Jump to content

combofix will not uninstall


Recommended Posts

I have WinXP SP3 professional. I use Avast and Comodo and malwarebytes when I have a problem.

I hope this is the right forum if not please let me know. I use malwarebytes and then combofix if I find a problem. This has worked many times and I have found iinnumerable problems with malwearbytes and combofix both programs deleting many files and solving many problems like browser hyjacking. I am no expert and I know that you will tell me to never use combofix but I think it a great program and have had no problems untill now. I understand that it must be run from the desktop and one must disable firewalls and virus protection giving it plenty of time to finish. This is the first problem I have ever had with combofix and it occured recently with the "12.6.12.3" version.

My computer works fine now untill I try to uninstall combofix with the "combofix /uninstall" command at the run box. When I do that and I reboot I get, in event viewer

Event Type: Error

Event Source: Service Control Manager

Event Category: None

Event ID: 7000

Date: 6/18/2012

Time: 4:16:39 PM

User: N/A

Computer: HOME-SATA

Description:

The CryptSvc service failed to start due to the following error:

The executable program that this service is configured to run in does not

implement the service.

and my icons are all on one side and if I move them they return to one side on a reboot. I can not connect to the internet but when I try to disable the Windows connection I get an error telling me that the device can not be found. All these problems go away when I reinstall combofix.

This is my Combofix log from my reinstall of combofix.

============================

ComboFix 12-06-12.03 - mwda 06/18/2012 19:10:30.5.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1507 [GMT -5:00]

Running from: c:\documents and settings\mwda\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

- REDUCED FUNCTIONALITY MODE -

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-11 19:49 . 2012-06-11 19:49 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-11 19:49 . 2012-06-11 19:49 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-05-22 21:53 . 2012-05-22 21:53 -------- d-----w- c:\documents and settings\mwda\Application Data\Auslogics

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-11 19:13 . 2012-03-31 21:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-11 19:13 . 2011-08-26 02:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-31 13:22 . 2004-08-04 06:56 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-04-11 13:14 . 2004-08-04 05:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12 . 2004-08-04 05:17 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 20:56 . 2004-07-08 20:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-11 19:49 . 2011-05-07 22:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kalender"="c:\program files\Kalender\Kalender.exe" [2010-08-22 933888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk

backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^mwda^Start Menu^Programs^Startup^Locate32 Autorun.lnk]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 18:37 173592 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-02-26 18:37 141336 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2007-05-14 17:35 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

1999-08-04 05:00 122940 ----a-w- c:\program files\Microsoft Money\System\Money Express.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2007-05-14 17:38 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 18:37 142360 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]

2007-02-01 18:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-06-14 02:00 77824 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-05-21 19:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/18/2011 8:25 PM 14776]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2011 4:34 PM 371544]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/11/2011 4:34 PM 301528]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [6/11/2010 12:49 PM 13696]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 6:37 PM 494968]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 6:37 PM 31704]

R1 HWiNFO32;HWiNFO32/64 Kernel Driver;d:\instal\util\diag\hw32\HWiNFO32.sys [12/16/2011 10:02 PM 21624]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/11/2011 4:34 PM 19544]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/19/2010 7:22 PM 20968]

R2 pciinfo;pciinfo;c:\windows\system32\drivers\PCIINFO.SYS [6/20/2010 9:30 AM 2752]

S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176]

S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [8/4/2004 1:56 AM 14336]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 4:43 PM 257224]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/11/2010 12:51 PM 1684736]

S3 cpuz130;cpuz130;\??\c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 DirectNT;DirectNT;\??\h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS --> h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [3/31/2011 4:00 PM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [3/31/2011 4:00 PM 8456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176]

S3 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/18/2011 5:47 PM 312152]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 11:27 AM 113120]

S3 PORTMON;PORTMON;\??\d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS --> d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS [?]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [8/24/2011 4:19 PM 272128]

S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/4/2004 1:56 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [3/28/2011 12:39 PM 229376]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - uphcleanhlp

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

UPHClean REG_MULTI_SZ UPHClean

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:13]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56]

.

2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56]

.

2012-05-25 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job

- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2011-03-21 17:03]

.

2011-03-21 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job

- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2011-03-21 17:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Connection Wizard,ShellNext = iexplore

IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z178&form=ZGAADF&install_date=20110901&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-18 19:11

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\18.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(784)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'lsass.exe'(840)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'explorer.exe'(2524)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2012-06-18 19:13:28

ComboFix-quarantined-files.txt 2012-06-19 00:13

ComboFix2.txt 2012-06-19 00:00

.

Pre-Run: 67,047,350,272 bytes free

Post-Run: 67,029,594,112 bytes free

.

- - End Of File - - 4B0530F5AF933F1F4A2437CB5B73CBA3

========================

I may be still infected with some sort of malware though I just updated and ran a full scan of Malwarebytes and it found nothing.

any help would be appreciated

Marshall

Link to post
Share on other sites

Hello Marshall,

Hopefully you have now learned to never use Combofix without the guidance of a trained helper.

Locate, then copy & paste the contents of this file --> ComboFix-quarantined-files.txt

IIRC, it should be in folder C:\Qoobox

Tell me why you have 2 firewalls showing: Comodo + ZoneAlarm ??

I would prefer that you un-install ZoneAlarm.

Edited by Maurice Naggar
Link to post
Share on other sites

Thank you very much for your help

It is hard to not run combofix when it works so well and of course all of your advice may well be appropriate for many people as I am sure you know however I accept your criticizem, though I have run combofix on computers with no access to the internet and that would have required a full reinstall if it had failed and it did not fail.

I uninstalled Zone Alarm a long time ago and their is only one entry in the ComboFix-quarantined-files.txt file listed bellow

===========================

2012-06-19 00:09:01 . 2012-06-19 00:09:01 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

==================================

a small note: it is my understanding that the CryptSvc service is used by virus detection and firewall programs also I see only one of these services that I believe Combofix uses in the list above

@%SystemRoot%\system32\iphlpsvc.dll,-200 @%SystemRoot%\system32\iphlpsvc.dll,-201 Automatic Local System

@%SystemRoot%\system32\winhttp.dll,-100 @%SystemRoot%\system32\winhttp.dll,-101 Manual Local Service

@%SystemRoot%\System32\wscsvc.dll,-200 @%SystemRoot%\System32\wscsvc.dll,-201 Started Automatic Local System

and their is no tdx.exe or tdx.sys file that I can find. I hope this is helpfull and not pointless.

Thank you again for your help

Marshall

Link to post
Share on other sites

.....

a small note: it is my understanding that the CryptSvc service is used by virus detection and firewall programs also I see only one of these services that I believe Combofix uses in the list above.....

Marshall

I do not know why you are looking at Cryptographic Service (CryptSvc). It is a very important Windows service. It is required for (amongst others) by Windows Automatic Updates & is a requirement as well for RPC service.

Please do us all a favor: do not play around with Windows services.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

RE-Enable your AntiVirus and AntiSpyware applications.

Link to post
Share on other sites

Thank you for your response

I will do all you stipulate. The reason for looking at the service CryptSvc is, as I noted, that "Event viewer" indicates that this service stops unexpectedly when I start my computer with out Combofix. When I first was trying to fix the problem I went to "event viewer" and saw this error message and believed it part of the problem.

I will post the combofix log when I am done.

Marshall

Link to post
Share on other sites

Thank you again for your help!

here is the log file created by combofix

=======================

ComboFix 12-06-19.01 - mwda 06/19/2012 12:53:02.6.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2013.1522 [GMT -5:00]

Running from: c:\documents and settings\mwda\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))

.

.

2012-06-19 17:37 . 2012-06-19 17:37 -------- d-----w- c:\program files\ERUNT

2012-06-11 19:49 . 2012-06-11 19:49 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-06-11 19:49 . 2012-06-11 19:49 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-05-22 21:53 . 2012-05-22 21:53 -------- d-----w- c:\documents and settings\mwda\Application Data\Auslogics

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-11 19:13 . 2012-03-31 21:43 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-11 19:13 . 2011-08-26 02:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-31 13:22 . 2004-08-04 06:56 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-04-11 13:14 . 2004-08-04 05:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 13:12 . 2004-08-04 05:17 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-04 20:56 . 2004-07-08 20:59 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-19 01:52 . 2011-05-07 22:21 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Kalender"="c:\program files\Kalender\Kalender.exe" [2010-08-22 933888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 6749512]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk

backup=c:\windows\pss\NETGEAR WG111v2 Smart Wizard.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^mwda^Start Menu^Programs^Startup^Locate32 Autorun.lnk]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-06 17:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-02-26 18:37 173592 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-02-26 18:37 141336 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

2007-05-14 17:35 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

1999-08-04 05:00 122940 ----a-w- c:\program files\Microsoft Money\System\Money Express.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

2007-05-14 17:38 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-02-26 18:37 142360 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]

2007-02-01 18:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-06-14 02:00 77824 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-05-21 19:01 17881600 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [1/18/2011 8:25 PM 14776]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/11/2011 4:34 PM 371544]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/11/2011 4:34 PM 301528]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [6/11/2010 12:49 PM 13696]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [1/6/2011 6:37 PM 494968]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/6/2011 6:37 PM 31704]

R1 HWiNFO32;HWiNFO32/64 Kernel Driver;d:\instal\util\diag\hw32\HWiNFO32.sys [12/16/2011 10:02 PM 21624]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/11/2011 4:34 PM 19544]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [6/19/2010 7:22 PM 20968]

R2 pciinfo;pciinfo;c:\windows\system32\drivers\PCIINFO.SYS [6/20/2010 9:30 AM 2752]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 4:43 PM 257224]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [6/11/2010 12:51 PM 1684736]

S3 cpuz130;cpuz130;\??\c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]

S3 DirectNT;DirectNT;\??\h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS --> h:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS [?]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [3/31/2011 4:00 PM 13192]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [3/31/2011 4:00 PM 8456]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2010 9:56 PM 136176]

S3 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/18/2011 5:47 PM 312152]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\18.tmp --> c:\windows\system32\18.tmp [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/27/2012 11:27 AM 113120]

S3 PORTMON;PORTMON;\??\d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS --> d:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS [?]

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [8/24/2011 4:19 PM 272128]

S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/4/2004 1:56 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [3/28/2011 12:39 PM 229376]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - uphcleanhlp

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

UPHClean REG_MULTI_SZ UPHClean

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:13]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56]

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-09 02:56]

.

2012-05-25 c:\windows\Tasks\MyDefrag v4.3.1 Daily.job

- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2011-03-21 17:03]

.

2011-03-21 c:\windows\Tasks\MyDefrag v4.3.1 Monthly.job

- c:\program files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2011-03-21 17:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://google.com/

uInternet Connection Wizard,ShellNext = iexplore

IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z178&form=ZGAADF&install_date=20110901&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-19 13:00

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\18.tmp"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2896)

c:\windows\system32\WININET.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\COMODO\COMODO Internet Security\cmdagent.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Visioneer\OneTouch 4.0\OtService.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-06-19 13:02:55 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-19 18:02

ComboFix2.txt 2012-06-19 00:13

ComboFix3.txt 2012-06-19 00:00

.

Pre-Run: 66,849,611,776 bytes free

Post-Run: 66,814,255,104 bytes free

.

- - End Of File - - E9C93AEFD430FA7F8DFD0187E0C9F3BE

Link to post
Share on other sites

I went to services and I see that the services that I noted before have been removed, namely

@%SystemRoot%\system32\iphlpsvc.dll,-200 @%SystemRoot%\system32\iphlpsvc.dll,-201 Automatic Local System

@%SystemRoot%\system32\winhttp.dll,-100 @%SystemRoot%\system32\winhttp.dll,-101 Manual Local Service

@%SystemRoot%\System32\wscsvc.dll,-200 @%SystemRoot%\System32\wscsvc.dll,-201 Started Automatic Local System.

Should I now try again to uninstall combofix?

Thank you very much for your help

Marshall

Link to post
Share on other sites

I went to services and I see that the services that I noted before have been removed, namely

@%SystemRoot%\system32\iphlpsvc.dll,-200 @%SystemRoot%\system32\iphlpsvc.dll,-201 Automatic Local System

@%SystemRoot%\system32\winhttp.dll,-100 @%SystemRoot%\system32\winhttp.dll,-101 Manual Local Service

@%SystemRoot%\System32\wscsvc.dll,-200 @%SystemRoot%\System32\wscsvc.dll,-201 Started Automatic Local System.

..........

Marshall

Tell me, "where" did you see/gather this information ??

You may uninstall Combofix. Neither of the 2 runs of CF found anything. And your pc's issue with the Cryptographic service has nothing to do with Combofix.

You need to stop your practice of using Combofix on your own. While it is a great tool, it is intended to be used only under trained guidance from a trained helper.

Otherwise, one day you will turn your system into an un-bootable brick.

Click Start, then click Run.

In the text box that opens, type or copy/paste ComboFix /uninstall and then click OK.

Step 2

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 3

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen:

Keep the checkmark on Internet Services.

Checkmark Windows firewall

Checkmark Security Center.

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of Log.txt, Info.txt, + FSS.txt with your reply.

Link to post
Share on other sites

Thank you so much for your help

I will do everything you say and post as you instruct me to do.

The information I posted about services was gotten from the XP services program in "administrative tools" which has a copy to text option as you may know. All I did was copy and paste those 3 lines in my post.

I tried several times to run combofix to solve this problem. I did not run it as you have now instructed me to and this is most likely why I had this problem however each time I uninstalled combofix the error with "Cryptographic service" would return so my only assumption is that it had something to do with the problem, though clearly not the cause of the problem. I had a long time ago run combofix and checking out my services and noted a service I did not know about and upon googling it found that it was set up by combofix so I ran the uninstall option and this service went away. I learned from this that it is important to uninstall combofix. I have learned recently that, as it is important to disable Anti virus and firewall programs when installing combofix, it is important to make sure that they are disabled in the uninstall process as well. As I am sure you know that when you reboot some of these programs return.

In this problem I had not checked to make sure that "unhide system files" was selected though I thought I had done that a long time ago as it turns out it had not been done.

This time as I did what you instructed me to do when I stopped my firewall and antivirus program I checked to see if they where still running in process and the Comodo firewall was still listed as a running process, even though the icon had been removed from the lower right had corner of my screen by my selecting exit from it's drop down menue, so I selected "Kill this Process". I don't know if eather of these are a reason for a change but they are a difference from what I had done before.

Marshall

Marshall

Link to post
Share on other sites

I thank you all very much for your help.

I do admire you people. I could not possibly master the complexities that you deal with every day though I am sure, having read this in the paper and having tried to fix other computers, that this is also why the bad guys seem to be winning in computers.

I ran RSIT with no request from my firewall however I got two error messages which requested of me to allow them to report these errors to a website. I selected yes in both instances and in both instances my browser opened and went to a general "Frontier" type search page.

Bellow are the two RSIT info and log file contents.

==============================

Logfile of random's system information tool 1.09 (written by random/random)

Run by mwda at 2012-06-20 10:03:58

Microsoft Windows XP Professional Service Pack 3

System drive C: has 64 GB (80%) free of 79 GB

Total RAM: 2013 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:04:58 AM, on 6/20/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Kalender\Kalender.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\mwda\My Documents\Downloads\RSIT.exe

C:\Program Files\trend micro\mwda.exe

C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [Kalender] C:\Program Files\Kalender\Kalender.exe

O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM

O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe

--

End of file - 5689 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\MyDefrag v4.3.1 Daily.job

C:\WINDOWS\tasks\MyDefrag v4.3.1 Monthly.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default

prefs.js - "browser.startup.homepage" - "http://www.google.com/"

prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, fdm_ffext@freedownloadmanager.org:1.3.4, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323, {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"

prefs.js - "keyword.URL" - "http://www.bing.com/search?pc=Z178&form=ZGAADF&install_date=20110901&q="

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.3.300.257 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]

"Description"=ZoneAlarm Toolbar Api

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660]

"Description"=RealNetworks RealPlayer Chrome Background Extension Plug-In

"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660]

"Description"=RealPlayer HTML5VideoShim Plug-In

"Path"=C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

npdeployJava1.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

answers.xml

bing.xml

bing.xml.old

creativecommons.xml

eBay.xml

google.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Documents and Settings\mwda\Application Data\Mozilla\Firefox\Profiles\93dgnwqq.default\extensions\

nostmp

{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]

FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512]

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Kalender"=C:\Program Files\Kalender\Kalender.exe [2010-08-22 933888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-06-06 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

C:\WINDOWS\system32\hkcmd.exe [2009-02-26 173592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

C:\WINDOWS\system32\igfxtray.exe [2009-02-26 141336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-05-14 46632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

C:\Program Files\Microsoft Money\System\Money Express.exe [1999-08-04 122940]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-05-14 30248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

C:\WINDOWS\system32\igfxpers.exe [2009-02-26 142360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder]

C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\qttask.exe [2010-06-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG111v2 Smart Wizard.lnk]

C:\PROGRA~1\NETGEAR\WG111v2\WG111v2.exe [2010-05-10 1268192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mwda^Start Menu^Programs^Startup^Locate32 Autorun.lnk]

C:\PROGRA~1\Locate\Locate32.exe [2007-07-01 970752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2009-02-20 206848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoResolveSearch"=1

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"vidc.I420"=msh263.drv

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvu9"=iyvu9_32.dll

"vidc.yvyu"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"VIDC.XVID"=xvidvfw.dll

"VIDC.YV12"=yv12vfw.dll

"msacm.ac3acm"=ac3acm.acm

"msacm.lameacm"=lameACM.acm

"VIDC.FFDS"=ff_vfw.dll

"VIDC.WMV3"=wmv9vcm.dll

======List of files/folders created in the last 1 month======

2012-06-20 10:03:58 ----D---- C:\rsit

2012-06-20 10:03:58 ----D---- C:\Program Files\trend micro

2012-06-19 13:18:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2707511$

2012-06-19 13:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2685939$

2012-06-19 13:07:26 ----A---- C:\WINDOWS\imsins.BAK

2012-06-19 13:07:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2709162$

2012-06-19 13:02:59 ----D---- C:\WINDOWS\temp

2012-06-19 13:02:57 ----A---- C:\ComboFix.txt

2012-06-19 12:37:16 ----D---- C:\Program Files\ERUNT

2012-06-04 13:41:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$

2012-05-22 16:53:32 ----D---- C:\Documents and Settings\mwda\Application Data\Auslogics

======List of files/folders modified in the last 1 month======

2012-06-20 10:04:11 ----D---- C:\WINDOWS\Prefetch

2012-06-20 10:03:58 ----RD---- C:\Program Files

2012-06-20 10:03:09 ----D---- C:\WINDOWS\system32\CatRoot2

2012-06-20 10:02:23 ----D---- C:\WINDOWS\system32\config

2012-06-20 09:53:38 ----D---- C:\WINDOWS\system32\drivers

2012-06-20 09:53:37 ----SHD---- C:\System Volume Information

2012-06-20 09:53:37 ----D---- C:\WINDOWS\system32\Restore

2012-06-20 09:52:45 ----A---- C:\WINDOWS\SchedLgU.Txt

2012-06-20 09:52:36 ----D---- C:\WINDOWS

2012-06-20 09:52:26 ----D---- C:\WINDOWS\ERDNT

2012-06-19 13:38:36 ----RSD---- C:\WINDOWS\assembly

2012-06-19 13:38:36 ----D---- C:\WINDOWS\Microsoft.NET

2012-06-19 13:19:38 ----D---- C:\WINDOWS\system32

2012-06-19 13:18:38 ----HD---- C:\WINDOWS\inf

2012-06-19 13:18:36 ----RSHDC---- C:\WINDOWS\system32\dllcache

2012-06-19 13:18:25 ----SHD---- C:\WINDOWS\Installer

2012-06-19 13:18:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2012-06-19 13:18:05 ----D---- C:\WINDOWS\WinSxS

2012-06-19 13:13:05 ----D---- C:\WINDOWS\Debug

2012-06-19 13:13:01 ----A---- C:\WINDOWS\system32\MRT.exe

2012-06-19 13:10:34 ----D---- C:\Program Files\Internet Explorer

2012-06-19 13:10:22 ----D---- C:\WINDOWS\ie8updates

2012-06-19 13:10:16 ----HD---- C:\WINDOWS\$hf_mig$

2012-06-19 13:00:21 ----N---- C:\WINDOWS\system.ini

2012-06-19 12:59:55 ----D---- C:\WINDOWS\system32\drivers\etc

2012-06-19 12:56:10 ----D---- C:\WINDOWS\AppPatch

2012-06-19 12:56:07 ----D---- C:\Program Files\Common Files

2012-06-19 08:47:03 ----D---- C:\Program Files\Mozilla Maintenance Service

2012-06-18 20:52:37 ----D---- C:\Program Files\Mozilla Firefox

2012-06-18 20:21:33 ----A---- C:\WINDOWS\ahd3.ini

2012-06-18 20:15:51 ----D---- C:\WINDOWS\system

2012-06-16 20:31:43 ----D---- C:\Documents and Settings\mwda\Application Data\dvdcss

2012-06-15 14:09:51 ----D---- C:\Documents and Settings\mwda\Application Data\UK's Kalender

2012-06-12 20:17:32 ----SD---- C:\WINDOWS\Tasks

2012-06-12 15:06:45 ----D---- C:\Documents and Settings\mwda\Application Data\Software Informer

2012-06-11 20:46:43 ----D---- C:\Program Files\Mozilla Thunderbird

2012-06-11 14:16:54 ----N---- C:\WINDOWS\win.ini

2012-06-11 14:13:19 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2012-05-31 08:22:09 ----A---- C:\WINDOWS\system32\crypt32.dll

2012-05-22 16:53:28 ----D---- C:\Program Files\Auslogics

2012-05-22 16:51:57 ----D---- C:\Program Files\AusLogics Disk Defrag

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2012-03-11 97760]

R0 SmartDefragDriver;SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [2010-11-26 14776]

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-02-23 30680]

R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-02-23 25432]

R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-02-23 371544]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-02-23 301528]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-02-23 49240]

R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []

R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-03-11 494968]

R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-03-11 31704]

R1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\D:\instal\util\diag\hw32\HWiNFO32.SYS []

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]

R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]

R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-06-11 21419]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-02-23 19544]

R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-02-23 102232]

R2 cpuz133;cpuz133; \??\C:\WINDOWS\system32\drivers\cpuz133_x32.sys []

R2 pciinfo;pciinfo; C:\WINDOWS\System32\drivers\PCIINFO.SYS [2000-03-15 2752]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-02-20 6312864]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-02 5085184]

R3 RT73;ASUS USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-01-15 459520]

R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]

S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []

S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []

S3 cpuz130;cpuz130; \??\C:\DOCUME~1\mwda\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []

S3 DirectNT;DirectNT; \??\H:\back\win_e\bat\utilitis\cpu information\DIRECTNT.SYS []

S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []

S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []

S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\18.tmp []

S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]

S3 PORTMON;PORTMON; \??\D:\installed\util\sysinternals\SysinternalsSuite\PORTMSYS.SYS []

S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys [2007-12-26 272128]

S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP2\WNt500x86\Sandra.sys []

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184]

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232]

R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor; C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe [2008-06-02 131072]

R2 UPHClean;User Profile Helper Cleanup; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-08 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-11 257224]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 Diskeeper;Diskeeper; C:\Program Files\Executive Software\DiskeeperLite\DKService.exe [2002-10-16 176128]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-11-08 136176]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]

S3 WinDefend;Windows Defender; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

S4 PuranDefrag;PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [2011-02-15 229376]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2012-06-20 10:05:01

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

A.F.5 Rename your files 1.1-->MsiExec.exe /I{A725C340-77EE-11D6-BBC2-0000CB591583}

ActivePerl 5.8.9 Build 828-->MsiExec.exe /I{908241D6-9CB9-4C7B-ADE2-DE1C20BD0333}

Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A}

Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -maintain plugin

Adobe Reader X (10.1.0)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Adobe Shockwave Player 11.6-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"

Advanced Port Scanner v1.3-->C:\Program Files\Advanced Port Scanner\uninstal.exe

Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"

ASUS WLAN Card Utilities/Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\Setup.exe" -l0x9

Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"

Auslogics Duplicate File Finder-->"C:\Program Files\Auslogics\Auslogics Duplicate File Finder\unins000.exe"

Auslogics Task Manager-->"C:\Program Files\Auslogics\Auslogics Task Manager\unins000.exe"

AutoHotkey 1.0.48.05-->C:\Program Files\AutoHotkey\uninst.exe

avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup

Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

CDBurnerXP Pro 3-->MsiExec.exe /I{12F14497-A7B7-4571-AAAC-154DBC93EAB0}

Chessmaster 9000-->C:\WINDOWS\IsUninst.exe -f"f:\Program Files\Ubi Soft\Chessmaster 9000\CM9kUninst.isu"

CleanHaven 2.2-->"C:\Program Files\CleanHaven\unins000.exe"

ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}

CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}

COMODO Internet Security-->MsiExec.exe /I{FD8E178D-8B4E-42DA-B434-EFF270329B1C}

CPUID CPU-Z 1.54-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"

CSVed 2.1.4-->"C:\Program Files\CSVed\unins000.exe"

Defraggler-->"C:\Program Files\Defraggler\uninst.exe"

DelinvFile - 3.03-->"C:\Program Files\PurgeIE\unins000.exe"

Disk Investigator 1.51-->C:\Program Files\Disk Investigator\uninst.exe

Diskeeper Lite-->MsiExec.exe /X{A3F60446-48FB-48A8-B5FC-BB3430AEF806}

Duplicate Cleaner 2.0.5-->C:\Program Files\Duplicate Cleaner\uninst.exe

EASEUS Partition Master 8.0.1 Home Edition-->"C:\Program Files\EASEUS\EASEUS Partition Master 8.0.1 Home Edition\unins000.exe"

Encyclopaedia Britannica Ultimate Reference Suite DVD 2004-->"C:\Program Files\Britannica 2004\Ultimate Reference Suite DVD\UninstallerData\Uninstall Encyclopaedia Britannica Ultimate Reference Suite 2004.exe"

Eraser-->"C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSE

Eraser-->C:\Documents and Settings\All Users\Application Data\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

ExamDiff 1.8 (Build 1.8.0.7)-->"C:\Program Files\ExamDiff\unins000.exe"

FastStone Image Viewer 4.6-->C:\Program Files\FastStone Image Viewer\uninst.exe

Final Media Player 2010-->"C:\Program Files\FinalMediaPlayer\unins000.exe"

Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"

Freemake Video Converter version 3.0.1-->"C:\Program Files\Freemake\Freemake Video Converter\Uninstall\unins000.exe"

Google Chrome-->"C:\Program Files\Google\Chrome\Application\19.0.1084.56\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

GPL Ghostscript 9.00-->"C:\Program Files\gs\uninstgs.exe" "C:\Program Files\gs\gs9.00\uninstal.txt"

HashCalc 2.02-->"C:\Program Files\HashCalc\unins000.exe"

Helicon Filter 4.93.2 Free-->"C:\Program Files\Helicon Software\Helicon Filter\unins000.exe"

Hexonic PDF Split and Merge 1.0-->"C:\Program Files\Hexonic PDF Split and Merge\unins000.exe"

High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

HP Business Inkjet 1000 Series-->msiexec /x{8034A623-0A42-4514-9536-BD124A9AEBA5}

HP Drive Key Boot Utility-->C:\Program Files\Compaq\hpdkbu\hpuninst.exe

HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9

ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"

Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

IObit Security 360-->"C:\Program Files\IObit\IObit Security 360\unins000.exe"

IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe

IsoBuster 2.8-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"

Java 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}

K-Lite Codec Pack 5.9.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Locate32-->C:\Program Files\Locate\Remove.exe

Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"

Microsoft Encarta Encyclopedia Standard 2001-->MsiExec.exe /I{01001201-5D65-445A-B3B4-3DCE72BA0C6C}

Microsoft Money 2000 Standard Edition-->C:\Program Files\Microsoft Money\setup\setup.exe

Microsoft Streets and Trips 2001-->MsiExec.exe /I{3D719053-5593-11D3-8F25-0060085C1758}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Works 4.0-->C:\Program Files\MSWorks\Setup40\setup.exe

Mozilla Firefox 13.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

Mozilla Thunderbird 12.0.1 (x86 en-US)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MyDefrag v4.3.1-->"C:\Program Files\MyDefrag v4.3.1\unins000.exe"

Mz Services Manager-->"C:\Program Files\Mz Ultimate Tools\Mz Services Manager\unins000.exe"

Neat Image v6.1 Home-->"C:\Program Files\Neat Image\unins000.exe"

NETGEAR WG111v2 wireless USB 2.0 adapter-->C:\Program Files\InstallShield Installation Information\{4102037D-E8E0-48E0-B203-E521D194FB71}\setup.exe -runfromtemp -l0x0009 -removeonly

Norton PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502}

NoteTab Light 5 (Remove only)-->"C:\Program Files\NoteTab Light\unins000.exe"

OneTouch 4.0-->MsiExec.exe /I{BCDA28CF-BDE3-49BE-AB50-87FD47CA4559}

OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}

Photo Pos Pro-->"C:\WINDOWS\Photo Pos Pro Uninstaller.exe"

PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"

Pixia-->"C:\Program Files\InstallShield Installation Information\{A0BCF90F-B4E4-435C-A48D-8FAAE10554F9}\setup.exe" -runfromtemp -l0x0409 -removeonly

Puran Defrag Free Edition 7.2-->"C:\Program Files\Puran Defrag\unins000.exe"

PySol Fan Club edition v.2.0-->"C:\Program Files\PySol Fan Club edition\unins000.exe"

QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly

Registrar Lite 2.00-->"C:\Program Files\Registrar Lite\unwise.exe" C:\PROGRA~1\REGIST~1\INSTALL.LOG

Revo Uninstaller 1.88-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe

ScanSoft PaperPort 11-->MsiExec.exe /I{0AB8248A-BCC4-4B46-9A8A-1B5FBBDB8278}

SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client

Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2675157)-->"C:\WINDOWS\ie8updates\KB2675157-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB2699988)-->"C:\WINDOWS\ie8updates\KB2699988-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Encoder (KB2447961)-->"C:\WINDOWS\$NtUninstallKB2447961_WM9L$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2416400)-->"C:\WINDOWS\$NtUninstallKB2416400$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2482017)-->"C:\WINDOWS\$NtUninstallKB2482017$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2510581)-->"C:\WINDOWS\$NtUninstallKB2510581$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2530548)-->"C:\WINDOWS\$NtUninstallKB2530548$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544521)-->"C:\WINDOWS\$NtUninstallKB2544521$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2559049)-->"C:\WINDOWS\$NtUninstallKB2559049$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2586448)-->"C:\WINDOWS\$NtUninstallKB2586448$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2618444)-->"C:\WINDOWS\$NtUninstallKB2618444$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2685939)-->"C:\WINDOWS\$NtUninstallKB2685939$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2695962)-->"C:\WINDOWS\$NtUninstallKB2695962$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2707511)-->"C:\WINDOWS\$NtUninstallKB2707511$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2709162)-->"C:\WINDOWS\$NtUninstallKB2709162$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"

Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"

Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"

Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\INSTALL.LOG

Smart Defrag 2-->"C:\Program Files\IObit\Smart Defrag 2\unins000.exe"

Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"

Speccy-->"C:\Program Files\Speccy\uninst.exe"

swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}

SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"

TestPath v1.3-->"C:\Program Files\TestPath2\unins000.exe"

TreeComp-->MsiExec.exe /I{30A01D71-86B1-4C24-8B1B-F9CCBDE094CC}

Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"

UK's Kalender 2.3.2-->"C:\Program Files\Kalender\unins000.exe"

Undelete Plus 2.98-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"

Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"

Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"

Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"

Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe"

Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"

Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"

Update for Windows XP (KB2718704)-->"C:\WINDOWS\$NtUninstallKB2718704$\spuninst\spuninst.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

User Profile Helper Cleanup Service-->MsiExec.exe /I{2769265D-6DFF-4ECA-AD5A-5DDD91ECF134}

VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}

VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe

virtualStudio 1.0.38-->"C:\Program Files\virtualStudio\unins000.exe"

What's Running 3.0-->"C:\Program Files\WhatsRunning\unins000.exe"

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"

Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Support Tools-->MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

Xml Viewer-->MsiExec.exe /I{F58E04CD-6E76-43C8-AAF1-482225C2910E}

XXClone ver 0.58.0-->C:\WINDOWS\SYSTEM32\xxclone.exe /uninst

XXConsole: Super Console Generator ver 0.96-->C:\WINDOWS\system32\XXCONSOLE.EXE /uninstall

Yet Another (remote) Process Monitor 2.4.1-->"C:\Program Files\Yet Another (remote) Process Monitor\unins000.exe"

ZipGenius 6.3-->"C:\Program Files\ZipGenius 6\unins000.exe"

======Security center information======

AV: avast! Antivirus

FW: ZoneAlarm Firewall (disabled)

FW: COMODO Firewall

======Environment variables======

"CLASSPATH"="C:\Program Files\Java\jre6\lib\ext\QTJava.zip"

"ComSpec"=%SystemRoot%\system32\cmd.exe

"DiskeeperIcon"=C:\Program Files\Executive Software\DiskeeperLite\

"FP_NO_HOST_CHECK"=NO

"NUMBER_OF_PROCESSORS"=2

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\Executive Software\DiskeeperLite;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\Support Tools;C:\Program Files\ZipGenius 6

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=170a

"QTJAVA"="C:\Program Files\Java\jre6\lib\ext\QTJava.zip"

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"tvdumpflags"=14

"windir"=%SystemRoot%

"tvdebugcategories"=all

-----------------EOF-----------------

=================

Bellow the file from FSS

==============================

Farbar Service Scanner Version: 19-06-2012 01

Ran by mwda (administrator) on 20-06-2012 at 10:14:18

Running from "D:\util-flash\virus-spyware\combofix\fss"

Microsoft Windows XP Professional Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

Security Center:

============

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

**** End of log ****

==========================

I uninstalled Combofix and reboot and all is well. The problem may be solved unless it is something even more complicated then this.

Link to post
Share on other sites

The Activex for Adobe Flash Player is out of date.

To de-install

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or Google or any other widget or toolbar !!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

Since you have Avast antivirus & Comodo security, make sure that you do not have two antivirus apps in real-time monitor status.

You should only have one real-time active a-v monitor.

Since you have MBAM, do a Quick scan and let's see the result, before we let you go.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & paste latest MBAM scan log.

P.S.

Marshall,

Since you noted that ZoneAlarm had been de-installed, but yet we see a "trace" of it left. Then get, save, and run the Zone Alarm removal (cleanup) tool from

http://download.zonealarm.com/bin/free/support/download/clean.exe

Logoff and reboot the system when done with that.

HTH

Edited by Maurice Naggar
Link to post
Share on other sites

I did as you instructed. Their was some issue with Adobe and I could not use the live link but had to download the full program from their site and install it, but Adobe claimed that this is not unusual because some firewalls have issues. Once I did this I checked it out and it seems to be running fine. I was surprised that you had suggested this for I thought I was getting updates all the time from Adobe. I hope that Adobe is not a problem or an opening for malware.

I ran the clean.exe program and should have figured that uninstall would not get all of Zone Alarm. Does Uninstall ever work, certainly not with HP printers?

I use Malwarebytes all the time and have bought it for my laptop and it is a permanent program their however, as you point out and as others have pointed out to me, I should not have two permanent anti-virus programs running at the same time and I like the "scan at start up" feature of Avast plus it is free as is Malwarebytes basic program. I have told people that none of the permanent programs work all of the time but that one should use Malwarebytes periodically allowing it to do an individual scan. I have done this on computers with other high priced protection programs and have not failed to get some real positive hits with Malwarebytes. I had Norton and McAfee for years and I liked McAfee, especially many years ago when it had it's DOS scan at startup, however none of them got the big problem I had Win98 and was told to use Malwarebytes and Firefox at that time and it helped.

I disabled the "Defense+" feature of Comodo and use only the Firewall feature. I hope I do not still have some conflict their however it seems to be working though I may not know if it was not. I am surprised at Comodo not exiting as it should have and may look into another software firewall even though I have told some people to use Comodo.

Here is the Quick Scan from Malwarebytes

=========================================

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.21.06

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

mwda :: HOME-SATA [administrator]

6/21/2012 10:29:54 AM

mbam-log-2012-06-21 (10-29-54).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 227159

Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

====================

I thank you very much for your expert help. I have used help like this more then once and am always amazed at the quality of help I get. I don't care what Microsoft says if it was not for free services like this computers would not win.

Marshall

Link to post
Share on other sites

Marshall,

Thank you for the compliments.

I see that you are clear of your original issues. You are good to go after finishing these cleanups.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Delete FSS.exe if still present.

ERUNT you should keep and use on a periodic basis to backup Windows registry.

Safer practices and malware prevention

We are finished here. Best regards.

Edited by Maurice Naggar
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.