb65a6dc5a946c4abf097838a11 C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\DevManRes.dll

MD5: 53a2e2360061b099f9717f20653cc897 C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\GUProxyRes.dll

MD5: f247727e396c8721e58cbdc553ca0c83 C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\HPPProtectionproviderUIRes.dll

MD5: 1ae9d448f185360daf470e55fd2b2bce C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\IMailRes.dll

MD5: 3d980ae72bfedf1b9b4703ef638f1ffb C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\LUManRes.dll

MD5: 750fcf52eb4fc1eb44c67b1993e46a0c C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\ProtectionUtilRes.dll

MD5: 8ebf92896ff66f9cc52ab9294efaf395 C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\PScanRes.dll

MD5: 9ba13bdc91bb4626e03270d67ce61c5b C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\SavMainUIRes.dll

MD5: 8d91c44cde0b203f0a4a0f283086281b C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\SAVSubmitterRes.dll

MD5: 39afe4a242dcddeb7a676b50fcfc8d7e C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\SgHIRes.dll

MD5: 9e5fc4d40100e8e684abc11baf25be26 C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\SmcGuiRes.dll

MD5: 6f31049dc62482cbe0c85f93e9b6cb4d C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\SmcRes.dll

MD5: 396c1b1d7e92fe4be09f5cfd398a16ae C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\SpNetRes.dll

MD5: a5e36d38f1827163d21624f060495a2c C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\SUBRES.loc

MD5: cc422d71fc68a42c065a08d8c29d3df2 C:\Program Files\Symantec\Symantec Endpoint Protection\res\1033\TseRes.dll

MD5: dd10cb8aa990f89091bc267370fd0843 C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

MD5: 014f2c46d32de623f06d5acfe666b827 C:\Program Files\Symantec\Symantec Endpoint Protection\RTVScanPS.dll

MD5: 66ec5961bb0ea25fcb68af10314bc965 C:\Program Files\Symantec\Symantec Endpoint Protection\SavEmail.dll

MD5: 210d31cd4efcd85f3ce7268ebc2d1a15 C:\Program Files\Symantec\Symantec Endpoint Protection\SavMainUI.dll

MD5: 8e27f6d857d98afdeea482c62801cff1 C:\Program Files\Symantec\Symantec Endpoint Protection\SAVSesHlp.dll

MD5: 7e18d13a0506c0d5f67dbe3b8026fd41 C:\Program Files\Symantec\Symantec Endpoint Protection\SAVSubmitter.dll

MD5: a506bd8f69e064d63f7364baf65a9cc1 C:\Program Files\Symantec\Symantec Endpoint Protection\SfConfig.dll

MD5: 691a8f7fb6899ff344304ebd075194e1 C:\Program Files\Symantec\Symantec Endpoint Protection\sfman.plg

MD5: 5b6011990a501fe9bd347a006af36be5 C:\Program Files\Symantec\Symantec Endpoint Protection\SgConfig.dll

MD5: d5cb9f398958832d97326ccadf6e3f39 C:\Program Files\Symantec\Symantec Endpoint Protection\SgHI.dll

MD5: 965a4d1e9b1408fc8d132c77e457ab74 C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

MD5: a8f95088410303ccbab8f5bca63384d3 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

MD5: d3b6133b0bf6620643e5f36de1f54ab6 C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

MD5: 48444ef5792376609d903d47bf808464 C:\Program Files\Symantec\Symantec Endpoint Protection\SnacNp.dll

MD5: 05b88218e654be7f19b7d6027ce4ff07 C:\Program Files\Symantec\Symantec Endpoint Protection\SpNet.dll

MD5: e9f469e5919af5f0c11e776079ccd0ce C:\Program Files\Symantec\Symantec Endpoint Protection\SSSensor.dll

MD5: bdb8e663a8695ed710bc54dd75a44a2e C:\Program Files\Symantec\Symantec Endpoint Protection\SyLink.dll

MD5: 7d9b9437653450092e567e2870b15864 C:\Program Files\Symantec\Symantec Endpoint Protection\SyLog.dll

MD5: 058a1e3a8327a9bd6b67af053b9daa46 C:\Program Files\Symantec\Symantec Endpoint Protection\SymProtectStorage.dll

MD5: 470c85252813a302c94aa5e4662e3e31 C:\Program Files\Symantec\Symantec Endpoint Protection\SymRasMan.dll

MD5: 5808ee0f7c754963cfa60d5c99946c0c C:\Program Files\Symantec\Symantec Endpoint Protection\tfman.dll

MD5: c346bf411546c83fcb375b7ab908319e C:\Program Files\Symantec\Symantec Endpoint Protection\Trident.dll

MD5: 80a9c16ce5ee18bfe93ba967296aac42 C:\Program Files\Symantec\Symantec Endpoint Protection\tse.dll

MD5: 2755a06ae71c594d06ef6d3da8d5d4de C:\Program Files\Symantec\Symantec Endpoint Protection\TseConfig.dll

MD5: 227e82221067557f50a2609d13071f69 C:\Program Files\Symantec\Symantec Endpoint Protection\TseConfigRes.dll

MD5: 168ce492a1b6d76843124d091131ecb4 C:\Program Files\Symantec\Symantec Endpoint Protection\wpsman.dll

MD5: 5a9e77c71d6d7030bc170dd7cf04cf5d c:\program files\yahoo!\companion\installs\cpn\yt.dll

MD5: f11033730b38260b6892e837c457fb4b C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120526.006\NAVENG.SYS

MD5: 4e4e7c0259d3bb97de24a636c0e06aba C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120526.006\NAVEX15.SYS

MD5: 6c3d154fff0a97a6c3d9f78d60c41655 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe

MD5: 6293e44f4aa06f7fcda06f4b07cdc0c2 C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 2a8c7ca8b40ca320bf88d0ff92da7cf8 C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: d43637f8e835ddf2fe95fbe6242494b0 C:\WINDOWS\IME\SPGRMR.DLL

MD5: f6faec07446a78a9c5af4558ff5bd118 C:\WINDOWS\ime\sptip.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: 8fb59cdd3a7f314d320b4ec2d7fbdf8e C:\WINDOWS\system32\ATL71.DLL

MD5: a929d9e885db86a6c5a6cdb342120578 C:\WINDOWS\system32\BrUsi11a.dll

MD5: b348b1e90544b2610f58ae8e7be40868 C:\WINDOWS\system32\BrWia11a.dll

MD5: 925782be168c9d83766bf862e684e11b C:\WINDOWS\system32\cdral.DLL

MD5: 6134acf7396ea2e198b90c39c6f87d38 C:\WINDOWS\system32\CDRTC.DLL

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll

MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll

MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 11c04b17ed2abbb4833694bcd644ac90 C:\WINDOWS\system32\drivers\aeaudio.sys

MD5: 2f7f3e8da380325866e566f5d5ec23d5 C:\WINDOWS\system32\DRIVERS\AegisP.sys

MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys

MD5: 068523d2cd260069b19ad68adea0d739 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys

MD5: 92a964547b96d697e5e9ed43b4297f5a C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys

MD5: 48fb907b069524f2dc7ba62a0762850c C:\WINDOWS\system32\drivers\ccdcmb.sys

MD5: 2914ceb789964141ac6e22c6bc980c42 C:\WINDOWS\system32\drivers\ccdcmbo.sys

MD5: 4b0a100eaf5c49ef3cca8c641431eacc C:\WINDOWS\system32\DRIVERS\cdrom.sys

MD5: 86a22dff16e8ca67601044efe6825537 C:\WINDOWS\system32\Drivers\COH_Mon.sys

MD5: d03d10f7ded688fecf50f8fbf1ea9b8a C:\WINDOWS\system32\DRIVERS\HPZid412.sys

MD5: 89f41658929393487b6b7d13c8528ce3 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

MD5: 17f39a1916733ed228eb46ad67c35426 C:\WINDOWS\system32\drivers\ialmkchw.sys

MD5: a79029861cb69cd3cf4eab9ebfee32dd C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

MD5: 3ee36328e860fbf102b54608a055c6be C:\WINDOWS\system32\drivers\ialmsbw.sys

MD5: 0c6e346cde730cf1356dd69ad6e9bc42 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys

MD5: 77030525cd86a93f1af34fa9b96d33ce C:\WINDOWS\System32\Drivers\LUsbFilt.Sys

MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys

MD5: fd2041e9ba03db7764b2248f02475079 C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

MD5: 581e74880aeb1dba1cb5ac8e6e6c0a69 C:\WINDOWS\system32\DRIVERS\RT61.sys

MD5: 70b8dd8707dbf6142530c106365df67d C:\WINDOWS\system32\drivers\smwdm.sys

MD5: 522651a0e7dc6415e083317370b609cc C:\WINDOWS\System32\Drivers\SRTSP.SYS

MD5: 34e823b8d730099d032608fcccbc6a25 C:\WINDOWS\System32\Drivers\SRTSPL.SYS

MD5: 469006e15f5b0fe8ae94184a18a81586 C:\WINDOWS\System32\Drivers\SRTSPX.SYS

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: e03ee3ef1037099554d17bed99545a5e C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

MD5: be3c117150c055e50a4caf23e548c856 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

MD5: 7b0af4e22b32f8c5bfba5a5d53522160 C:\WINDOWS\System32\Drivers\SYMTDI.SYS

MD5: f8b08a6a007fe5a6f7346152b7a95b0e C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys

MD5: 0dc098cc18a974e7c1e96e6846bd06e4 C:\WINDOWS\system32\DRIVERS\teefer2.sys

MD5: e526a166e6acafd0a9b3841d3941669e C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

MD5: 6f3e3c6811b930d2414552a2e4a40f36 C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

MD5: 7a84d00754ced30239fd4eeeaa23e55c C:\WINDOWS\system32\drivers\wpsdrvnt.sys

MD5: ff983a25ae6f7d3f87f26bf51f02a201 C:\WINDOWS\system32\drivers\WpsHelper.sys

MD5: 8e16bf5600797e678ea97051cf93e6bf C:\WINDOWS\system32\dumprep.exe

MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll

MD5: fc80052194d5708254a346568f0e77c0 C:\WINDOWS\system32\GTNDIS5.SYS

MD5: 0a0c8331e26f1ec7741cce6a91e9167d C:\WINDOWS\system32\hpf3l082.dll

MD5: a081cb6fb9a12668f233eb5414be3a0e c:\windows\system32\hpzinw12.dll

MD5: 65bc271f337637731d3c71455ae1f476 c:\windows\system32\hpzipm12.dll

MD5: 1cd5c2dfd2a5bf6da720386679f3c449 C:\WINDOWS\system32\hpzipr12.dll

MD5: 747d47cac37cb83672e89c3562c432d3 C:\WINDOWS\system32\hpzlnt04.dll

MD5: 877c90686858d899b042bba45e9b7f2c C:\WINDOWS\system32\iac25_32.ax

MD5: 2c849ef63c0086287e427bf65fc64d09 C:\WINDOWS\system32\ieframe.dll

MD5: b43140c2edc49c4b7c140f1f4e3f6877 C:\WINDOWS\system32\iepeers.dll

MD5: e236ecb439a9e824fab18c49d6526136 C:\WINDOWS\system32\iertutil.dll

MD5: 577e496f0d41411bf149394d80959d53 C:\WINDOWS\system32\imaadp32.acm

MD5: 024dc0f68df5fd6ae9dd82dfbaf479d6 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

MD5: 63e8d944afbeebb243f25c4ed07e74c5 C:\WINDOWS\system32\inetmib1.dll

MD5: 0689622e6484934eb6e5f4d3a96311f9 c:\windows\system32\jscript.dll

MD5: 810f104256f6bcd7012545b0bea18d23 C:\WINDOWS\system32\kemutb.dll

MD5: 8adae4e00d86a8530b8176a853b4b9b9 C:\WINDOWS\system32\KemUtil.dll

MD5: 7bdceaf13d9ec5873c43bd8063bec871 C:\WINDOWS\system32\KemWnd.dll

MD5: 22aa20e24295d0d98aff72c65bd7dbfa C:\WINDOWS\system32\KemXML.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: f5cdb60ac042d272194f907d799f39a4 C:\WINDOWS\system32\l3codecx.acm

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: d52f1d46d9c862bb8271734e1834ba5a C:\WINDOWS\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe

MD5: c5648be5409e0aabda8c9047bac8f603 C:\WINDOWS\system32\msadp32.acm

MD5: 55aeea66c5e84e3fd6cd3e933397d478 C:\WINDOWS\system32\msaud32.acm

MD5: 2aee8855ac827608803bb0dee9995c32 C:\WINDOWS\system32\msfeeds.dll

MD5: 33271a2667334b9a8842c65a079ef375 C:\WINDOWS\system32\msg711.acm

MD5: b87f759738c52e8d6fbcdaaa84c6486f C:\WINDOWS\system32\msg723.acm

MD5: 3a9846e207dafc13009c048a2f6f8c2a C:\WINDOWS\system32\msgsm32.acm

MD5: a9259cd226283cd4f798c00909754a94 C:\WINDOWS\system32\mshtml.dll

MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll

MD5: 98e53ca00d3c0a2e9faa4e59c101aeba C:\WINDOWS\system32\mslbui.dll

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\netshell.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll

MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll

MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll

MD5: b2cf9f1f606dec23f70a40b01df3c396 C:\WINDOWS\system32\printui.dll

MD5: f1dac7969c1337af790bd1d981aa780c C:\WINDOWS\system32\qmgrprxy.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: a645a78fcdabad67067324d7e6cd9f79 C:\WINDOWS\system32\schannel.dll

MD5: a75bd227929cbe5097dd0b7c53ecf6f7 C:\WINDOWS\system32\SHDOCVW.dll

MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: 0dbb250a89e2e1c9281009ac269f0805 C:\WINDOWS\system32\sl_anet.acm

MD5: 11feb4091b1c6a0016a7a985f94d49e0 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\BRDSM100.DLL

MD5: 6661098c560313fc57e4150883bd0ceb C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\BRENI11A.DLL

MD5: 198bda97d5f3e7c09037f0eac1e1cbc3 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\BRLGI11A_0409.DLL

MD5: ce1d81ef2570d5f1996c05e9ae9b4bc5 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\BRPRI11A.DLL

MD5: 30518a6ce5f8129c5b22982a8dc7f2be C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\BRRII11A.DLL

MD5: bf9793ac8f2929fbd628a63e09963627 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\BRUII11A.DLL

MD5: 73347eca7a6d327ba43c40cb56bca659 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpfpp082.dll

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: d66709f79d595dd378c995c3347349c1 C:\WINDOWS\system32\sstext3d.scr

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll

MD5: 2d0c6968f452aa86846cfca4f7ccbe04 C:\WINDOWS\system32\SymNeti.dll

MD5: 974b764015b037a5c54b6e1afaf44708 C:\WINDOWS\system32\SymRedir.dll

MD5: 735f504deefe4e2ad06360fce2842dd4 C:\WINDOWS\system32\tsd32.dll

MD5: e8cd0d7e169ecce2d4fd829daab786ed C:\WINDOWS\system32\tssoft32.acm

MD5: 407bc2813b30bc2f8a341d5091828caa C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: 31cf51dcda1424b813cc97b20f71b431 c:\windows\system32\vbscript.dll

MD5: 0dfa4d5e8205614eda53394e637812e4 C:\WINDOWS\system32\VDMDBG.DLL

MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll

MD5: f362d50fbdc6e34918df41bde1770e5c C:\WINDOWS\system32\WININET.dll

MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: 5caf91e865fe0c85048a233e594544d2 c:\windows\system32\WUDFPlatform.dll

MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: 1b3b381e1aab46f7b321a46150d890cb C:\WINDOWS\system32\xpsp3res.dll

MD5: 4928ab3a304ddf05c354de3807a4a66b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL

MD5: 686b224b4987c22b153fbb545fee9657 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL

MD5: 2229324ce0374811ca64a19ee62f130b C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\MFC90ENU.DLL

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

No file uploaded.

Scan finished - communication took 2 sec

Total traffic - 0.01 MB sent, 1.44 KB recvd

Scanned 820 files and modules - 298 seconds

==============================================================================

RogueKiller V7.5.0 [05/24/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date: 05/27/2012 19:36:26

¤¤¤ Bad processes: 2 ¤¤¤

[bLACKLIST] iac25_32.ax -- C:\WINDOWS\system32\iac25_32.ax -> UNLOADED

[sUSP PATH] agent.exe -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[bLACKLIST DLL] HKUS\S-1-5-19[...]\Run : AdobeData (rundll32.exe "C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\AdobeData\Adobedata.dll",DllRegisterServer) -> FOUND

[bLACKLIST DLL] HKUS\S-1-5-20[...]\Run : AdobeData (rundll32.exe "C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\AdobeData\Adobedata.dll",DllRegisterServer) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x8062FFDC -> HOOKED (Unknown @ 0x822F7470)

SSDT[13] : NtAlertThread @ 0x805771F8 -> HOOKED (Unknown @ 0x822EF1C8)

SSDT[17] : NtAllocateVirtualMemory @ 0x805691EA -> HOOKED (Unknown @ 0x818663F8)

SSDT[31] : NtConnectPort @ 0x8059110B -> HOOKED (Unknown @ 0x81999740)

SSDT[43] : NtCreateMutant @ 0x805775C8 -> HOOKED (Unknown @ 0x81865D98)

SSDT[53] : NtCreateThread @ 0x80578803 -> HOOKED (Unknown @ 0x81874C30)

SSDT[83] : NtFreeVirtualMemory @ 0x80569B15 -> HOOKED (Unknown @ 0x81866188)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805893EB -> HOOKED (Unknown @ 0x8229FDA0)

SSDT[91] : NtImpersonateThread @ 0x8057F929 -> HOOKED (Unknown @ 0x82295958)

SSDT[108] : NtMapViewOfSection @ 0x8057AC99 -> HOOKED (Unknown @ 0x81994620)

SSDT[114] : NtOpenEvent @ 0x8057FC98 -> HOOKED (Unknown @ 0x822B83D0)

SSDT[123] : NtOpenProcessToken @ 0x80571009 -> HOOKED (Unknown @ 0x82290090)

SSDT[129] : NtOpenThreadToken @ 0x80570AA6 -> HOOKED (Unknown @ 0x81866990)

SSDT[206] : NtResumeThread @ 0x80578E76 -> HOOKED (Unknown @ 0x81A30668)

SSDT[213] : NtSetContextThread @ 0x8062E33F -> HOOKED (Unknown @ 0x8238F458)

SSDT[228] : NtSetInformationProcess @ 0x80570D15 -> HOOKED (Unknown @ 0x81866068)

SSDT[229] : NtSetInformationThread @ 0x8056C516 -> HOOKED (Unknown @ 0x818668B8)

SSDT[253] : NtSuspendProcess @ 0x8062FF21 -> HOOKED (Unknown @ 0x81867058)

SSDT[254] : NtSuspendThread @ 0x805E05AB -> HOOKED (Unknown @ 0x819F58B0)

SSDT[257] : NtTerminateProcess @ 0x805839B9 -> HOOKED (Unknown @ 0x8227A828)

SSDT[258] : NtTerminateThread @ 0x80577F1F -> HOOKED (Unknown @ 0x81A2DA70)

SSDT[267] : NtUnmapViewOfSection @ 0x8057A81E -> HOOKED (Unknown @ 0x822B13C0)

SSDT[277] : NtWriteVirtualMemory @ 0x8057F712 -> HOOKED (Unknown @ 0x81866218)

S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x81848E98)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD400BB-60DGA0 +++++

--- User ---

[MBR] 687f6fb74af6eadf3968305077bb5baa

[bSP] d6f4cf241bb81186a9d4c5d496763b64 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38154 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Ok that's all of the logs! Do i delete the infected files rougekiller found yet? I noticed you didn't say to delete and close rougekiller.

[Maurice Naggar]

No, don't do anything with RogueKiller. Exit the utility if it is still Open.

There's a rogue malware that has inserted a rogue "AdobeData" service, which we'll go after.

I notice your MBAM version is well out of date. Let's do the following:

Download and SAVE & then run mbam-clean.exe from >> here <<

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from >> here <<

Run the mbam-setup.

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.

You may use the guides posted in the FAQ's >> here << or ask and we'll explain how to do it.

Now, start MBAM and do a Quick scan. If it tags anything and asks for action, put them in quarantine.

When all done, Copy & Paste the scan log into a reply.

Re-enable the anti-virus application that you turned off before.

Small tweak: This sys has McAfee Security Scanner, which you do not need.

Go to Control Panel >> Add-or-Remove Programs and select it, and un-install

[krome]

Hello Maurice, here is the mbam log...

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.29.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: OWNER-4AB3EBFEB [administrator]

5/29/2012 7:23:20 PM

mbam-log-2012-05-29 (19-23-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 196333

Time elapsed: 25 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[Maurice Naggar]

The Java runtime needs to be the latest, and same goes for Adobe Reader. Then I'd like for you to run McAfee Stinger utility.

Java

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u32-windows-i586-s.exe to install the newest version.
  ( jre-6u32-windows-x64.exe if this is a 64-bit Windows o.s.)
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    
    • 
      Applications and Applets
      Trace and Log Files
      

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 32 from Sun Microsystems Inc.

Adobe Reader

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Add-Remove programs, Remove Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Stinger

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Edited June 3, 2012 by Maurice Naggar

[krome]

Ok im half way done. I'll start the stinger scan then send you the log reports.

[krome]

Ok here's the Stinger log...

McAfee® Labs Stinger Version 10.2.0.663 built on Jun 6 2012

Copyright © 2012 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Jun 6 2012.

Ready to scan for 4441 viruses, trojans and variants.

Scan initiated on Wed Jun 06 15:22:54 2012

Rootkit scan result : Clean

Master Boot Record(s):....1

Possibly Infected:.............0

Boot Sector(s):.................1

Possibly Infected: ............0

Number of clean files: 23022

What do you think am I clean?

[Maurice Naggar]

I don't think it has malware. Even so, let's have you run the Combofix tool.

Close any open apps that you may have opened.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on Combo-Fix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

[krome]

Here are the combo-fix logs....

ComboFix 12-06-11.04 - Owner 06/11/2012 16:51:18.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.208 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\DragToDiscUserNameD.txt

c:\documents and settings\Owner\Application Data\077e39da

c:\documents and settings\Owner\Application Data\10dbb1df

c:\documents and settings\Owner\Application Data\e7a3c625

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\SET412.tmp

c:\windows\system32\SET416.tmp

c:\windows\system32\SET41E.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))

.

.

2012-06-06 20:23 . 2012-06-06 20:23 14664 ----a-w- c:\windows\stinger.sys

2012-06-06 20:23 . 2012-06-06 20:22 159608 ----a-w- c:\windows\system32\mfevtps.exe.57d9.deleteme

2012-06-06 20:21 . 2012-06-06 21:32 -------- d-----w- c:\program files\stinger

2012-06-06 11:02 . 2012-06-06 11:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun

2012-06-06 11:01 . 2012-06-06 11:01 -------- d-----w- c:\program files\Common Files\Java

2012-06-06 11:00 . 2012-06-06 11:00 -------- d-----w- c:\program files\Oracle

2012-06-06 10:59 . 2012-06-06 10:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Oracle

2012-06-06 10:59 . 2012-04-04 23:47 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-06 10:59 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-06 10:57 . 2012-06-06 10:57 -------- d-----w- c:\program files\Java

2012-06-06 03:21 . 2012-06-06 03:21 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-06 01:34 . 2012-06-06 01:36 -------- d-----w- c:\program files\Common Files\Adobe

2012-05-30 00:19 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-30 00:19 . 2012-05-30 00:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-29 22:37 . 2012-05-29 22:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2012-05-29 22:37 . 2012-05-29 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-05-28 00:13 . 2012-05-28 00:14 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan

2012-05-27 23:58 . 2012-05-27 23:59 -------- d-----w- c:\program files\trend micro

2012-05-27 23:58 . 2012-05-27 23:59 -------- d-----w- C:\rsit

2012-05-27 23:19 . 2012-05-27 23:21 -------- d-----w- c:\program files\ERUNT

2012-05-23 02:33 . 2012-05-23 02:33 -------- d-----w- c:\program files\ESET

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-06 03:21 . 2011-06-17 00:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-04-11 13:12 . 2004-08-04 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 13:10 . 2004-08-04 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 23:47 . 2010-08-12 23:26 687504 ----a-w- c:\windows\system32\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-02-27 69632]

"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-02-27 757760]

"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-02-27 253952]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-19 115560]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]

"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]

"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]

"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]

"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]

"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-11 813584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=

"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/11/2010 12:17 AM 10384]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 1:40 AM 144672]

R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [12/24/2011 11:00 PM 245760]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/5/2012 7:44 PM 106656]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2011 9:50 PM 136176]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2/1/2012 11:28 PM 95200]

S2 mfevtp;McAfee Validation Trust Protection Service;"c:\windows\system32\mfevtps.exe" --> c:\windows\system32\mfevtps.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/5/2012 10:21 PM 257696]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 9:17 PM 23888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2011 9:50 PM 136176]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys --> c:\windows\system32\drivers\mferkdet.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ADOBEFLASHPLAYERUPDATESVC

*NewlyCreated* - MFEHIDK

*NewlyCreated* - MFERKDET

*NewlyCreated* - MFEVTP

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 03:21]

.

2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-23 02:50]

.

2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-23 02:50]

.

2012-06-11 c:\windows\Tasks\User_Feed_Synchronization-{14DB1040-9A1C-4845-BB9F-5713E3E473A3}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-Symantec Antvirus

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-11 17:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1100)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

.

Completion time: 2012-06-11 17:16:56

ComboFix-quarantined-files.txt 2012-06-11 22:16

.

Pre-Run: 14,493,499,392 bytes free

Post-Run: 15,559,606,272 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - E912CC0EF8C81B7EA6C9F18BEBA1D8F2

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

1. Close any programs you started, save your work documents (if any).

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

AdobeData

DDS::

O4 - HKUS\S-1-5-19\..\Run: [AdobeData] rundll32.exe "C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\AdobeData\Adobedata.dll",DllRegisterServer (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AdobeData] rundll32.exe "C:\Documents and Settings\Owner\Local Settings\Application Data\Adobe\AdobeData\Adobedata.dll",DllRegisterServer (User 'NETWORK SERVICE')

Quit::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Logoff and Restart the system fresh.

There was a new Java runtime just released, so I'd like for you to (again) get the latest for the sake of security.

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u33-windows-i586-s.exe to install the newest version.
  ( jre-6u33-windows-x64.exe if this is a 64-bit Windows o.s.)
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
      

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 33 from Sun Microsystems Inc.

Reply with copy of the latest C:\Combofix.txt AND

tell me, How is your system now?

I believe we can wrap this up on the next pass.

[krome]

Here's the log below...

ComboFix 12-06-13.04 - Owner 06/13/2012 13:46:59.2.1 - x86

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))

.

.

2012-06-06 20:23 . 2012-06-06 20:23 14664 ----a-w- c:\windows\stinger.sys

2012-06-06 20:21 . 2012-06-06 21:32 -------- d-----w- c:\program files\stinger

2012-06-06 11:02 . 2012-06-06 11:02 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun

2012-06-06 11:01 . 2012-06-06 11:01 -------- d-----w- c:\program files\Common Files\Java

2012-06-06 11:00 . 2012-06-06 11:00 -------- d-----w- c:\program files\Oracle

2012-06-06 10:59 . 2012-06-06 10:59 -------- d-----w- c:\documents and settings\Owner\Application Data\Oracle

2012-06-06 10:59 . 2012-04-04 23:47 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-06-06 10:59 . 2012-04-04 23:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-06-06 10:57 . 2012-06-06 10:57 -------- d-----w- c:\program files\Java

2012-06-06 03:21 . 2012-06-06 03:21 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-06 01:34 . 2012-06-06 01:36 -------- d-----w- c:\program files\Common Files\Adobe

2012-05-30 00:19 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-30 00:19 . 2012-05-30 00:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-29 22:37 . 2012-05-29 22:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2012-05-29 22:37 . 2012-05-29 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-05-28 00:13 . 2012-05-28 00:14 -------- d-----w- c:\documents and settings\Owner\Application Data\QuickScan

2012-05-27 23:58 . 2012-05-27 23:59 -------- d-----w- c:\program files\trend micro

2012-05-27 23:58 . 2012-05-27 23:59 -------- d-----w- C:\rsit

2012-05-27 23:19 . 2012-05-27 23:21 -------- d-----w- c:\program files\ERUNT

2012-05-23 02:33 . 2012-05-23 02:33 -------- d-----w- c:\program files\ESET

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-06 03:21 . 2011-06-17 00:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-04-11 13:12 . 2004-08-04 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 13:10 . 2004-08-04 12:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 12:35 . 2004-08-03 22:59 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 23:47 . 2010-08-12 23:26 687504 ----a-w- c:\windows\system32\deployJava1.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-11_22.11.54 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-13 19:16 . 2012-06-13 19:16 204800 c:\windows\ERDNT\AutoBackup\6-13-2012\Users\00000002\UsrClass.dat

+ 2012-06-13 19:17 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\6-13-2012\ERDNT.EXE

+ 2012-06-13 19:16 . 2012-06-13 19:16 5406720 c:\windows\ERDNT\AutoBackup\6-13-2012\Users\00000001\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]

"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-02-27 69632]

"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-02-27 757760]

"RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-02-27 253952]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-12-19 115560]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-09 46368]

"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-09 29984]

"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]

"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]

"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]

"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]

"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-12-23 2629632]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\documents and settings\Owner\Start Menu\Programs\Startup\

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-11 813584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-07-20 18:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=

"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=

"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/11/2010 12:17 AM 10384]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2/1/2012 11:28 PM 95200]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\Nuance\PaperPort\PDFProFiltSrvPP.exe [3/9/2010 1:40 AM 144672]

R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [12/24/2011 11:00 PM 245760]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/5/2012 7:44 PM 106656]

S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2011 9:50 PM 136176]

S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [8/4/2004 7:00 AM 14336]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [6/5/2012 10:21 PM 257696]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [11/18/2008 9:17 PM 23888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2011 9:50 PM 136176]

S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/4/2004 7:00 AM 14336]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - IPHLPSVC

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 03:21]

.

2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-23 02:50]

.

2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-23 02:50]

.

2012-06-13 c:\windows\Tasks\User_Feed_Synchronization-{14DB1040-9A1C-4845-BB9F-5713E3E473A3}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Open with PDF Viewer Plus - c:\program files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-13 14:13

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1120)

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

.

- - - - - - - > 'explorer.exe'(2500)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe

c:\windows\system32\rundll32.exe

c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

c:\program files\ControlCenter4\BrCtrlCntr.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\ControlCenter4\BrCcUxSys.exe

c:\program files\Common Files\Java\Java Update\jucheck.exe

c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe

.

**************************************************************************

.

Completion time: 2012-06-13 14:31:09 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-13 19:30

ComboFix2.txt 2012-06-11 22:16

.

Pre-Run: 15,843,852,288 bytes free

Post-Run: 15,768,293,376 bytes free

.

- - End Of File - - D36BB6DE3E6423CF86AC9AD722F52179

My computer seems fine now. In some areas it's slow because of my Symantec Endpoint Protection. The file system is corrupt sometimes and it will drag. Symantec came with the computer I bought from ebay so I can't un-install then re-install it. Any idea where i can download a better anti-virus program?

[Maurice Naggar]

Three good antivirus programs free for non-commercial home use are Avast!, Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

I would suggest you get either MSE or Avira.

The sequence to use when switching antivirus is this:

1) Download AND SAVE the setup program of the new antivirus. (Have it handy).

2) Disconnect pc from internet

3) De-install the old antivirus (in your case with XP, use the Add-or-Remove program & then locate it & un-install (remove)

4) Make sure to Logoff and Restart Windows fresh.

5) Run setup of new antivirus

6) Logoff and Restart fresh

7) Reconnect to internet

7) start the new A-V, and do an Update run (to make sure it is all current)

I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it Combo-Fix ), put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after exe and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Click Start, then click Run.
  In the text box that opens, type or copy/paste Combo-Fix /uninstall and then click OK.
  

IF in the case Combofix un-install has an issue, skip that step.

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

Delete the following if still present:

RogueKiller.exe

Stinger.exe

ERUNT you should keep and use on some periodic basis to save the Windows registry.

• Have a hardware router between the incoming internet-modem and your computer.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Critical Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winh...02/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
  Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
  or Paragon Backup & Recovery http://www.paragon-s...e/download.html
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  ESET Online Scanner
  Panda ActiveScan
  Trend Micro Housecall
  F-Secure Online Scanner
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

Edited June 14, 2012 by Maurice Naggar