rplusr Posted December 24, 2012 ID:626723 Share Posted December 24, 2012 I noticed intermittent redirects in IE and Firefox when clicking links from Google searches. Ran Malwarebytes and got a hit on Trojan.Happili. Logs show quarantined and deleted. Rebooted and keep getting the same type of re-directs. Could use some of that expert help please.Requested logs follow:DDS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 8.0.6001.18702Run by Roman at 17:45:10 on 2012-12-24Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3197.2412 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled*.============== Running Processes ================.C:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\WINDOWS\system32\mfevtps.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\PCPitstop\PCPitstopScheduleService.exeC:\Program Files\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\TeamViewer\Version8\TeamViewer.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\TeamViewer\Version8\tv_w32.exeC:\Program Files\dcmsvc\dcmsvc.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exeC:\Program Files\PCPitstop\Info Center\InfoCenter.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\WINDOWS\system32\RunDLL32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exeC:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exeC:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exeC:\WINDOWS\system32\rundll32.exeC:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exeC:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exeC:\WINDOWS\system32\RunDll32.exeC:\WINDOWS\System32\alg.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exeC:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exeC:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Program Files\Hewlett-Packard\SmartPrint\bootstrap.exeC:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEc:\PROGRA~1\mcafee\SITEAD~1\saui.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\WINDOWS\system32\SearchFilterHost.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\system32\svchost.exe -k netsvcsC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%suURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dllBHO: AutorunsDisabled - <orphaned>BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: HP Smart Print BHO: {1658D3A1-9E13-4196-A82A-D70D70880F36} - c:\program files\hewlett-packard\smartprint\QuickPrintBHO.dllBHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dllBHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: WsftpBrowserHelper Class: {601ED020-FB6C-11D3-87D8-0050DA59922B} - c:\program files\ws_ftp pro\wsbho2k0.dllBHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLLBHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dllBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: DocuCom PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dllTB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [iSUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduleruRun: [PCShowServer] c:\documents and settings\roman\local settings\application data\directv player\PCShowServerPMWrapper.exeuRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN28SBWG2P05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1uRun: [Google] rundll32 "c:\documents and settings\roman\local settings\application data\hp\google\eqsnx.dll",CreateIScalerWmRun: [Recguard] c:\windows\sminst\RECGUARD.EXEmRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exemRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startmRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hidemRun: [PDF7 Registry Controller] c:\program files\nuance\pdf professional 7\RegistryController.exemRun: [PDFProHook] c:\program files\nuance\pdf professional 7\pdfpro7hook.exemRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exemRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -loginmRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquietmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"dRun: [Google] rundll32 "c:\documents and settings\roman\local settings\application data\hp\google\eqsnx.dll",CreateIScalerWdRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0StartupFolder: c:\docume~1\roman\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\roman\application data\dropbox\bin\Dropbox.exeStartupFolder: c:\docume~1\roman\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exemPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1IE: Open with Nuance PDF Converter 7 - c:\program files\nuance\pdf professional 7\cnvres_eng.dll /100IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\HPQuickPrintLauncher.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dllIE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dllIE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabDPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} - hxxps://www.mydlink.com/8D/activeX//TunnelX.ocxDPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cabDPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP6EP1-15324/webex/ieatgpc.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 192.168.0.1TCP: Interfaces\{53371D86-939F-42EB-8692-365423C01C6D} : DHCPNameServer = 192.168.0.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dllHandler: AutorunsDisabled - <Clsid value has no data>Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dllHandler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllWinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dllWinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dllWinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dllWinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dllWinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dllWinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\roman\application data\mozilla\firefox\profiles\43597dhz.default\FF - prefs.js: browser.search.selectedEngine - Secure SearchFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=FF - prefs.js: network.proxy.type - 0FF - plugin: c:\documents and settings\all users\application data\visan\plugins\npRLSecurePluginLayer.dllFF - plugin: c:\documents and settings\roman\local settings\application data\directv player\npPCShowPlugin.dllFF - plugin: c:\documents and settings\roman\local settings\application data\directv player\npPlayerPlugin.dllFF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dllFF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLLFF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLLFF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dllFF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dllFF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dllFF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dllFF - plugin: c:\windows\npMSDM.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dllFF - ExtSQL: 2012-12-02 09:58; quickprint@hp.com; c:\program files\hewlett-packard\smartprint\QPExtension.---- FIREFOX POLICIES ----FF - user.js: general.useragent.extra.brc - BRI/1.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-2-22 565352]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-6-17 91168]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-17 167784]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-17 167784]R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-17 167784]R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-17 167784]R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-6-17 203400]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-6-17 168880]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-6-17 167344]R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-1-21 86216]R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-23 3467768]R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-6-17 60480]R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-6-17 234824]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-6-17 362640]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-15 84432]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-9-5 277376]S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-5 296808]S3 gupdate1ca13132833f7e2;Google Update Service (gupdate1ca13132833f7e2);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-11-14 146872]S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-6-17 65488]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-15 84432]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-6-17 92192]S3 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 7\PDFProFiltSrv.exe [2011-9-9 135016]S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-9 25088]S3 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]S4 CorelCreatorMessages;CorelCreatorMessages;"c:\windows\system32\corelcreatormessages.exe" --> c:\windows\system32\CorelCreatorMessages.exe [?].=============== Created Last 30 ================.2012-12-19 13:33:59 -------- d-----w- c:\program files\Dropbox2012-12-19 13:23:29 -------- d-----w- c:\program files\iPod2012-12-19 13:23:25 -------- d-----w- c:\program files\iTunes2012-12-19 13:23:25 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E12012-12-15 12:46:58 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys2012-12-15 12:46:51 33944 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll2012-12-14 10:46:14 544160 ----a-w- c:\documents and settings\roman\application data\microsoft\internet explorer\hewlett-packard\smartprint\SmartPrintUpdate.exe2012-12-14 10:46:14 139264 ----a-w- c:\documents and settings\roman\application data\microsoft\internet explorer\hewlett-packard\smartprint\unzip32.dll2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2012-12-02 16:08:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll2012-12-02 15:03:07 -------- d-----w- c:\documents and settings\roman\application data\Visan2012-12-02 15:01:52 -------- d-----w- c:\program files\HP Photo Creations2012-12-02 15:01:52 -------- d-----w- c:\documents and settings\all users\application data\Visan2012-12-02 15:01:52 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations2012-12-02 14:36:42 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll2012-12-02 14:36:40 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll2012-12-02 14:36:40 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll2012-12-02 14:36:36 529808 ----a-w- c:\windows\system32\hpinksts5912.dll2012-12-02 14:36:36 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll2012-12-02 14:36:36 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe2012-12-02 14:36:36 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll2012-11-26 23:55:27 -------- d-----w- c:\documents and settings\roman\application data\Wireshark2012-11-26 23:49:51 -------- d-----w- c:\program files\WinPcap2012-11-26 23:49:18 -------- d-----w- c:\program files\Wireshark2012-11-25 14:33:48 -------- d-----w- c:\program files\Amazon2012-11-25 12:28:45 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll2012-11-25 12:28:44 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll2012-11-25 12:28:44 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll2012-11-25 12:28:43 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe2012-11-25 12:28:43 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe.==================== Find3M ====================.2012-12-18 12:54:50 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-18 12:54:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys2012-11-09 11:56:16 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys2012-11-09 11:53:22 167344 ----a-w- c:\windows\system32\mfevtps.exe2012-11-09 11:53:02 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2012-11-09 11:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2012-11-09 11:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys2012-11-09 11:51:12 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys2012-11-09 11:50:20 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys2012-11-09 11:50:00 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys2012-11-09 11:49:40 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2012-11-09 11:49:10 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts2012-10-24 20:08:38 1101436 -c--a-w- c:\windows\system32\nvdrsdb1.bin2012-10-24 20:08:38 1 -c--a-w- c:\windows\system32\nvdrssel.bin2012-10-24 20:04:23 1101436 -c--a-w- c:\windows\system32\nvdrsdb0.bin2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-09-28 15:32:56 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll2012-09-28 15:32:56 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys.============= FINISH: 17:45:43.87 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 10/28/2008 9:11:13 AMSystem Uptime: 12/24/2012 6:21:14 AM (11 hours ago).Motherboard: ASUSTeK Computer INC. | | P5N73-AMProcessor: Intel® Core™2 Quad CPU Q6700 @ 2.66GHz | Socket 775 | 2666/266mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 462 GiB total, 412.18 GiB free.D: is CDROM ()E: is FIXED (NTFS) - 75 GiB total, 48.17 GiB free.F: is RemovableG: is RemovableH: is RemovableI: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: NVIDIA nForce Networking ControllerDevice ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV07DC\4&1BE66D70&1&000Manufacturer: NVIDIAName: NVIDIA nForce 10/100 Mbps EthernetPNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV07DC\4&1BE66D70&1&000Service: NVENETFD.==== System Restore Points ===================.RP1500: 12/22/2012 4:37:33 PM - System CheckpointRP1501: 12/23/2012 6:00:42 PM - System Checkpoint.==== Installed Programs ======================.73007300_Help7300TrbAdobe Acrobat 5.0Adobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 8.3.1AiO_ScanAiOSoftwareAmazon MP3 Downloader 1.0.17AnswerWorks 5.0 English RuntimeApple Application SupportApple Mobile Device SupportApple Software UpdateAuction SentryBing BarBing Rewards Client InstallerBonjourBufferChmCameraHelperMsiCisco WebEx MeetingsCompatibility Pack for the 2007 Office systemConexant HSF V92 56K RTAD Speakerphone PCI ModemCopyCP_AtenaShokunin1Configcp_dwShrek2Albums1cp_dwShrek2Cards1CreativeProjectsCreativeProjectsTemplatesCueTourdcmsvc 1.0Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestinationsDirectorDIRECTV PlayerDisney Dreams Screen SaverDisney Epic Mickey: Prima Official eGuideDocProcDocumentViewerDragon NaturallySpeaking 11DropboxerLTFamily Tree Maker 2009Family Tree Maker 2010FaxFree JavaScript Editor 4.7Google ChromeGoogle EarthGoogle Update HelperGoogle UpdaterHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows XP (KB2756822)Hotfix for Windows XP (KB2779562)Hotfix for Windows XP (KB954550-v5)HP FWUpdateEDO2HP Image Zone 4.7HP Officejet Pro 8600 Basic Device SoftwareHP Officejet Pro 8600 HelpHP Officejet Pro 8600 Product Improvement StudyHP Photo CreationsHP Product AssistantHP Product DetectionHP PSC & OfficeJet 4.7HP Smart Print 1.1.5.2HP UpdateHPSystemDiagnosticsI.R.I.S. OCRInfo Center 1.0.0.7InstantShareInstantShareAlertIpswitch WS_FTP ProiSEEK AnswerWorks English RuntimeiTunesJava Auto UpdaterJava™ 6 Update 23LightScribe 1.4.44.1Logitech Vid HDLogitech Webcam SoftwareLogitech Webcam Software Driver PackageLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS TwitterLWS Video Mask MakerLWS VideoEffectsLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.65.1.1000McAfee SecurityCenterMcAfee Virtual TechnicianMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft ActiveSync 3.7Microsoft Application Error ReportingMicrosoft Choice GuardMicrosoft Download ManagerMicrosoft Office 2003 Primary Interop AssembliesMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office File Validation Add-InMicrosoft Office Home and Business 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Edition 2003Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Primary Interoperability Assemblies 2005Microsoft SilverlightMicrosoft Software Update for Web Folders (English) 14Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual Studio 2005 Tools for Office RuntimeMicrosoft Visual Studio 2010 Tools for Office Runtime (x86)Microsoft Works 6-9 ConverterMicrosoft WSE 3.0Mozilla Firefox 17.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MultiScreenMX-950 EditorNero SuiteNetObjects Fusion 10.0NetObjects Fusion 12.0Nuance PDF Converter Professional 7NVIDIA Control Panel 306.81NVIDIA DriversNVIDIA Graphics Driver 306.81NVIDIA Install ApplicationNVIDIA nView 136.28NVIDIA nView Desktop ManagerNVIDIA Update 1.10.8NVIDIA Update ComponentsOGA Notifier 2.0.0048.0Paint Shop Pro 6.02 CDPanoStandAlonePassword SafePassword Tracker Deluxe 3.62PC Matic 1.1.0.44PhoneToolsPhotoGalleryPlatformPowerDVDPrintMaster Premier 4.00ProductContextQFolderQuicken 2011Quicken WillMaker Plus 2009Quicken WillMaker Plus 2011QuickTimeReadmeScanScannerCopyScansoft PDF ProfessionalSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589337) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSecurity Update for Windows Internet Explorer 8 (KB2761465)Security Update for Windows XP (KB2724197)Security Update for Windows XP (KB2727528)Security Update for Windows XP (KB2753842-v2)Security Update for Windows XP (KB2753842)Security Update for Windows XP (KB2758857)Security Update for Windows XP (KB2761226)Security Update for Windows XP (KB2770660)Security Update for Windows XP (KB2779030)Security Update for Windows XP (KB923789)Segoe UIShared C Run-time for x86SkinsHP1Skype Click to CallSkype™ 6.0SyncBackSystem Requirements LabTeamViewer 8TEG-PCITXR 32bit Gigabit PCI AdatperTrainzTrayAppTRS2004TurboTax 2009TurboTax 2009 WinPerFedFormsetTurboTax 2009 WinPerReleaseEngineTurboTax 2009 WinPerTaxSupportTurboTax 2009 wkyiperTurboTax 2009 wrapperTurboTax 2010TurboTax 2010 WinPerFedFormsetTurboTax 2010 WinPerReleaseEngineTurboTax 2010 WinPerTaxSupportTurboTax 2010 wkyiperTurboTax 2010 wrapperTurboTax 2011TurboTax 2011 WinPerFedFormsetTurboTax 2011 WinPerReleaseEngineTurboTax 2011 WinPerTaxSupportTurboTax 2011 wkyiperTurboTax 2011 wrapperUnloadUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2687277) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Windows XP (KB2661254-v2)Update for Windows XP (KB2749655)VIA Platform Device ManagerVisual C++ 9.0 Runtime for Dragon NaturallySpeakingVisual C++ Runtime for Dragon NaturallySpeakingVisual Studio 2005 Tools for Office Second Edition RuntimeWarner Bros. Digital Copy ManagerWebFldrs XPWebIQ Technology EngineWebRegWindows 7 Upgrade AdvisorWindows Driver Package - Logitech (lvrs) MEDIA (01/17/2012 13.31.1044.0)Windows Driver Package - Logitech (lvrs) MEDIA (09/21/2012 13.51.823.0)Windows Driver Package - Logitech (LVUVC) Image (01/17/2012 13.31.1044.0)Windows Driver Package - Logitech (LVUVC) Image (09/21/2012 13.51.823.0)Windows Driver Package - Logitech USB (01/17/2012 13.31.1044.0)Windows Driver Package - NVIDIA (nv) Display (01/07/2011 6.14.12.6658)Windows Driver Package - NVIDIA (nv) Display (02/09/2012 6.14.12.9573)Windows Driver Package - NVIDIA (nv) Display (02/29/2012 6.14.12.9610)Windows Driver Package - NVIDIA (nv) Display (03/15/2010 6.14.11.9713)Windows Driver Package - NVIDIA (nv) Display (04/07/2011 6.14.12.7061)Windows Driver Package - NVIDIA (nv) Display (05/15/2012 6.14.13.0142)Windows Driver Package - NVIDIA (nv) Display (05/20/2011 6.14.12.7533)Windows Driver Package - NVIDIA (nv) Display (06/07/2010 6.14.12.5721)Windows Driver Package - NVIDIA (nv) Display (07/09/2010 6.14.12.5896)Windows Driver Package - NVIDIA (nv) Display (08/03/2011 6.14.12.8026)Windows Driver Package - NVIDIA (nv) Display (09/23/2012 6.14.13.0681)Windows Driver Package - NVIDIA (nv) Display (10/07/2011 6.14.12.8558)Windows Driver Package - NVIDIA (nv) Display (10/16/2010 6.14.12.6099)Windows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MessengerWindows Live Sign-in AssistantWindows Live Upload ToolWindows Media Encoder 9 SeriesWindows Media Format 11 runtimeWindows Media Player 11Windows XP Service Pack 3WinPcap 4.1.2WinZipWireshark 1.8.3 (32-bit).==== Event Viewer Messages From Past Week ========.12/21/2012 6:56:51 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)12/21/2012 6:41:47 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)12/21/2012 5:26:00 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\sclgntfy.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.12/21/2012 5:26:00 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\kbdus.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 25, 2012 ID:626788 Share Posted December 25, 2012 Hello rplusr and welcome to MalwareBytes forums.Step 11. Go >> Here << and download ERUNT (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup (the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked 6. Press OK7. Press YES to create the folder.Step 2Set Windows to show all files and all folders. On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed. "CHECK" (turn on) Display the contents of system folders. Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders. Next, un-check Hide extensions for known file types. Next un-check Hide protected operating system files. Step 3Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Step 4Download Security Check by screen317 and save it to your Desktop: here or hereRun Security Check Follow the onscreen instructions inside of the command window.A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!Step 5Close all open browsers at this point.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallStart Internet ExplorerUsing Internet Explorer browser only, go to BitDefender Quickscan website:http://quickscan.bitdefender.comand click "Start Scan".Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.If prompted, reply yes to allow it to run.Press the Allow button and follow prompts.Press the "Start Scan" once more.You'll see the EULA in a pop-up window. Click the I accept & then the OK buttonNote: The FAQ is here --> http://quickscan.bitdefender.com/faq/and that QuickScan has no removal capability.The site boasts a 60-second scan. Do have patience as it likely will take longer.It may seem to stall at moments, but have patience; it will move on.You'll see a progress bar at top right of window.Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.The log report will show in your text editor. Save the log.Do a Select ALL, Copy. Then paste contents into your next reply.Step 6 Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or >> from here << Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.For Windows XP, double-click to start. Wait until Prescan has finished ... Click on Scan. Click on Report and copy/paste the content of the notepad into your next reply.Step 7RE-Enable your antivirus program.Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.Use separate replies as needed if logs do not fit into one reply box. Link to post Share on other sites More sharing options...
rplusr Posted December 25, 2012 Author ID:626829 Share Posted December 25, 2012 First, I really appreciate the quick response and even on Christmas Day! I did not get a notification of your reply and will check my Notification settings, otherwise I would have completed this sooner. I completed all 7 steps and logs follow:info.txt logfile of random's system information tool 1.09 2012-12-25 13:04:46======Uninstall list======-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAdobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstallAdobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe -maintain activexAdobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -maintain pluginAdobe Reader 8.3.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A83000000003}Amazon MP3 Downloader 1.0.17-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exeAnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonlyApple Application Support-->MsiExec.exe /I{CCE825DB-347A-4004-A186-5F4A6FDD8547}Apple Mobile Device Support-->MsiExec.exe /I{459699C3-9430-4381-964B-4248D87B49F9}Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}Auction Sentry-->MsiExec.exe /I{38ED4745-4015-4BF0-AB17-AA4B07595137}Auction Sentry-->MsiExec.exe /X{DF29A0E2-DF76-4932-98A9-34B441F40486}Bing Bar-->MsiExec.exe /X{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}Bing Rewards Client Installer-->MsiExec.exe /X{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}CameraHelperMsi-->MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3}Cisco WebEx Meetings-->C:\WINDOWS\DOWNLO~1\atcliun.exeCompatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}Conexant HSF V92 56K RTAD Speakerphone PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0dcmsvc 1.0-->"C:\Program Files\dcmsvc\unins000.exe"Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{99F50845-55E3-4E06-9A5A-17D37F4D4FB9}" "1033" "0"DIRECTV Player-->MsiExec.exe /X{5F3783B7-F809-45A7-8A92-A44B441FDA7C}Disney Dreams Screen Saver-->C:\WINDOWS\system32\Disney Dreams.scr /uDisney Epic Mickey: Prima Official eGuide-->"C:\Program Files\Prima Games\DisneyEpicMickeyPrimaOfficialeGuide\Uninstall.exe"Dragon NaturallySpeaking 11-->MsiExec.exe /I{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"Family Tree Maker 2009-->C:\Program Files\InstallShield Installation Information\{27711CB0-26B3-4D99-88A9-4E4D60C34850}\setup.exe -runfromtemp -l0x0409Family Tree Maker 2010-->"C:\Program Files\InstallShield Installation Information\{89EAD745-088B-4160-B964-42C4D4D273AD}\setup.exe" -runfromtemp -l0x0409 -removeonlyFamily Tree Maker 2010-->MsiExec.exe /X{89EAD745-088B-4160-B964-42C4D4D273AD}Free JavaScript Editor 4.7-->MsiExec.exe /I{EA5B4DB8-BF9A-4E23-B7FB-0A387A3A0E8F}Google Chrome-->"C:\Program Files\Google\Chrome\Application\23.0.1271.64\Installer\setup.exe" --uninstall --multi-install --chrome --system-levelGoogle Earth-->MsiExec.exe /X{28E82311-8616-11E1-BEB0-B8AC6F97B88E}Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstallHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""Hotfix for Windows XP (KB2756822)-->"C:\WINDOWS\$NtUninstallKB2756822$\spuninst\spuninst.exe"Hotfix for Windows XP (KB2779562)-->"C:\WINDOWS\$NtUninstallKB2779562$\spuninst\spuninst.exe"HP FWUpdateEDO2-->MsiExec.exe /I{415FA9AD-DA10-4ABE-97B6-5051D4795C90}HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.datHP Officejet Pro 8600 Basic Device Software-->MsiExec.exe /I{8EAB4100-B343-41AE-A880-418746998209}HP Officejet Pro 8600 Help-->MsiExec.exe /I{46235FF7-2CBE-4A84-BEDA-87348D1F7850}HP Officejet Pro 8600 Help-->MsiExec.exe /I{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}HP Officejet Pro 8600 Product Improvement Study-->MsiExec.exe /I{669B49D6-BCA8-4F7C-9248-CE5677750285}HP Photo Creations-->"C:\Program Files\HP Photo Creations\uninst.exe"HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}HP Product Detection-->MsiExec.exe /I{4F38594F-2C4A-4C42-B2C4-505E225F6F80}HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.datHP Smart Print 1.1.5.2-->MsiExec.exe /I{7752CBAC-3B2D-43C0-98CA-A1A16CCF7E3C}HP Update-->MsiExec.exe /X{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}I.R.I.S. OCR-->MsiExec.exe /I{CA6BCA2F-EDEB-408F-850B-31404BE16A61}Info Center 1.0.0.7-->"C:\Program Files\PCPitstop\Info Center\unins000.exe"InstantShareAlert-->MsiExec.exe /I{069730C2-755A-485B-A205-27A1AAFA836A}Ipswitch WS_FTP Pro-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\WS_FTP Pro\uninst.isu" -c"C:\Program Files\WS_FTP Pro\FTPInstUtils.dll"iSEEK AnswerWorks English Runtime-->MsiExec.exe /I{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}iTunes-->MsiExec.exe /I{B0261E53-B6F1-474A-864B-E7C3CBF468E0}Java 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}Logitech Vid HD-->C:\Program Files\Logitech\Vid HD\uninst.exeLogitech Webcam Software Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_12.10" /clone_wait /hide_progressLogitech Webcam Software-->"C:\Program Files\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe" /lang=ENU /guid="{D40EB009-0499-459c-A8AF-C9C110766215}"LWS Gallery-->MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}LWS Help_main-->MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9}LWS Launcher-->MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}LWS Motion Detection-->MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA}LWS Pictures And Video-->MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967}LWS Twitter-->MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48}LWS Video Mask Maker-->MsiExec.exe /I{EED027B7-0DB6-404B-8F45-6DFEE34A0441}LWS VideoEffects-->MsiExec.exe /I{138A4072-9E64-46BD-B5F9-DB2BB395391F}LWS Webcam Software-->MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189}LWS WLM Plugin-->MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D}LWS YouTube Plugin-->MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}Malwarebytes Anti-Malware version 1.65.1.1000-->"C:\Program Files\Malwarebytes\unins000.exe"McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstallMcAfee Virtual Technician-->C:\Program Files\McAfee\Supportability\MVT\MVTInstaller.exe /uninstallMicrosoft .NET Framework 1.1 Security Update (KB2656370)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp"Microsoft .NET Framework 1.1 Security Update (KB2698023)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2698023\M2698023Uninstall.msp"Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exeMicrosoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder ClientMicrosoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}Microsoft ActiveSync 3.7-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}Microsoft Download Manager-->MsiExec.exe /X{654977DB-0001-0002-0001-EABD228DDE8B}Microsoft Office 2003 Primary Interop Assemblies-->MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}Microsoft Office Home and Business 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLLMicrosoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-0081-0409-0000-0000000FF1CE}Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}Microsoft Visual Studio 2010 Tools for Office Runtime (x86)-->c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exeMicrosoft Visual Studio 2010 Tools for Office Runtime (x86)-->MsiExec.exe /X{97BA2B90-AF72-35CF-BFDC-E06531811B20}Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}Microsoft WSE 3.0-->MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}Mozilla Firefox 17.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exeMozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}MultiScreen-->C:\Program Files\InstallShield Installation Information\{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}\setup.exe -runfromtemp -l0x0009 -removeonlyMX-950 Editor-->MsiExec.exe /X{B762B2A5-883B-454B-A586-1DF6C4528262}Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""NetObjects Fusion 10.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3334366-BCED-4D4B-A266-23E3414FC29D}\setup.exe" -l0x9 anything -uninstNetObjects Fusion 12.0-->"C:\Program Files\InstallShield Installation Information\{46CB5C9E-BE06-42B6-8B59-C037B8E93889}\setup.exe" -runfromtemp -l0x0009anything -uninst -removeonlyNuance PDF Converter Professional 7-->MsiExec.exe /I{6F9C25B0-6ABF-4FB0-8793-176487F963EE}NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUINVIDIA Graphics Driver 306.81-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.7\NVI2.DLL",UninstallPackage Display.DriverNVIDIA nView 136.28-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.7\NVI2.DLL",UninstallPackage Display.NViewNVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstallNVIDIA Update 1.10.8-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.7\NVI2.DLL",UninstallPackage Display.UpdateOGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}Paint Shop Pro 6.02 CD-->C:\Program Files\Paint Shop Pro 6\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOGPassword Safe-->"C:\Program Files\Password Safe\Uninstall.exe"Password Tracker Deluxe 3.62-->"C:\Program Files\Password Tracker Deluxe\PwTrkr.exe" /uninstallPC Matic 1.1.0.44-->"C:\Program Files\PCPitstop\PC Matic\unins000.exe"PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C1}\setup.exe" ControlPanelPowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstallPrintMaster Premier 4.00-->c:\PROGRA~1\pmw\msrun.exe UninsQuicken 2011-->MsiExec.exe /X{5FE545A1-D215-4216-9189-E7B39C9D1CC1}Quicken WillMaker Plus 2009-->C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2009\uninstal.logQuicken WillMaker Plus 2011-->C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2011\uninstal.logQuickTime-->MsiExec.exe /I{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder ClientSecurity Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{73CC972E-6ABF-456B-9E1E-BADC0E65B57A}" "1033" "0"Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{D267D0F7-9770-467D-ACF3-FB2F7E0AC532}" "1033" "0"Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1033" "0"Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}" "1033" "0"Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}" "1033" "0"Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CC39BA1F-7A25-440C-86A7-77E35D8CC88C}" "1033" "0"Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1033" "0"Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DAB57906-C0A9-486D-BBAB-7F71BD701C96}" "1033" "0"Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{54A1B66B-F5B2-45AD-8B19-5F51A027A1B9}" "1033" "0"Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B5489515-6DD4-47A5-AE4E-64751D15F10E}" "1033" "0"Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{9FF4E0C9-11BB-4B32-AC5E-EAB896CB4216}" "1033" "0"Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A5E549EB-FDD3-4CD1-8163-50D429A36516}" "1033" "0"Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{61461470-8168-4F4B-97B7-617AF354F028}" "1033" "0"Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{0A682BA4-3C78-42C3-8DDF-EB9A6ABE5535}" "1033" "0"Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F8243081-3FB0-4EE8-9B2A-6F7D70AF5269}" "1033" "0"Security Update for Windows Internet Explorer 8 (KB2761465)-->"C:\WINDOWS\ie8updates\KB2761465-IE8\spuninst\spuninst.exe"Security Update for Windows XP (KB2724197)-->"C:\WINDOWS\$NtUninstallKB2724197$\spuninst\spuninst.exe"Security Update for Windows XP (KB2727528)-->"C:\WINDOWS\$NtUninstallKB2727528$\spuninst\spuninst.exe"Security Update for Windows XP (KB2753842)-->"C:\WINDOWS\$NtUninstallKB2753842$\spuninst\spuninst.exe"Security Update for Windows XP (KB2753842-v2)-->"C:\WINDOWS\$NtUninstallKB2753842-v2$\spuninst\spuninst.exe"Security Update for Windows XP (KB2758857)-->"C:\WINDOWS\$NtUninstallKB2758857$\spuninst\spuninst.exe"Security Update for Windows XP (KB2761226)-->"C:\WINDOWS\$NtUninstallKB2761226$\spuninst\spuninst.exe"Security Update for Windows XP (KB2770660)-->"C:\WINDOWS\$NtUninstallKB2770660$\spuninst\spuninst.exe"Security Update for Windows XP (KB2779030)-->"C:\WINDOWS\$NtUninstallKB2779030$\spuninst\spuninst.exe"Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.infSegoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}Shared C Run-time for x86-->MsiExec.exe /I{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}Skype™ 6.0-->MsiExec.exe /X{EA17F4FC-FDBF-4CF8-A529-2D983132D053}SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exeTeamViewer 8-->C:\Program Files\TeamViewer\Version8\uninstall.exeTEG-PCITXR 32bit Gigabit PCI Adatper-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonlyTrainz-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}\setup.exe" -l0x9TRS2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE1289F-4025-41A5-AD17-101DB4D82CA7}\setup.exe" -l0x9TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}TurboTax 2009 wkyiper-->MsiExec.exe /I{39003340-EAA2-012B-ADCD-000000000000}TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}TurboTax 2009-->C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /aTurboTax 2010 WinPerFedFormset-->MsiExec.exe /I{3782EC09-4000-475E-8A59-9CABD6F03B4C}TurboTax 2010 WinPerReleaseEngine-->MsiExec.exe /I{A525E00B-6609-442E-9DCD-64453C233E8D}TurboTax 2010 WinPerTaxSupport-->MsiExec.exe /I{05BDC796-3451-4F81-B91D-E98F7ADA76C2}TurboTax 2010 wkyiper-->MsiExec.exe /I{D0EE2F91-CC20-426F-A4D5-7FFE54E55015}TurboTax 2010 wrapper-->MsiExec.exe /I{4F2FCCCF-29F3-44B9-886F-6D16F8417522}TurboTax 2010-->C:\Program Files\TurboTax\Deluxe 2010\Installer\TurboTax 2010 Installer.exe /u /t /aTurboTax 2011 WinPerReleaseEngine-->MsiExec.exe /I{E463E171-4082-4744-A466-F7CBE8502789}TurboTax 2011 WinPerTaxSupport-->MsiExec.exe /I{CAF5B770-082F-40C4-853D-3973BB81BDAA}TurboTax 2011 wkyiper-->MsiExec.exe /I{9CC57E3F-0478-4005-98D3-4C6850C5A6E7}TurboTax 2011 wrapper-->MsiExec.exe /I{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}TurboTax 2011-->C:\Program Files\TurboTax\Deluxe 2011\Installer\TurboTax 2011 Installer.exe /u /t /aUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1033" "0"Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1033" "0"Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{18B3CF2A-73F7-4716-B1AE-86D68726D408}" "1033" "0"Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{73E67A3A-8D61-44EF-90C2-1697C3DBE668}" "1033" "0"Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1033" "0"Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1033" "0"Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{C4F26A9B-B121-4135-8084-A0D9C780C7C8}" "1033" "0"Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{460FF681-BC66-4C38-99DF-7012E03F1EBA}" "1033" "0"Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{C633216E-FF30-45B6-B2AB-21922A9353EF}" "1033" "0"Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{1CBEDB37-C438-473F-8BA0-2535B0D237E2}" "1033" "0"Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{9865DC3A-2898-48D9-B96A-46397571C934}" "1033" "0"Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}" "1033" "0"Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{47894754-0FEC-4920-9A65-6C1E732587AC}" "1033" "0"Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}" "1033" "0"Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}" "1033" "0"Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}" "1033" "0"Update for Windows XP (KB2661254-v2)-->"C:\WINDOWS\$NtUninstallKB2661254-v2$\spuninst\spuninst.exe"Update for Windows XP (KB2749655)-->"C:\WINDOWS\$NtUninstallKB2749655$\spuninst\spuninst.exe"VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}Visual C++ 9.0 Runtime for Dragon NaturallySpeaking-->MsiExec.exe /I{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}Visual C++ Runtime for Dragon NaturallySpeaking-->MsiExec.exe /I{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}Visual Studio 2005 Tools for Office Second Edition Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exeWarner Bros. Digital Copy Manager-->msiexec /qb /x {0E6EC2D7-5C9B-28B7-C848-171EDACB9625}Warner Bros. Digital Copy Manager-->MsiExec.exe /I{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}WebIQ Technology Engine-->MsiExec.exe /X{0F2F77E4-4053-4108-B153-81F0B42EDCF4}Windows 7 Upgrade Advisor-->MsiExec.exe /I{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}Windows Driver Package - Logitech (lvrs) MEDIA (01/17/2012 13.31.1044.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5s_EC6F58D0768F50BA52841701F07D93224CCBC418\lvpro5s.infWindows Driver Package - Logitech (lvrs) MEDIA (09/21/2012 13.51.823.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5s_B2A99D387D2BC7834AC22520D8B1925C395063F6\lvpro5s.infWindows Driver Package - Logitech (LVUVC) Image (01/17/2012 13.31.1044.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5v_D2C9E2D5867D472251514011BBE78B5772FF85F4\lvpro5v.infWindows Driver Package - Logitech (LVUVC) Image (09/21/2012 13.51.823.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5v_8009832C96BA2EC6FBB36C272247C99207D2CF34\lvpro5v.infWindows Driver Package - Logitech USB (01/17/2012 13.31.1044.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5c_CFEA30E7EC4EFEFA29100B1389F8CC4E7815C557\lvpro5c.infWindows Driver Package - NVIDIA (nv) Display (01/07/2011 6.14.12.6658)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_023219CF3A4917CCA41B16B1E8B93E1DDC0892D0\nv4_disp.infWindows Driver Package - NVIDIA (nv) Display (02/09/2012 6.14.12.9573)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_D57F88388DBB75A1A9F016A4439CE7941366B9CC\nv4_disp.infWindows Driver Package - NVIDIA (nv) Display (02/29/2012 6.14.12.9610)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_F40C8CD5B9A6521F54F4F7E14A360CB5AE46AB6B\nv4_disp.infWindows Driver Package - NVIDIA (nv) Display (03/15/2010 6.14.11.9713)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_01A1720D7453D730F20FAFBEA4D6B9A2105287C9\nv4_disp.infWindows Driver Package - NVIDIA (nv) Display (04/07/2011 6.14.12.7061)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_CCC0A428AE64891D9B1B7F5C8E54AC2C95FE3671\nv4_disp.infWindows Driver Package - NVIDIA (nv) Display (05/15/2012 6.14.13.0142)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_7D446CFBFA4A85956C4FA21B72A07064B3CD147E\nv4_disp.infWindows Driver Package - NVIDIA (nv) Display (05/20/2011 6.14.12.7533)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_14FA122036C65C3E9AA05BF676F2EE944AFC831C\nv4_disp.infWindows Driver Package - NVIDIA (nv) Display (06/07/2010 6.14.12.5721)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_6B8341AFD9CC5A9A6A5B2D844EEBBD241AB9C81C\nv4_disp.infWindows Driver Package - NVIDIA (nv) Display (07/09/2010 6.14.12.5896)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_6691F1BDB0DC3B805E5970F75D7834FC0D37C6EE\nv4_disp.infWindows Driver Package - NVIDIA (nv) Display (08/03/2011 6.14.12.8026)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_2E7B5C052AFEB20F28FCD99D5AE9F5DB070782DB\nv4_disp.infWindows Driver Package - NVIDIA (nv) Display (09/23/2012 6.14.13.0681)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_dispi_C9E7FAAB72598782BB81E5D97AE9C3200C96917C\nv4_dispi.infWindows Driver Package - NVIDIA (nv) Display (10/07/2011 6.14.12.8558)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_90681DB143FDAFA00A0689935B55440102A1AF67\nv4_disp.infWindows Driver Package - NVIDIA (nv) Display (10/16/2010 6.14.12.6099)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_01CF2A199AEBDA193CB0ABAB5E8168F9160AA86F\nv4_disp.infWindows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exeWindows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAllWindows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /UninstallWindows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"WinPcap 4.1.2-->C:\Program Files\WinPcap\uninstall.exeWinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstallWireshark 1.8.3 (32-bit)-->"C:\Program Files\Wireshark\uninstall.exe"======Hosts File============Security center information======AV: McAfee Anti-Virus and Anti-SpywareFW: McAfee Firewall======System event log======Computer Name: ZTDESKTOPEvent Code: 10010Message: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.Record Number: 83768Source Name: DCOMTime Written: 20121123101934.000000-300Event Type: errorUser: NT AUTHORITY\SYSTEMComputer Name: ZTDESKTOPEvent Code: 7001Message: The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.Record Number: 83744Source Name: Service Control ManagerTime Written: 20121123101138.000000-300Event Type: errorUser:Computer Name: ZTDESKTOPEvent Code: 7001Message: The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error:The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.Record Number: 83743Source Name: Service Control ManagerTime Written: 20121123101138.000000-300Event Type: errorUser:Computer Name: ZTDESKTOPEvent Code: 7001Message: The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.Record Number: 83742Source Name: Service Control ManagerTime Written: 20121123101138.000000-300Event Type: errorUser:Computer Name: ZTDESKTOPEvent Code: 64008Message: The protected system file c:\windows\system32\kbdus.dll could not be verified as valid because WindowsFile Protection is terminating.Use the SFC utility to verify the integrity of the file at a later time.Record Number: 83738Source Name: Windows File ProtectionTime Written: 20121123101036.000000-300Event Type: warningUser:=====Application event log=====Computer Name: ZTDESKTOPEvent Code: 3013Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Record Number: 46054Source Name: Windows Search ServiceTime Written: 20121214182735.000000-300Event Type: errorUser:Computer Name: ZTDESKTOPEvent Code: 3013Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Record Number: 46053Source Name: Windows Search ServiceTime Written: 20121214182735.000000-300Event Type: errorUser:Computer Name: ZTDESKTOPEvent Code: 3013Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Record Number: 46052Source Name: Windows Search ServiceTime Written: 20121214182735.000000-300Event Type: errorUser:Computer Name: ZTDESKTOPEvent Code: 3013Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.Context: Application, SystemIndex CatalogDetails: A device attached to the system is not functioning. (0x8007001f)Record Number: 46051Source Name: Windows Search ServiceTime Written: 20121214182735.000000-300Event Type: errorUser:Computer Name: ZTDESKTOPEvent Code: 902Message: The Software Protection service has started.14.0.370.400Record Number: 46034Source Name: Office Software Protection Platform ServiceTime Written: 20121214053108.000000-300Event Type:User:======Environment variables======"ComSpec"=%SystemRoot%\system32\cmd.exe"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\"windir"=%SystemRoot%"FP_NO_HOST_CHECK"=NO"OS"=Windows_NT"PROCESSOR_ARCHITECTURE"=x86"PROCESSOR_LEVEL"=6"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel"PROCESSOR_REVISION"=0f0b"NUMBER_OF_PROCESSORS"=4"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH"TEMP"=%SystemRoot%\TEMP"TMP"=%SystemRoot%\TEMP"asl.log"=Destination=file"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip-----------------EOF----------------- Results of screen317's Security Check version 0.99.56 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! McAfee Anti-Virus and Anti-Spyware Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 23 Free JavaScript Editor 4.7 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (17.0) Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 2%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
rplusr Posted December 25, 2012 Author ID:626830 Share Posted December 25, 2012 Logs Continued:Logfile of random's system information tool 1.09 (written by random/random)Run by Roman at 2012-12-25 13:04:11Microsoft Windows XP Professional Service Pack 3System drive C: has 422 GB (89%) free of 473 GBTotal RAM: 3197 MB (76% free)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:04:44 PM, on 12/25/2012Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\WINDOWS\system32\mfevtps.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\PCPitstop\PCPitstopScheduleService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\TeamViewer\Version8\TeamViewer_Service.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\dcmsvc\dcmsvc.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exeC:\Program Files\PCPitstop\Info Center\InfoCenter.exeC:\WINDOWS\system32\RunDLL32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exeC:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exeC:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exeC:\WINDOWS\system32\rundll32.exeC:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exeC:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exeC:\WINDOWS\system32\RunDll32.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exeC:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exeC:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exeC:\Program Files\Hewlett-Packard\SmartPrint\bootstrap.exeC:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEc:\PROGRA~1\mcafee\SITEAD~1\saui.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\McAfee.com\Agent\mcagent.exeC:\WINDOWS\system32\SearchProtocolHost.exeC:\Documents and Settings\Roman\Desktop\RSIT.exeC:\Program Files\trend micro\Roman.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%sR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: (no name) - AutorunsDisabled - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: QpBHO Class - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dllO2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dllO2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dllO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121224175840.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dllO2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLLO2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)O3 - Toolbar: DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dllO3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exeO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hideO4 - HKLM\..\Run: [PDF7 Registry Controller] C:\Program Files\Nuance\PDF Professional 7\RegistryController.exeO4 - HKLM\..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exeO4 - HKLM\..\Run: [info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exeO4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkeyO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -loginO4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquietO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [iSUSPM] "C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [PCShowServer] C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exeO4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN28SBWG2P05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1O4 - HKCU\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerWO4 - HKUS\S-1-5-19\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'Default user')O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exeO4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO8 - Extra context menu item: Open with Nuance PDF Converter 7 - res://C:\Program Files\Nuance\PDF Professional 7\cnvres_eng.dll /100O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exeO9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exeO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO15 - Trusted Zone: http://download.windowsupdate.comO15 - Trusted Zone: http://xmro.xmradio.comO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cabO16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} (TunnelX Control) - https://www.mydlink.com/8D/activeX//TunnelX.ocxO16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cabO16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/WBXclient-T28L10NSP6EP1-15324/webex/ieatgpc.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dllO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exeO23 - Service: Google Update Service (gupdate1ca13132833f7e2) (gupdate1ca13132833f7e2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeO23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeO23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeO23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeO23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exeO23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exeO23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeO23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exeO23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exeO23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exeO24 - Desktop Component 0: (no name) - (no file)--End of file - 17583 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\Adobe Flash Player Updater.jobC:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\At1.jobC:\WINDOWS\tasks\At2.jobC:\WINDOWS\tasks\At3.jobC:\WINDOWS\tasks\At4.jobC:\WINDOWS\tasks\Google Software Updater.jobC:\WINDOWS\tasks\HP Photo Creations Communicator.jobC:\WINDOWS\tasks\User_Feed_Synchronization-{BDE7133C-82B2-4BF4-85C5-B5D91B4A4BA3}.job=========Mozilla firefox=========ProfilePath - C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\43597dhz.defaultprefs.js - "browser.startup.homepage" - "http://www.google.com/"prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=mcafee&p=""{1650a312-02bc-40ee-977e-83f158701739}"=C:\Program Files\SiteAdvisor\FF1"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"quickprint@hp.com"=C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension"{D19CA586-DD6C-4a0a-96F8-14644F340D60}"=C:\Program Files\Common Files\McAfee\SystemCore[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]"Description"=Adobe® Flash® Player 11.5.502.135 Plugin"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]"Description"=iTunes Detector Plug-in"Path"=[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]"Description"="Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]"Description"=Google Earth in your browser"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]"Description"=Oracle® Next Generation Java™ Plug-In"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]"Description"=McAfee Total Protection MIME Plugin"Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MVT]"Description"=McAfee Virtual Technician Plugin"Path"=C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/SAFFPlugin]"Description"="Path"=C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1]"Description"=Microsoft Download Manager"Path"=C:\WINDOWS\[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]"Description"=Ag Player Plugin"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]"Description"=Office Authorization plug-in for NPAPI browsers"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]"Description"=Microsoft SharePoint Plug-in for Firefox"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]"Description"=Windows Presentation Foundation plug-in for Mozilla browsers"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]"Description"=Google Updater"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5]"Description"=A component of your photo software powered by RocketLife"Path"=C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]"Description"=Google Update"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]"Description"=Google Update"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dllC:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}{972ce4c6-7e08-4474-a285-3208198ce6fd}C:\Program Files\Mozilla Firefox\components\binary.manifestbrowsercomps.dllnsIQTScriptablePlugin.xptC:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xmlbing.xmleBay.xmlgoogle.xmlMcSiteAdvisor.xmltwitter.xmlwikipedia.xmlyahoo.xml======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30 61888][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1658D3A1-9E13-4196-A82A-D70D70880F36}]HP Smart Print BHO - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll [2012-10-31 644000][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}]PlusIEEventHelper Class - C:\Program Files\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll [2011-06-30 245016][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}]WsftpBrowserHelper Class - C:\Program Files\WS_FTP Pro\wsbho2k0.dll [2001-12-20 131072][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121224175840.dll [2012-11-09 89040][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-09-10 761840][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-06-21 261568][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9}]ZeonIEEventHelper Class - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll [2011-07-08 488728][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}{E3286BF1-E654-42FF-B4A6-5E111731DF6B} - DocuCom PDF - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll [2011-07-08 488728]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-06-21 261568]{eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]"dcmsvc"=C:\Program Files\dcmsvc\dcmsvc.exe [2009-04-07 30440]"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280]"LWS"=C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [2011-08-12 205336]"PDF7 Registry Controller"=C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe [2011-09-09 141160]"PDFProHook"=C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe [2011-11-03 1787752]"Info Center"=C:\Program Files\PCPitstop\Info Center\InfoCenter.exe [2011-09-26 24216]"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2012-09-12 1278648]"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-09-23 15512424]"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-09-23 1634112]""= []"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-12-12 152544][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]"ISUSPM"=C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [2011-06-05 222496]"PCShowServer"=C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe [2012-03-01 351888]"HP Officejet Pro 8600 (NET)"=C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2012-10-17 1837672]"Google"=rundll32 C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll,CreateIScalerW [][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]C:\Documents and Settings\Roman\Start Menu\Programs\StartupDropbox.lnk - C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exeMonitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - C:\WINDOWS\system32\RunDll32.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1"DisableTaskMgr"=0[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"HonorAutoRunSetting"=1"NoRun"=0[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor""C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger""C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call""C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger""C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager""C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server""C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote""C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook""C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service""C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer""C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe""C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox""C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server""C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager""C:\Program Files\Logitech\Vid HD\Vid.exe"="C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD""C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe""C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe"="C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host""C:\Documents and Settings\Roman\Local Settings\Temp\7zS4947\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Roman\Local Settings\Temp\7zS4947\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS""C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 FaxApplications""C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 DigitalWizards""C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 SendFaxAppExe""C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Officejet Pro 8600)""C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Officejet Pro 8600)""C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet Pro 8600)""C:\Documents and Settings\Roman\Local Settings\Temp\7zS1CE9\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Roman\Local Settings\Temp\7zS1CE9\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS""C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit""C:\Documents and Settings\Roman\Local Settings\Temp\7zS6902\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Roman\Local Settings\Temp\7zS6902\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS""C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype""C:\Documents and Settings\Roman\Local Settings\Temp\7zS5FB7\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Roman\Local Settings\Temp\7zS5FB7\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS""C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes""C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application""C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000""C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call""C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]"midimapper"=midimap.dll"msacm.imaadpcm"=imaadp32.acm"msacm.msadpcm"=msadp32.acm"msacm.msg711"=msg711.acm"msacm.msgsm610"=msgsm32.acm"msacm.trspch"=tssoft32.acm"vidc.cvid"=iccvid.dll"VIDC.I420"=lvcodec2.dll"vidc.iv31"=ir32_32.dll"vidc.iv32"=ir32_32.dll"vidc.iv41"=ir41_32.ax"VIDC.IYUV"=iyuv_32.dll"vidc.mrle"=msrle32.dll"vidc.msvc"=msvidc32.dll"VIDC.UYVY"=msyuv.dll"VIDC.YUY2"=msyuv.dll"VIDC.YVU9"=tsbyuv.dll"VIDC.YVYU"=msyuv.dll"wavemapper"=msacm32.drv"msacm.msg723"=msg723.acm"vidc.M263"=msh263.drv"vidc.M261"=msh261.drv"msacm.msaudio1"=msaud32.acm"msacm.sl_anet"=sl_anet.acm"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax"vidc.iv50"=ir50_32.dll"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm"wave1"=serwvdrv.dll"MSVideo8"=VfWWDM32.dll"MSVideo"=vfwwdm32.dll"msacm.siren"=sirenacm.dll"wave3"=wdmaud.drv"midi2"=wdmaud.drv"mixer2"=wdmaud.drv"aux2"=wdmaud.drv"wave4"=wdmaud.drv"midi3"=wdmaud.drv"mixer3"=wdmaud.drv"aux3"=wdmaud.drv"wave"=wdmaud.drv"midi"=wdmaud.drv"mixer"=wdmaud.drv"aux"=wdmaud.drv"msacm.pspgru"=pspgru.acm"MSACM.CEGSM"=mobilev.acm"wave2"=wdmaud.drv"midi1"=wdmaud.drv"mixer1"=wdmaud.drv"aux1"=wdmaud.drv======List of files/folders created in the last 1 month======2012-12-25 13:04:11 ----D---- C:\rsit2012-12-25 13:04:11 ----D---- C:\Program Files\trend micro2012-12-25 13:00:31 ----D---- C:\WINDOWS\ERDNT2012-12-25 12:59:10 ----D---- C:\Program Files\ERUNT2012-12-21 16:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$2012-12-19 08:33:59 ----D---- C:\Program Files\Dropbox2012-12-19 08:23:29 ----D---- C:\Program Files\iPod2012-12-19 08:23:25 ----D---- C:\Program Files\iTunes2012-12-19 08:23:25 ----D---- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12012-12-15 07:46:58 ----A---- C:\WINDOWS\system32\drivers\mfendisk.sys2012-12-12 06:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$2012-12-12 06:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$2012-12-12 06:14:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$2012-12-12 06:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842$2012-12-12 06:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$2012-12-06 19:36:54 ----D---- C:\Program Files\Common Files\Skype2012-12-02 11:08:11 ----D---- C:\Program Files\QuickTime2012-12-02 10:07:15 ----D---- C:\Documents and Settings\Roman\Application Data\Hewlett-Packard2012-12-02 10:03:07 ----D---- C:\Documents and Settings\Roman\Application Data\Visan2012-12-02 10:01:52 ----D---- C:\Program Files\HP Photo Creations2012-12-02 10:01:52 ----D---- C:\Documents and Settings\All Users\Application Data\Visan2012-12-02 10:01:52 ----D---- C:\Documents and Settings\All Users\Application Data\HP Photo Creations2012-12-02 09:44:03 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant2012-12-02 09:36:42 ----N---- C:\WINDOWS\system32\HPDiscoPM5912.dll2012-12-02 09:36:40 ----A---- C:\WINDOWS\system32\HPWia1_OJ8600.dll2012-12-02 09:36:40 ----A---- C:\WINDOWS\system32\HPScanTRDrv_OJ8600.dll2012-12-02 09:36:36 ----A---- C:\WINDOWS\system32\hpinksts5912LM.dll2012-12-02 09:36:36 ----A---- C:\WINDOWS\system32\hpinksts5912.dll2012-12-02 09:36:36 ----A---- C:\WINDOWS\system32\hpinkins5912.exe2012-12-02 09:36:36 ----A---- C:\WINDOWS\system32\hpinkcoi5912.dll2012-11-26 18:55:27 ----D---- C:\Documents and Settings\Roman\Application Data\Wireshark2012-11-26 18:49:51 ----D---- C:\Program Files\WinPcap2012-11-26 18:49:18 ----D---- C:\Program Files\Wireshark======List of files/folders modified in the last 1 month======2012-12-25 13:04:44 ----RSHDC---- C:\WINDOWS\system32\dllcache2012-12-25 13:04:44 ----D---- C:\WINDOWS\Temp2012-12-25 13:04:43 ----AD---- C:\Documents and Settings\All Users\Application Data\Temp2012-12-25 13:04:11 ----RD---- C:\Program Files2012-12-25 13:03:35 ----D---- C:\WINDOWS\Prefetch2012-12-25 13:00:31 ----D---- C:\WINDOWS2012-12-25 00:23:31 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop2012-12-24 18:10:02 ----D---- C:\Documents and Settings\Roman\Application Data\Dropbox2012-12-24 17:58:40 ----D---- C:\Program Files\Mozilla Firefox2012-12-24 17:42:36 ----D---- C:\WINDOWS\system32\drivers2012-12-24 16:54:00 ----A---- C:\WINDOWS\SchedLgU.Txt2012-12-24 06:22:19 ----D---- C:\WINDOWS\system32\CatRoot22012-12-24 06:21:17 ----D---- C:\WINDOWS\PIXTRAN2012-12-23 17:44:20 ----D---- C:\Documents and Settings\Roman\Application Data\TeamViewer2012-12-23 17:40:06 ----RSD---- C:\WINDOWS\Fonts2012-12-23 17:39:45 ----D---- C:\Program Files\TeamViewer2012-12-22 01:11:00 ----D---- C:\WINDOWS\ie8updates2012-12-21 17:26:41 ----D---- C:\WINDOWS\system322012-12-21 16:33:09 ----HD---- C:\WINDOWS\inf2012-12-21 16:32:06 ----HD---- C:\WINDOWS\$hf_mig$2012-12-21 09:34:21 ----AC---- C:\WINDOWS\wsftppro.INI2012-12-19 08:24:54 ----SHD---- C:\WINDOWS\Installer2012-12-19 08:23:29 ----D---- C:\Program Files\Common Files\Apple2012-12-18 07:54:50 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe2012-12-18 06:54:02 ----SD---- C:\WINDOWS\Tasks2012-12-16 07:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll2012-12-15 09:42:24 ----D---- C:\Program Files\Common Files\Mcafee2012-12-15 07:48:19 ----D---- C:\WINDOWS\system32\config2012-12-12 06:14:44 ----A---- C:\WINDOWS\imsins.BAK2012-12-12 06:14:28 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help2012-12-12 06:13:08 ----AC---- C:\WINDOWS\iis6.BAK2012-12-12 06:11:53 ----D---- C:\Program Files\Internet Explorer2012-12-12 06:07:29 ----AC---- C:\WINDOWS\system32\MRT.exe2012-12-09 06:20:25 ----SD---- C:\WINDOWS\Downloaded Program Files2012-12-08 12:51:53 ----SD---- C:\Documents and Settings\Roman\Application Data\Microsoft2012-12-07 05:41:04 ----D---- C:\Documents and Settings\Roman\Application Data\Skype2012-12-06 19:37:00 ----D---- C:\Documents and Settings\All Users\Application Data\Skype2012-12-06 19:36:54 ----RD---- C:\Program Files\Skype2012-12-06 19:36:54 ----D---- C:\Program Files\Common Files2012-12-02 11:10:59 ----DC---- C:\WINDOWS\system32\DRVSTORE2012-12-02 09:44:20 ----D---- C:\Documents and Settings\Roman\Application Data\HpUpdate2012-12-02 09:44:04 ----D---- C:\WINDOWS\WinSxS2012-12-02 09:38:05 ----D---- C:\WINDOWS\system32\CatRoot2012-12-02 09:36:30 ----D---- C:\Documents and Settings\All Users\Application Data\HP2012-12-02 09:36:28 ----D---- C:\WINDOWS\twain_322012-12-02 09:05:59 ----RSD---- C:\WINDOWS\assembly2012-12-02 09:05:43 ----D---- C:\Program Files\Hewlett-Packard2012-11-26 05:59:48 ----D---- C:\Program Files\Mozilla Maintenance Service======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2012-11-09 565352]R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2012-11-09 91168]R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\fallback.sys [2001-09-07 310899]R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\fsksnt.sys [2001-09-07 127405]R2 K56;K56; C:\WINDOWS\system32\DRIVERS\k56nt.sys [2001-09-07 426783]R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-28 11868]R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-06-25 35088]R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\faxnt.sys [2001-09-07 217019]R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\system32\DRIVERS\spkpnt.sys [2001-09-07 80449]R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\tonesnt.sys [2001-09-07 56607]R2 V124;V124; C:\WINDOWS\system32\DRIVERS\v124nt.sys [2001-09-07 534125]R3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\basic2.sys [2001-09-07 77426]R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2012-11-09 60480]R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2012-09-21 310504]R3 LVUVC;Logitech Webcam Pro 9000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2012-09-21 4261224]R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2012-11-09 132912]R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2012-11-09 234824]R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2012-11-09 362640]R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2012-11-09 84432]R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-09-23 12557728]R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-01 13824]R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\rksample.sys [2001-09-07 67654]R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2008-05-21 277376]R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2001-09-07 584336]S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-10-07 23832]S3 HipShieldK;McAfee Inc. HipShieldK; C:\WINDOWS\system32\drivers\HipShieldK.sys [2012-04-20 146872]S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2006-02-28 1041536]S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2006-02-28 220032]S3 mbr;mbr; \??\C:\DOCUME~1\Roman\LOCALS~1\Temp\mbr.sys []S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2012-11-09 65488]S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2012-11-09 84432]S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2012-11-09 92192]S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]S3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-01 66688]S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-09-28 44544]S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]S4 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []S4 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2012-11-09 203400]R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 168880]R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2012-11-09 167344]R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-09-23 164200]R2 PCPitstop Scheduling;PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [2012-12-02 86216]R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-12-12 553440]R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 250808]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]S3 DragonSvc;Dragon Service; C:\Program Files\Common Files\Nuance\dgnsvc.exe [2011-06-05 296808]S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]S3 gupdate1ca13132833f7e2;Google Update Service (gupdate1ca13132833f7e2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-01 133104]S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-01 133104]S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-10 194104]S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]S3 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2010-08-23 13672]S3 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248]S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2012-11-16 279048]S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-25 115168]S3 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-09-23 1258856]S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]S3 PDFProFiltSrv;PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2011-09-09 135016]S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]S3 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]S3 UMVPFSrv;UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]S4 CorelCreatorMessages;CorelCreatorMessages; C:\WINDOWS\system32\CorelCreatorMessages.exe []S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]-----------------EOF----------------- Link to post Share on other sites More sharing options...
rplusr Posted December 25, 2012 Author ID:626831 Share Posted December 25, 2012 Logs Continued:QuickScan 32-bit v0.9.9.118---------------------------Scan date: Tue Dec 25 13:17:31 2012Machine ID: 4489E2EANo infection found.-------------------Processes--------- Bing Bar 3780 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE Bonjour 264 C:\Program Files\Bonjour\mDNSResponder.exe dcmsvc.exe 492 C:\Program Files\dcmsvc\dcmsvc.exe Dropbox 3664 C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe HP Digital Imaging 2220 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe HP Digital Imaging 784 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe HP Digital Imaging 4028 C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe HP Smart Print 5536 C:\Program Files\Hewlett-Packard\SmartPrint\BootStrap.exe InstallShield Update Service 584 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe iTunes 272 C:\Program Files\iPod\bin\iPodService.exe iTunes 2920 C:\Program Files\iTunes\iTunesHelper.exe Logitech Camera Software 872 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe McAfee SecurityCenter 4808 C:\Program Files\McAfee.com\Agent\mcagent.exe McAfee Shared Service Host 808 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe McAfee SiteAdvisor 6020 C:\PROGRA~1\McAfee\SITEAD~1\saUI.exe Microsoft® Office 1772 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE Microsoft® Windows® Operating System 1876 C:\WINDOWS\system32\spoolsv.exe Microsoft® Windows® Operating System 5852 C:\WINDOWS\system32\wscntfy.exe MobileDeviceService 2032 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe NDSPCSho Application 2192 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe Nuance PDF Products 1756 C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe NVIDIA Driver Helper Service, Version 3 1304 C:\WINDOWS\system32\nvsvc32.exe PC Pitstop Scheduler 1340 C:\Program Files\PCPitstop\PCPitstopScheduleService.exe PC Show power management wrapper 3816 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe PCPitstopInfoCenter 2000 C:\Program Files\PCPitstop\Info Center\InfoCenter.exe Software Manager 3692 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe SYSCORE 2436 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe SYSCORE 1072 C:\WINDOWS\system32\mfevtps.exe TeamViewer 1640 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe VSCORE 544 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe(verified) Microsoft® Windows® Operating System 2392 C:\WINDOWS\explorer.exe(verified) Microsoft® Windows® Operating System 3740 C:\WINDOWS\system32\alg.exe(verified) Microsoft® Windows® Operating System 1068 C:\WINDOWS\system32\csrss.exe(verified) Microsoft® Windows® Operating System 3552 C:\WINDOWS\system32\ctfmon.exe(verified) Microsoft® Windows® Operating System 1148 C:\WINDOWS\system32\lsass.exe(verified) Microsoft® Windows® Operating System 2420 C:\WINDOWS\system32\rundll32.exe(verified) Microsoft® Windows® Operating System 2660 C:\WINDOWS\system32\rundll32.exe(verified) Microsoft® Windows® Operating System 180 C:\WINDOWS\system32\rundll32.exe(verified) Microsoft® Windows® Operating System 3712 C:\WINDOWS\system32\rundll32.exe(verified) Microsoft® Windows® Operating System 2836 C:\WINDOWS\system32\searchindexer.exe(verified) Microsoft® Windows® Operating System 1136 C:\WINDOWS\system32\services.exe(verified) Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\smss.exe(verified) Microsoft® Windows® Operating System 1316 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 672 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 504 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1624 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1800 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1964 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1600 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1552 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1400 C:\WINDOWS\system32\svchost.exe(verified) Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\winlogon.exe(verified) Windows® Internet Explorer 2196 C:\Program Files\Internet Explorer\iexplore.exe(verified) Windows® Internet Explorer 4312 C:\Program Files\Internet Explorer\iexplore.exe(verified) Windows® Internet Explorer 4860 C:\Program Files\Internet Explorer\iexplore.exeNetwork activity----------------Process HPNetworkCommunicatorCom.exe (784) connected on port 8080 (HTTP Proxy) --> 192.168.0.190Process McSvHost.exe (808) connected on port 443 (HTTP over SSL) --> 161.69.92.10Process HPNetworkCommunicator.exe (2220) connected on port 8080 (HTTP Proxy) --> 192.168.0.190Process Dropbox.exe (3664) connected on port 80 (HTTP) --> 199.47.217.144Process iexplore.exe (4312) connected on port 80 (HTTP) --> 72.247.191.139Process iexplore.exe (4312) connected on port 80 (HTTP) --> 74.125.137.102Process iexplore.exe (4312) connected on port 80 (HTTP) --> 74.125.137.102Process iexplore.exe (4312) connected on port 80 (HTTP) --> 173.194.37.57Process iexplore.exe (4312) connected on port 80 (HTTP) --> 74.125.140.154Process iexplore.exe (4312) connected on port 80 (HTTP) --> 74.125.130.106Process McSvHost.exe (808) listens on ports: 6646Process svchost.exe (1400) listens on ports: 135 (RPC)Process svchost.exe (1800) listens on ports: 2869 (SSDP event notification, UPNP)Process Dropbox.exe (3664) listens on ports: 17500Autoruns and critical files--------------------------- Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe Communicator.exe C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exe dcmsvc.exe C:\Program Files\dcmsvc\dcmsvc.exe Dropbox C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe HP Digital Imaging C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe HP Digital Imaging C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe iTunes C:\Program Files\iTunes\iTunesHelper.exe Logitech Camera Software C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe MainConcept® ImageScaler Dll C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll McAfee SecurityCenter C:\Program Files\McAfee.com\Agent\mcagent.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll Nuance PDF Products C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe Nuance PDF Products C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe NVIDIA Media Center Library C:\WINDOWS\system32\NvMCTray.dll NVIDIA Windows Display driver, Version C:\WINDOWS\system32\NvCpl.dll nwiz.exe C:\Program Files\NVIDIA Corporation\nview\nwiz.exe PC Show power management wrapper C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe PCPitstopInfoCenter C:\Program Files\PCPitstop\Info Center\InfoCenter.exe Recguard Application C:\WINDOWS\SMINST\RECGUARD.EXE Software Manager C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll(verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dllBrowser plugins--------------- AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll AmazonMP3DownloaderPlugin C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll atcliun C:\WINDOWS\Downloaded Program Files\atcliun.exe Bing Bar c:\program files\microsoft\bingbar\7.1.361.0\bingext.dll Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll Bonjour C:\Program Files\Bonjour\mdnsNSP.dll Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll Google Update C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll Google Updater C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll HP Smart Print C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe HP Smart Print C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll InterTrust Redemption Wizard C:\Program Files\Internet Explorer\plugins\NPDocBox.dll Java Platform SE 6 U23 c:\program files\java\jre6\bin\jp2ssv.dll Java Platform SE 6 U23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll Java Platform SE 6 U23 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll McAfee SiteAdvisor C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll McAfee SiteAdvisor c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll McAfee SiteAdvisor C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll McAfee Virtual Technician C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll Messenger C:\Program Files\Messenger\msmsgs.exe mhLbl Module C:\WINDOWS\Downloaded Program Files\mhLbl.dll Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL Microsoft Office 2010 c:\program files\microsoft office\office14\urlredir.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll mydlink C:\WINDOWS\Downloaded Program Files\TunnelX.ocx NDS PCShow Plugin C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll npMcSnFFPl.dll c:\Program Files\McAfee\MSC\npMcSnFFPl.dll NPSWF32_11_5_502_135.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll PC Pitstop C:\WINDOWS\Downloaded Program Files\PCPitStop.dll PC Pitstop C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll PC Pitstop C:\WINDOWS\Downloaded Program Files\PCPitstop3D.dll PC Pitstop C:\WINDOWS\Downloaded Program Files\PCPitstopAntiVirus2.dll PC Pitstop DiskMD3 C:\WINDOWS\Downloaded Program Files\DiskMD3Ctrl.dll PCShow Player Plugin C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll PlusIEContextMenu c:\program files\nuance\pdf professional 7\bin\plusiecontextmenu.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll RocketLife Secure Plug-In Layer C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll Sunbelt AntiMalware Common SDK Merge Mo C:\WINDOWS\Downloaded Program Files\SBTE.DLL Sunbelt AntiMalware Common SDK Merge Mo C:\WINDOWS\Downloaded Program Files\SPURSDOWNLOAD.DLL VIPRE Threat detection and remediation C:\WINDOWS\Downloaded Program Files\VIPRE.DLL WebEx Download Module C:\WINDOWS\Downloaded Program Files\ieatgpc.dll Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll wsbho2k0 Module c:\program files\ws_ftp pro\wsbho2k0.dll ZeonIEFavClient c:\program files\nuance\pdf professional 7\bin\zeoniefavclient.dll(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe(verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exeMissing files-------------File not found: "c:\program files\microsoft\bingbar\7.1.361.0\bingext.dll" --> HKLM\Software\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}\InprocServer32\"(default)"Scan----MD5: 6bf7676296d5359afc135a5397000053 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exeMD5: 62712a07b8dcc497e57bd8b74eb1dd85 C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exeMD5: f51ec06aac2e7c2ad8f4d0bf23d01963 C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dllMD5: 5596cb8e20cec08a1307274a02356c70 C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exeMD5: d1f4ef194a129726fbf30e2f514824aa C:\Documents and Settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dllMD5: 56629acf84c1d1f42d35761b8f17c55d C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\boost_thread-vc90-mt-1_39.dllMD5: 108564ef272d62a5ed2e04612e6229d5 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\CatalogDll.dllMD5: d5e60f8ed43707c608bccc91b5ce6e11 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\DrmSingleton.dllMD5: fdaf8c36a5742365a0df502e20f69a28 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\gsttspplugin.dllMD5: 9edcaf5058f9626638ee8f0ac6af8976 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libglib-2.0-0.dllMD5: 9aff67245ce824328ffd26134edc6759 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libgmodule-2.0-0.dllMD5: 9f3ffac085263828f032a52f9b838419 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libgobject-2.0-0.dllMD5: 2c997d1df778ee61046bf5de3082ad43 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libgstreamer-0.10.dllMD5: 7ab4fdd2299a9c7ddedc0c6c77c5c454 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libgthread-2.0-0.dllMD5: f5be4fa3ba8c3727fe062fab9112e5b0 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libiconv-2.dllMD5: eabdd9e3e36069d68d55ed0f0a446c6e C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libxml2-2.dllMD5: 020d010677f04243b400d75fa4f33eb2 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\ndsLogStore.dllMD5: f365d4b0a5b5552f0d2fa3e4aba36d91 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exeMD5: e347e05b060c0c57c56406de5b12a020 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dllMD5: adee98380dfb75550304dba850078c98 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dllMD5: 6b8de507dd6324134826e594c88838b9 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerDll.dllMD5: 52f4a51ca22ab2d4701ac5faf9c845b8 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exeMD5: c627f5a7e414a4d5bb00999fc895f1c4 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\TSB.dllMD5: 6ce680bbee0ba239c8abd02aa88be104 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\XferManagerDll.dllMD5: 016f69e8fcd9afe5081781b1487306c5 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\z.dllMD5: a2cb17c6ecd68ab13d3589f626cf3e86 C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dllMD5: d1506baa5dd4bc62b54b2a9a3743ace4 C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dllMD5: cf000d9a2df8568dc86b35e12b3531e0 C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dllMD5: 1224d741ce1a54d67429e04a5b1ec4e2 C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dllMD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exeMD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dllMD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exeMD5: 897493762a427d94b66a30ee6ab35966 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllMD5: 848bc9a0bb2361e549fd4c22d7548fb8 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dllMD5: c26b09276755e0698b31cf0bae0bf182 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exeMD5: f6fd367c9eaaedf90cd7a7952ae0b336 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dllMD5: af54247f97ccf3539de7505c09972ff9 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dllMD5: ef8cd3c64ee9c08980d6d06ccce46c68 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dllMD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dllMD5: ff9831030678c7b6d70bac00f68f8976 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dllMD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dllMD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dllMD5: 73862ff693168369a90f046e7f227b83 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dllMD5: 78865abc5f5d13190f8b35bd9044714a C:\Program Files\Common Files\Apple\Apple Application Support\objc.dllMD5: 152f8772d5a5cd7883305c3b8d28470e C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dllMD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dllMD5: 64894527838c86454e2f378ff39fa336 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dllMD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dllMD5: a5299d04ed225d64cf07a568a3e1bf8c C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeMD5: 4e4edf9ca82e95bab2977dd9f21b00f6 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dllMD5: ab781c0e4c09e08f464081d17c0f6184 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dllMD5: 31fb275f3384353592fc908535b46e18 C:\Program Files\Common Files\Apple\Mobile Device Support\LIBEAY32.dllMD5: 0e1b02c9cc352a1f61703b7d1a8a2c45 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dllMD5: 3353fa13f36e0694ee92eed9f0225135 C:\Program Files\Common Files\Apple\Mobile Device Support\SSLEAY32.dllMD5: d2aeadfd998706b4216315b2bd3fa79e C:\Program Files\Common Files\InstallShield\UpdateService\issch.exeMD5: 1663a135865f0ba6e853353e98e67f2a C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeMD5: 3dc635b66dd7412e1c9c3a77b8d78f25 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeMD5: c12476de1affb1bba1a48a459ceb3d39 C:\Program Files\Common Files\LightScribe\LSSrvc.exeMD5: 67a95b9d129ed5399e7965cd09cf30e7 C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exeMD5: 156399dae7a45d83827d1b9fb0a53df2 C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\Main_Help.dllMD5: 28e60c4ec03340ee7c5d51d79c19498b c:\Program Files\Common Files\Mcafee\Core\mccoreps.dllMD5: c3333dd48a39c17689414275e09d7cc7 c:\Program Files\Common Files\Mcafee\Core\McEvtBrk.dllMD5: 43979c30662f322e720b50b3d95f5d95 c:\Program Files\Common Files\Mcafee\HackerWatch\HWAPI.dllMD5: f0012f09428ad9952ff57c93acaab585 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dllMD5: ecab006ac6136f1307e140b633cdb8c2 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeMD5: f721987c5a710ef2eda2cba9cffafaf7 C:\Program Files\Common Files\Mcafee\MNA\McNASvc.dllMD5: ae02e6dac99fa4dc642c71b10fee9971 C:\Program Files\Common Files\McAfee\MSC\LangSel.dllMD5: b1e8af364027029272758c8e34776144 C:\Program Files\Common Files\McAfee\MSC\LogCntrl.dllMD5: 85ad707f3c3af8079b2f22c1dc7238c0 C:\Program Files\Common Files\Mcafee\MSC\mcbrwsr2.dllMD5: 017ec72c3c9add080daa10956374884a c:\Program Files\Common Files\Mcafee\MSC\McDspWrp.dllMD5: 4be8d8fb641f43f4c4d6cf6ab5ade968 C:\Program Files\Common Files\McAfee\MSC\McRtMui.dllMD5: 2e50b9e0c0647475116247dce4357161 c:\Program Files\Common Files\Mcafee\MSC\mcutil\11,6,277,0\mcutil.dllMD5: 32d2c44247c8f9cac70de1f3ae121964 C:\Program Files\Common Files\Mcafee\MSC\sqlite3.dllMD5: b17440a103bc883b57974d63f43b7485 C:\Program Files\Common Files\Mcafee\NMC\McDisc.dllMD5: 3eca9b282687a529995953e1c048bb2d c:\Program Files\Common Files\Mcafee\NMC\McMPFEvt.dllMD5: a518d3c9fb121f0f37f86b3f1f5d1c32 C:\Program Files\Common Files\Mcafee\NMC\McNDSv.dllMD5: 6c169a7b9cd228cd56bd95814ebc6194 C:\Program Files\Common Files\Mcafee\NMC\McNmcSrv.dllMD5: 6c2d89c52da8592c57fb0dc7bab36ff7 C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exeMD5: 4e13ea496e202bcb4fcc342d96faf83a C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exeMD5: 250304dc7238574a6cecc88f13e07538 C:\Program Files\Common Files\McAfee\SystemCore\FTL.DllMD5: a4d46b6fa6ad0e3aa309d060f00a3808 C:\Program Files\Common Files\McAfee\SystemCore\LockDown.dllMD5: 240f879f13cffae974b8929adc42a257 C:\Program Files\Common Files\McAfee\SystemCore\McShield.dllMD5: 6c2d89c52da8592c57fb0dc7bab36ff7 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exeMD5: f0898390403be08777978b4f483953a8 C:\Program Files\Common Files\McAfee\SystemCore\mfeapfa.dllMD5: da7212a2e5df4058ff72840bf4ef67ec C:\Program Files\Common Files\McAfee\SystemCore\mfeavfa.dllMD5: e64585a16e4452df3f756ec4ca809e75 C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dllMD5: 4e13ea496e202bcb4fcc342d96faf83a C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exeMD5: fc76f0803bf2b86e3abd2c63bb0fdefd C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dllMD5: 7509744ad3eca4d625520b55633cb2cf C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dllMD5: 55e8267140290d8e1bf291252f3723d1 C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dllMD5: 01e8d9b07eeb603cc6bf5cdb21f1dcc9 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3.dllMD5: 8d3ff64e90496c73c0344774329581b6 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_server.dllMD5: d37356755af6b5a6c84735258edbbc57 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_worker.dllMD5: d51e1ff7f4aa27fa10f95b3150741f35 C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121215074655.dllMD5: d51e1ff7f4aa27fa10f95b3150741f35 C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121224175840.dllMD5: a4d46b6fa6ad0e3aa309d060f00a3808 C:\Program Files\Common Files\McAfee\VSCore\Lockdown.dllMD5: d5761dd586c54bf710174e992fa83eaa C:\Program Files\Common Files\Nuance\dgnsvc.exeMD5: 36143067e041a98083fb204dac49293c C:\Program Files\dcmsvc\dcmsvc.exeMD5: 408ddd80eede47175f6844817b90213e C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeMD5: b78f4c2c592c87df54e8e0c6aaef3874 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dllMD5: 358878e398ab0fb8b1ee176c2e3edf48 C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dllMD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dllMD5: f8ecc22460ffb1326aa7d35dcbae67e8 C:\Program Files\Hewlett-Packard\SmartPrint\BootStrap.exeMD5: 1a3a1a8beffb1fc15091f64f588c1cb5 C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exeMD5: 3cc2f1568c2d4c1383cb0aa05a52e455 C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dllMD5: add4425af62c314f8c49033db7561bc5 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exeMD5: 135724d3f79e261b63628d75a6dd0817 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exeMD5: f4cc196e5633297c2122e5d7d92ce0ee C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exeMD5: ef7a25631c5ffa09324206816a248708 C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dllMD5: 203cc41b7693bc3ce131561af33c6f2e C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusUI.dllMD5: 395bcc9122e705f6586217e32cd01cc9 C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exeMD5: ce22799e6b81b336021d611a432c4e32 C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationUI.dllMD5: b306ab1a1cf5a3c652466f74f7ee27d2 C:\Program Files\Internet Explorer\ieproxy.dllMD5: 0cbe3e4166a08fc379eabf532b4efe18 C:\Program Files\Internet Explorer\plugins\NPDocBox.dllMD5: 4687b6f8cf5f62ddcf21916114142ff7 C:\Program Files\Internet Explorer\plugins\nppdf32.dllMD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin.dllMD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin2.dllMD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin3.dllMD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin4.dllMD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin5.dllMD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin6.dllMD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin7.dllMD5: 854274ac89f9b0aa0dd7dee518c225a7 C:\Program Files\Internet Explorer\xpshims.dllMD5: e8a39d41474be42fd8830ced32932d6c C:\Program Files\iPod\bin\iPodService.exeMD5: 7df0decd3006b8ba450aec714086ff3c C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLLMD5: 280013e1ca1a648a6b896d884cc46601 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLLMD5: c85eccbaa179719e658ffdbf99221e1e C:\Program Files\iTunes\iTunesHelper.dllMD5: e4401cf27225c1d6e664e86195978562 C:\Program Files\iTunes\iTunesHelper.exeMD5: 9df319f1c2d4b80d8ce8214ea4899adf C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLLMD5: 814a169c40b55178bd8e1f79d1ada649 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLLMD5: 3fcf47bd73094fa62d81373515f46110 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dllMD5: 67e74163c6178aa696e2b4a726770a02 c:\program files\java\jre6\bin\jp2ssv.dllMD5: e731921db2e17dcd3db472fad5549c57 C:\Program Files\Java\jre6\bin\jqs.exeMD5: ea8fcf30d2961369435c84ce3b3063f1 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dllMD5: 054dcc54b7de3a9511f50b9fcbf4cdd1 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllMD5: af51b4250f9a37eb88d8f92e4a3c2f79 C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dllMD5: c12479cc7830aec5f35a2750094a9d14 C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dllMD5: 8ffcfe3351f51e19b856a2347e19b850 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exeMD5: 9c11630d403b2768f3eaf9230181e01a C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dllMD5: 58fbf6ef281bf78cf16c3b7f58530673 C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dllMD5: 5d1d4f50129e4b35c44f3d4f341ef51f C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dllMD5: 581a9fe27c17b1679085a066b069b65d C:\Program Files\McAfee.com\Agent\mcagent.exeMD5: a727eaf1c956f05f51592d715e50f725 c:\Program Files\McAfee\MPF\MpfApi.dllMD5: 355db4f5e585ca04c08519ce98cd5ca2 c:\Program Files\McAfee\MPF\MpfEvt.dllMD5: a75338fabf3c24ebc4058faf8a7203d7 c:\Program Files\McAfee\MPF\MpfShm.dllMD5: 8cd7f18d1ef09160fd201446ca70a2fd c:\Program Files\McAfee\MPF\MpfSvc.dllMD5: 5fb8031590222674792690fe7f7ae004 C:\Program Files\McAfee\MPF\Twerp.dllMD5: f891d113ae1488653db2c0fa34a6fbe9 c:\Program Files\McAfee\MQS\QCProgressIcon.dllMD5: 45df6a66256026df51d719c87c16b2ce c:\Program Files\McAfee\MSC\McDBMgr.dllMD5: 9aa3ee13e8cb7671db730015a23f5af5 c:\Program Files\McAfee\MSC\McGsShm.dllMD5: 7c51822e2c94257f3c39551b2e4b8d6a c:\Program Files\McAfee\MSC\McIPTShm.dllMD5: fd83993dbfec4eee7c13bc8fa74dfacc C:\Program Files\McAfee\MSC\mclwapi.dllMD5: d390cda2d132c6d8cc27db7e007970fa c:\Program Files\McAfee\MSC\mcmispps.dllMD5: c76be4b014d2fad9a3e38f2a773bd912 c:\Program Files\McAfee\MSC\mcmschlp.dllMD5: b01860e256305c775c4678f66710aa60 c:\Program Files\McAfee\MSC\McMscShm.dllMD5: cac6f6f206c978deea928b9302646a09 c:\Program Files\McAfee\MSC\mcmscsub.dllMD5: 9adea7a6e21e72de50a152194c8510fe C:\Program Files\McAfee\MSC\McOemRes.dllMD5: 2b07418ae23172777fe4ad68361f24df C:\Program Files\McAfee\MSC\mcprlalt.dllMD5: 516f2ed421d9689696d38d5b5f825370 C:\Program Files\McAfee\MSC\mcprlres.dllMD5: 49f62a7d70c930dba98c8ff8b5d6850c c:\Program Files\McAfee\MSC\mcregobj\11,6,434,0\mcregobj.dllMD5: e6d44bf4a7a11bc06520b8ce54128f7b c:\Program Files\McAfee\MSC\mcsubmgr\11,6,434,0\mcsubmgr.dllMD5: e7abc004978055616431654f63a3e5a7 c:\Program Files\McAfee\MSC\mcuicfg.dllMD5: 354277d6e1b93f111351d523845b6257 c:\Program Files\McAfee\MSC\McUpdShm.dllMD5: 4b06ba13e36358ddabb87b59abe16c3b C:\Program Files\McAfee\MSC\mscjsres.dllMD5: 3234e4bb71dad2c13dc5c8cd85203e8b c:\Program Files\McAfee\MSC\mscuild.dllMD5: a44bffa5d6cc1e909e6a3c16d9bb009b c:\Program Files\McAfee\MSC\npMcSnFFPl.dllMD5: 6a9a136c7403fa7452834ff025ecfa9d C:\Program Files\McAfee\MSC\OemUI.dllMD5: 2e72f6bd5d0c055780537b6711e14eaa c:\Program Files\McAfee\MSC\oemuild.dllMD5: 5686edb3b234003c5e110f49c07a99b8 c:\Program Files\McAfee\SiteAdvisor\mcbrwctl.dllMD5: 5c4ba8ef8fba80397c33cc33f7f3922f c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dllMD5: 4011e202d10468cd68ef1791a7f5e2f3 c:\Program Files\McAfee\SiteAdvisor\McPlgUI.dllMD5: f9f003ecab0ac26e2aba43e672f15bd9 c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dllMD5: c6fd288c265157410a17ae0531d3af4c C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dllMD5: e84b3cb28ab4d95c07738ae9937c2734 c:\Program Files\McAfee\SiteAdvisor\sahook.dllMD5: 1d702a6e768510f2623171c963afae36 c:\Program Files\McAfee\SiteAdvisor\SaSSHMod.dllMD5: cd64b78db77d443181a9e2e834796863 c:\Program Files\McAfee\SiteAdvisor\saUI.exeMD5: 7ded7521eb8b8d56dadcd044d1b77709 c:\Program Files\McAfee\SiteAdvisor\saupkeep.dllMD5: fa910662b178e09857ca6b98e3e22435 C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dllMD5: 80a617849b004d1c6c4beab7aa86f021 C:\Program Files\McAfee\VirusScan\Engine\5500.1093\mcscan32.dllMD5: b776af46bbcb0a48d6a18efaa49e6fa4 c:\Program Files\McAfee\VirusScan\EScnPlug.dllMD5: 9bd0c29c5c78c74a8d177399f07bd194 c:\Program Files\McAfee\VirusScan\McOasShm.dllMD5: c7da06c9a9aeefbe37aac281ea6385d5 C:\Program Files\McAfee\VirusScan\mcods.exeMD5: 93624b1849df1f5ed709522a302a1db2 c:\Program Files\McAfee\VirusScan\mcodsax.dllMD5: b8b742537bfa1ac4f742b36beb310bf6 c:\Program Files\McAfee\VirusScan\McVsPs.dllMD5: 2e645c11aab7a7e5f607355f6cbdf068 c:\Program Files\McAfee\VirusScan\MVsCfg.dllMD5: 2f25b52b0cf0f6f5be2d789181d61735 c:\Program Files\McAfee\VirusScan\mvslog.dllMD5: 7cc9484fbc922f7dc0b1d767a256c1e5 c:\Program Files\McAfee\VirusScan\NaiAnn.dllMD5: 149da63ed179de9b46d5c38a867f3199 c:\Program Files\McAfee\VirusScan\NaiAnnPs.dllMD5: 618b5e4d16dcba693b421c5062d84f9a c:\Program Files\McAfee\VirusScan\VSJsRes.dllMD5: bfcce364e88a2cb9d64327f7ba7a77f5 C:\Program Files\McAfee\VirusScan\vsores.dllMD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exeMD5: a5d08b86e8a437aa6deaf7a187bf6ca5 c:\program files\microsoft office\office14\urlredir.dllMD5: 9013599b12923a45c029c34e8d2211ac c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dllMD5: a2494901e7226b356b8c1005c45f1c5f C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exeMD5: 809263143a1622f9768a4f68431bd45d c:\program files\microsoft\bingbar\7.1.361.0\bingext.dllMD5: 63b1cbbae4790b5bac98f01bf9449722 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXEMD5: 313265cf4f5f02ed927774da1db3fe00 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeMD5: b74db0119593f722ef6fb3d407c2da3a c:\program files\nuance\pdf professional 7\bin\plusiecontextmenu.dllMD5: 08603efc5a8f1aa8d2cdec4fc00325e4 c:\program files\nuance\pdf professional 7\bin\zeoniefavclient.dllMD5: 869cc2b32e989bf203165ee6d27d0c8c C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exeMD5: 3f87885cb3767bfd27811b3ca3cc608d C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exeMD5: d6fb9634096473c3a54fbeac10139203 C:\Program Files\Nuance\PDF Professional 7\RegistryController.exeMD5: 210ee09cb9c2655e55bd48d851369dc1 C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeMD5: bf9addb37c6f5f3159aa78df586dda8d C:\Program Files\NVIDIA Corporation\nview\nwiz.exeMD5: d9c2c7c1552093da582e1ab9b3432b55 C:\Program Files\NVIDIA Corporation\Update Common\easyDaemonAPIU.DLLMD5: 0ba077efedbd024029d2f77c355cadde C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dllMD5: a15b420eeb9850b22d803a676e3423cc C:\Program Files\NVIDIA Corporation\Update Common\NVUPDTR.DLLMD5: 59325d3245246df17235a4a551b9853a C:\Program Files\PCPitstop\Info Center\InfoCenter.exeMD5: 1aef52f2cc9acb260cdc93904a0b36df C:\Program Files\PCPitstop\PCPitstopScheduleService.exeMD5: d0c0b700152b1f610f10b356483b3401 C:\Program Files\Skype\Updater\Updater.exeMD5: 9f3e7cabe86bbdeca009de291db6d9e2 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exeMD5: 11e618a8a8c56a2063428ba1c3b615d0 C:\Program Files\TeamViewer\Version8\tv_w32.dllMD5: 0e3d30f8cdd82e7e64938459ca90d9f0 C:\Program Files\Windows Media Player\wmpband.dllMD5: b60f58f175de20a6739194e85b035178 C:\Program Files\WinPcap\rpcapd.exeMD5: 2e0fe4c6595296051a1533f2e19a7eb2 C:\Program Files\WS_FTP Pro\nsftpch.dllMD5: b570f2f4031ae076f58a53d6b238ca05 c:\program files\ws_ftp pro\wsbho2k0.dllMD5: cd64b78db77d443181a9e2e834796863 C:\PROGRA~1\McAfee\SITEAD~1\saUI.exeMD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLLMD5: 7a4d7b91bc815ed33e63122ca7078fd0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dllMD5: 878f6183cef9bef0019fe03ee10ad269 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dllMD5: c1a1f10bd3839c6c583ae84c9d6d0b22 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dllMD5: bb5b7e95212d816aff7a329f248a1adf C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dllMD5: 89be7f1e47ade757e0460027ec5cd998 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dllMD5: c2b9b86d3037ad3902058939954d6109 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dllMD5: 5cffbd7d881a175ca94b4972157f8034 C:\WINDOWS\Downloaded Program Files\atcliun.exeMD5: 84bc80b9d12f8611592346fe1477069e C:\WINDOWS\Downloaded Program Files\DiskMD3Ctrl.dllMD5: 1b71f118d7393976b5e53e99f3f4d695 C:\WINDOWS\Downloaded Program Files\ieatgpc.dllMD5: 3f4413dcd8d3bbabf08f68f25e6d60e1 C:\WINDOWS\Downloaded Program Files\isusweb.dllMD5: 6c079a0e753cbcd7f34ae8446589199a C:\WINDOWS\Downloaded Program Files\mhLbl.dllMD5: 0a69653cdc454f714b1e2e86923bc2f9 C:\WINDOWS\Downloaded Program Files\PCPitStop.dllMD5: d8c4d4b92b29b5856293da270cfaae44 C:\WINDOWS\Downloaded Program Files\pcpitstop2.dllMD5: 6ef25bb1191df8a37e863551de4f4a45 C:\WINDOWS\Downloaded Program Files\PCPitstop3D.dllMD5: ef46173fa99251ad3994fa2c9a194f93 C:\WINDOWS\Downloaded Program Files\PCPitstopAntiVirus2.dllMD5: 56940b50ab0e5923822f47b0e4463885 C:\WINDOWS\Downloaded Program Files\qsax.dllMD5: b0af3f6c7ee623eedc275f34e69ce692 C:\WINDOWS\Downloaded Program Files\SBTE.DLLMD5: 861884fc6522c2ee25d86c84e5384d42 C:\WINDOWS\Downloaded Program Files\SPURSDOWNLOAD.DLLMD5: c95bbeda7cb9b019229aa8706254f6b4 C:\WINDOWS\Downloaded Program Files\TunnelX.ocxMD5: dfe4a062ffed0c938867de4647a55c48 C:\WINDOWS\Downloaded Program Files\VIPRE.DLLMD5: 860fad57b4668a9f5f350a9d5444ae89 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dllMD5: b560a085eed4d5d72b039929f9ae4991 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dllMD5: f282d4edd85d53e20d902cc92190c5f5 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dllMD5: fb53a700132d9a97d1e10e9f80bd6174 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dllMD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dllMD5: d3cc7a3813123e955b3a497c04b404e2 C:\WINDOWS\SMINST\RECGUARD.EXEMD5: c85670ab64068f8080998aeba6c5019c C:\WINDOWS\system32\ATL100.DLLMD5: cfd4e51402da9838b5a04ae680af54a0 c:\windows\system32\browser.dllMD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dllMD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dllMD5: 698f56b7f74bdf9433a30f2c323169ee C:\WINDOWS\system32\corelcreatorpm.dllMD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dllMD5: 06f2aea1065838aae394553063cdf28e C:\WINDOWS\system32\CRTDLL.dllMD5: 6bee5d4eff0a0341bcc4a462d81ccfc1 C:\WINDOWS\system32\CRYPT32.dllMD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dllMD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dllMD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dllMD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLLMD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dllMD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dllMD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dllMD5: 062373995eae5f0eac9eaa9192136bfb C:\WINDOWS\system32\dnssd.dllMD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sysMD5: 9372cc48814a17e67c28945eb4acc189 C:\WINDOWS\system32\DRIVERS\basic2.sysMD5: 67b20da4727f54aea29fddad810c898d C:\WINDOWS\system32\drivers\cfwids.sysMD5: 9ea76a7f28cd968f8adc709e479f23b2 C:\WINDOWS\system32\DRIVERS\fallback.sysMD5: 413cfa795cad19a010889df0ec060408 C:\WINDOWS\system32\DRIVERS\faxnt.sysMD5: b7b262d0431374f3afd1349e35b368d9 C:\WINDOWS\system32\DRIVERS\fsksnt.sysMD5: 185ada973b5020655cee342059a86cbb C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sysMD5: d61e53e3fec0c92bc8dd3969fad63f87 C:\WINDOWS\system32\drivers\HipShieldK.sysMD5: a941aa38e3951058e584c4bbddd56ed9 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sysMD5: 970178e8e003eb1481293830069624b9 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sysMD5: ebb354438a4c5a3327fb97306260714a C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sysMD5: a4e3277398c8aba999483d4c658c9696 C:\WINDOWS\system32\DRIVERS\k56nt.sysMD5: ba1347822d01b2d29c14cf09663a6457 C:\WINDOWS\system32\DRIVERS\lvrs.sysMD5: e2c99d3b692ba2173114c9df79313b70 C:\WINDOWS\system32\DRIVERS\lvuvc.sysMD5: b73ec688c29f81f9da0fcf63682b3ecb C:\WINDOWS\system32\DRIVERS\lvuvcflt.sysMD5: 195741aee20369980796b557358cd774 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sysMD5: ba3004f4c0a0cd19db9c2c0ab3a84efe C:\WINDOWS\system32\drivers\mfeapfk.sysMD5: 39c20b7d9ac19bfe616ca09dd3a240af C:\WINDOWS\system32\drivers\mfeavfk.sysMD5: e3470decda0a4015a0ca00ed645f2ebe C:\WINDOWS\system32\drivers\mfebopk.sysMD5: c8ac8147e02ed8795e1fd946165baccf C:\WINDOWS\system32\drivers\mfefirek.sysMD5: 7aaf92954d8d2801b17a1163c60abfe9 C:\WINDOWS\system32\drivers\mfehidk.sysMD5: 3474b9391903c0ab2e9987cb4de943d8 C:\WINDOWS\system32\DRIVERS\mfendisk.sysMD5: 62d55d882d58a1250348f324bc0afc06 C:\WINDOWS\system32\drivers\mferkdet.sysMD5: fcfab391e3736769fe5865f3acb3dccb C:\WINDOWS\system32\drivers\mfetdi2k.sysMD5: 9fa7207d1b1adead88ae8eed9cdbbaa5 C:\WINDOWS\system32\drivers\monfilt.sysMD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sysMD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sysMD5: b48dc6abcd3aeff8618350ccbdc6b09a C:\WINDOWS\system32\drivers\npf.sysMD5: 68b8c35782ffd20973524f748234b5a9 C:\WINDOWS\system32\DRIVERS\nv4_mini.sysMD5: a12ec731bb00adad2d016d41c1f18fa4 C:\WINDOWS\system32\DRIVERS\NVENETFD.sysMD5: 5dc6a149897820de315916b6ec984ec9 C:\WINDOWS\system32\DRIVERS\nvnetbus.sysMD5: 4c35e57300a2dc5932a8e29efa527c32 C:\WINDOWS\system32\DRIVERS\rksample.sysMD5: a9573045baa16eab9b1085205b82f1ed C:\WINDOWS\system32\DRIVERS\serscan.sysMD5: c11082c80723771c1979eacf7fdde1c3 C:\WINDOWS\system32\DRIVERS\spkpnt.sysMD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sysMD5: 9101fffcfccd1a30e870a5b8a9091b10 C:\WINDOWS\system32\DRIVERS\teamviewervpn.sysMD5: e0f10a379239b4fab319c55a9cd6bc96 C:\WINDOWS\system32\DRIVERS\tonesnt.sysMD5: 8bf5d980cdce35fb26f05047144bb57e C:\WINDOWS\System32\Drivers\usbaapl.sysMD5: 177b65899d418f8c8f037b20567a99d6 C:\WINDOWS\system32\DRIVERS\v124nt.sysMD5: 5822017d17d7f14cb5a57c04767135d1 C:\WINDOWS\system32\drivers\viahduaa.sysMD5: 4c0b8ef721783f52f8e531fbdc4b1f74 C:\WINDOWS\system32\DRIVERS\wceusbsh.sysMD5: ffb3115aa757abefba7fba90bad5dd0a C:\WINDOWS\system32\en-us\tQuery.dll.muiMD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dllMD5: fb034de7f0d706eba9513d8ed7478acb C:\WINDOWS\system32\HPDiscoPM5912.dllMD5: 5f923ae1c8cdff1d6890a2994ed33e0e C:\WINDOWS\system32\hpgwiamd.dllMD5: b4cd580096ede5be874fa5b92a34aec4 C:\WINDOWS\system32\hpinksts5912LM.dllMD5: efc067aab4af13c03f9fb8c385351a60 C:\WINDOWS\system32\HPScanTRDrv_OJ8600.dllMD5: 0e40a02ddc65f33af80c962a3b00345a C:\WINDOWS\system32\hptcpmib.dllMD5: b3d7330f19c7ad35b4bf8bb2fbecf372 C:\WINDOWS\system32\hptcpmon.dllMD5: fb5a1d9e11e1cdad9d0cda06d7e86981 C:\WINDOWS\system32\HPTcpMUI.dllMD5: aea9ed3acafe9f47735f8e048ca21b19 C:\WINDOWS\system32\HPWia1_OJ8600.dllMD5: 2d091a99624fb9e7eef0a86d872ec0c3 C:\WINDOWS\system32\HPZipm12.exeMD5: b85ec14c7a5f7b2c8d70d4443486dd77 C:\WINDOWS\system32\hpzjrd01.dllMD5: 52417880ac75ac4b7f4e5c3b54ca6621 C:\WINDOWS\system32\hpzlnt12.dllMD5: 903c8c110131b8a71501514b61a17761 C:\WINDOWS\system32\ieframe.dllMD5: 7b6f5a09bcb1e8017a964ffe0992e8f6 C:\WINDOWS\system32\iepeers.dllMD5: 994b77915ea49a467cda144806ae42d6 C:\WINDOWS\system32\iertutil.dllMD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dllMD5: 63e8d944afbeebb243f25c4ed07e74c5 C:\WINDOWS\system32\inetmib1.dllMD5: b6932761058dc21beaa7a1245b1b20e6 C:\WINDOWS\system32\infosoft.dllMD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\JScript.dllMD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dllMD5: 6fe42512ab1b89f32a7407f261b1d2d0 C:\WINDOWS\system32\kernel32.dllMD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dllMD5: 5677dfe438ec1f009273fc84feed6b10 C:\WINDOWS\system32\localspl.dllMD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scrMD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dllMD5: 25def2ef843275862ffbf55487cefddd C:\WINDOWS\system32\Macromed\Flash\Flash32_11_5_502_135.ocxMD5: 95ce557d16a75606ccc2d7f3b0b0bccb C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeMD5: 54fc590185d7d00d65e53b9a5990dc14 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dllMD5: 82b7415d5a8fb24d3f6736400f5e1600 C:\WINDOWS\system32\mfevtps.exeMD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dllMD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.imeMD5: bd4d9d7b6a3880d42cda8492452c9e71 C:\WINDOWS\system32\msfeeds.dllMD5: 9c46e5c82f94d9aedd2ce798f0df1158 C:\WINDOWS\system32\mshtml.dllMD5: 29bd913d8fd1feb6728dc9b43b55c1d2 C:\WINDOWS\system32\MSRATING.dllMD5: bc83108b18756547013ed443b8cdb31b C:\WINDOWS\system32\MSVCP100.dllMD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\WINDOWS\system32\MSVCR100.dllMD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dllMD5: acfee2392503dd5e457363a0510b8bcb c:\Windows\System32\msxml3.dllMD5: a0ae7f043497c9971e9d7fe291099d40 C:\WINDOWS\system32\msxml6.dllMD5: cac752bf84db4666ed3ce0948e6ea937 C:\WINDOWS\system32\NETAPI32.dllMD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\netshell.dllMD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dllMD5: 981027c4b940bbe220eccb00f0b159b4 C:\WINDOWS\system32\nvapi.dllMD5: ed43760c9a61c0abd91a473762e5a791 C:\WINDOWS\system32\NvCpl.dllMD5: b3c1ba5f5ab8f9d8fc3b00f907522631 C:\WINDOWS\system32\NvMCTray.dllMD5: ffd30daaf62d605069f6eb42d2e807c3 C:\WINDOWS\system32\nvsvc32.exeMD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dllMD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dllMD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dllMD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dllMD5: b84990566b1a5611818e36379e49dad2 C:\WINDOWS\system32\pdfports.dllMD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dllMD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dllMD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS\system32\schannel.dllMD5: f0a0ebf086597e645bc14b0d98f8ba58 C:\WINDOWS\system32\scrrun.dllMD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dllMD5: e73f18195ccf4aaaa87b2d22e83f791c C:\WINDOWS\system32\serwvdrv.dllMD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dllMD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS\system32\SHELL32.dllMD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dllMD5: ef588ebd27aa2124f83c630c61c126bc C:\WINDOWS\System32\spool\PRTPROCS\W32X86\WfxPrint2000.dllMD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exeMD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dllMD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dllMD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\T2EMBED.DLLMD5: ec2ad9ac452e0a8d976fb1b1718517ce C:\WINDOWS\system32\umdmxfrm.dllMD5: bca608797a3e8eec0094cd6d596d77d7 C:\WINDOWS\system32\urlmon.dllMD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exeMD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dllMD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\VBScript.dllMD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dllMD5: 9ad88ea663124336e88eb031f917ce20 C:\WINDOWS\system32\WININET.dllMD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dllMD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dllMD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dllMD5: d458b738b4c2ce33174cfb2ce12412db C:\WINDOWS\system32\WINTRUST.dllMD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dllMD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exeMD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dllMD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dllMD5: bdc0c99e472176c8c2c853a68adc5073 C:\WINDOWS\system32\wups2.dllMD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dllMD5: c701d4500d0cb03ff4543f9907b624ea C:\WINDOWS\system32\xmllite.dllMD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dllMD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dllMD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dllMD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dllMD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dllMD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dllMD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dllThe following file(s) must be uploaded for server-side scanning: C:\WINDOWS\system32\hptcpmib.dll C:\Program Files\Internet Explorer\plugins\npqtplugin.dll C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll C:\Program Files\Internet Explorer\plugins\NPDocBox.dll C:\WINDOWS\system32\hptcpmon.dll C:\WINDOWS\Downloaded Program Files\isusweb.dll C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll C:\Program Files\Internet Explorer\plugins\nppdf32.dll C:\WINDOWS\SMINST\RECGUARD.EXE C:\WINDOWS\system32\corelcreatorpm.dll C:\WINDOWS\System32\spool\PRTPROCS\W32X86\WfxPrint2000.dll C:\Program Files\dcmsvc\dcmsvc.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll C:\Program Files\WS_FTP Pro\nsftpch.dll C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll C:\WINDOWS\system32\hpzjrd01.dll C:\WINDOWS\system32\pdfports.dll C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll c:\program files\ws_ftp pro\wsbho2k0.dll C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\HPTcpMUI.dllUpload started - 28 file(s) dcmsvc.exe (30440) LSSrvc.exe (53248) HPZipm12.exe (73728) issch.exe (81920) RECGUARD.EXE (212992) WfxPrint2000.dll (16840) pdfports.dll (20584) nsftpch.dll (24576) npjp2.dll (69632) hptcpmib.dll (73728) adistres.dll (77824) nppdf32.dll (103344) hptcpmon.dll (122880) corelcreatorpm.dll (126976) wsbho2k0.dll (131072) hpzjrd01.dll (139264) npqtplugin.dll (159744) eqsnx.dll (208896) HPTcpMUI.dll (212992) NPDocBox.dll (225280) isusweb.dll (401408) System.Configuration.ni.dll (971264)Upload speed - 20 KB/sUpload finished - 28 uploaded, 0 failedThe uploaded file(s) were found clean.Scan finished - communication took 174 secTotal traffic - 3.42 MB sent, 0.88 KB recvdScanned 809 files and modules - 250 seconds==============================================================================RogueKiller V8.4.1 [Dec 24 2012] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Roman [Admin rights]Mode : Scan -- Date : 12/25/2012 13:26:37¤¤¤ Bad processes : 3 ¤¤¤[sUSP PATH] PCShowServerPMWrapper.exe -- C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe -> KILLED [TermProc][DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll -> KILLED [TermProc][sUSP PATH] NDSPCShowServer.exe -- C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe -> KILLED [TermProc]¤¤¤ Registry Entries : 13 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer (C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND[RUN][sUSP PATH] HKUS\.DEFAULT[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-19[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-20[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1687530015-1697978249-4202760790-1004[...]\Run : PCShowServer (C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1687530015-1697978249-4202760790-1004[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-18[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND[services][Rans.Gendarm] HKLM\[...]\ControlSet001\Services\CorelCreatorMessages ("C:\WINDOWS\system32\CorelCreatorMessages.exe") -> FOUND[services][Rans.Gendarm] HKLM\[...]\ControlSet003\Services\CorelCreatorMessages ("C:\WINDOWS\system32\CorelCreatorMessages.exe") -> FOUND[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤¤¤¤ Infection : Rans.Gendarm ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\WINDOWS\system32\drivers\etc\hosts127.0.0.1 localhost[...]¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST380012A +++++--- User ---[MBR] 63d314d6f97c15e54d341fb66a926441[bSP] ab90a61d0cadfefa0824665e9ce9ec94 : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: ST3500320AS +++++--- User ---[MBR] 2422b9798518f2263a8cf51995fac452[bSP] 8312934f688144256aeb1d7b8230715f : Legit2 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 7373835 | Size: 473337 Mo1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 3600 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_12252012_02d1326.txt >>RKreport[1]_S_12252012_02d1326.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 25, 2012 ID:626852 Share Posted December 25, 2012 Next, what I'd like for you to do, is to manually review the toolbars in each browser you have. Internet Explorer first, then, Firefox & or Chrome, as appropriate.The following is a very good write-up to follow. Look at it, print it out, and look for any toolbar from Bandoo or even iLivid.If you find one by these, then disable it and write down the name for me.See http://deletemalware...tall-guide.htmlSkip the first section about "antimalware". Start with the section "Remove Searchqu Toolbar in Internet Explorer:1. Open Internet Explorer. Go to Tools ? Manage Add-ons."and onwards.Do the section for Internet Explorer.Only if you have Chrome, do the section on Chrome.Only if you have Firefox, do the section on Firefox.Once you have checked in your browsers, proceed to Step 2 below.Do NOT do any manual registry deletions or tweaks/fixes on your own.Step 2 Custom Scan with OTLPlease close any of your open windows/programs and exit; saving any open work you have.Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exeDo not run it .....yet.Go slow and careful. This will be a Custom scan with OTL tool. Have infinite patience while it runs.Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall onFor a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsI'd like to have you do a special run of OTL to generate some searches & a new log-report.Please double-click OTL.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):*****************************************************************netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%ALLUSERSPROFILE%\Application Data\*.%ALLUSERSPROFILE%\Application Data\*.exe /s%APPDATA%\*.%APPDATA%\*.exe /s%SYSTEMDRIVE%\*.exec:|Fun4IM;true;true;true; /FPc:|Bandoo;true;true;true; /FPc:|Searchn;true;true;true; /FPc:|Searchq;true;true;true; /FPc:|datamngr;true;true;true; /FPc:|iLivid;true;true;true; /FPc:|whitesmoke;true;true;true; /FP%USERPROFILE%\..|smtmp;true;true;true /FP%systemroot%\*. /mp /sCLEARALLRESTOREPOINTS*****************************************************************Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste. Close any browser(s) windows that may be open.Using your mouse, click on Run Scan.The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.These are saved in the same location as OTL.Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote.There will be more to do later. Link to post Share on other sites More sharing options...
rplusr Posted December 25, 2012 Author ID:626853 Share Posted December 25, 2012 I found no toolbars that reference Bandoo, iLivid, or Searchqu. I found no add-ons for the same in either IE, Firefox, or Chrome.You may have seen it, but on one of the previous scans above, it appears that I also have a touch of ** Infection : Rans.Gendarm **OTL logs follow:OTL logfile created on: 12/25/2012 4:35:43 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roman\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.12 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 81.42% Memory free4.97 Gb Paging File | 4.17 Gb Available in Paging File | 83.87% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 462.24 Gb Total Space | 412.23 Gb Free Space | 89.18% Space Free | Partition Type: NTFSDrive E: | 74.53 Gb Total Space | 48.17 Gb Free Space | 64.63% Space Free | Partition Type: NTFSComputer Name: ZTDESKTOP | User Name: Roman | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2012/12/25 16:31:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roman\Desktop\OTL.exePRC - [2012/12/21 00:41:32 | 028,539,728 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exePRC - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exePRC - [2012/12/02 10:07:55 | 000,086,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exePRC - [2012/11/09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exePRC - [2012/11/09 06:50:10 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exePRC - [2012/11/09 06:48:10 | 000,203,400 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exePRC - [2012/10/31 19:38:02 | 000,519,584 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\SmartPrint\BootStrap.exePRC - [2012/10/17 04:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exePRC - [2012/10/17 04:05:10 | 000,673,384 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exePRC - [2012/10/17 04:02:20 | 000,790,120 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exePRC - [2012/09/12 12:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exePRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exePRC - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXEPRC - [2011/11/03 10:21:00 | 001,787,752 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exePRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\Info Center\InfoCenter.exePRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exePRC - [2011/06/05 20:41:34 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exePRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exePRC - [2008/04/14 11:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe========== Modules (No Company Name) ==========MOD - [2012/11/14 03:08:11 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dllMOD - [2012/11/14 03:05:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dllMOD - [2012/11/14 03:05:49 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dllMOD - [2012/11/14 03:05:37 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dllMOD - [2012/11/14 03:04:12 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dllMOD - [2012/11/14 03:03:58 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dllMOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dllMOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dllMOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dllMOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dllMOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dllMOD - [2011/04/11 14:40:24 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\corelcreatorpm.dllMOD - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exeMOD - [2001/12/20 15:21:10 | 000,024,576 | ---- | M] () -- C:\Program Files\WS_FTP Pro\nsftpch.dllMOD - [2001/10/11 16:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll========== Services (SafeList) ==========SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\CorelCreatorMessages.exe -- (CorelCreatorMessages)SRV - [2012/12/24 17:01:43 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2012/12/18 07:54:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)SRV - [2012/12/02 10:07:55 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)SRV - [2012/11/16 21:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/11/09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)SRV - [2012/11/09 06:50:10 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)SRV - [2012/11/09 06:48:10 | 000,203,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)SRV - [2012/09/23 09:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)SRV - [2012/01/18 04:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)SRV - [2011/09/09 01:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe -- (PDFProFiltSrv)SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)SRV - [2011/06/05 19:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Roman\LOCALS~1\Temp\mbr.sys -- (mbr)DRV - [2012/11/09 06:56:16 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)DRV - [2012/11/09 06:53:02 | 000,091,168 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)DRV - [2012/11/09 06:52:12 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)DRV - [2012/11/09 06:51:12 | 000,565,352 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)DRV - [2012/11/09 06:50:30 | 000,084,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)DRV - [2012/11/09 06:50:30 | 000,084,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)DRV - [2012/11/09 06:50:20 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)DRV - [2012/11/09 06:50:00 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)DRV - [2012/11/09 06:49:40 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)DRV - [2012/11/09 06:49:10 | 000,132,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)DRV - [2012/09/21 15:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)DRV - [2012/09/21 15:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HipShieldK.sys -- (HipShieldK)DRV - [2010/06/25 12:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)DRV - [2009/11/09 12:12:42 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)DRV - [2009/10/07 03:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)DRV - [2009/07/01 10:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)DRV - [2009/07/01 10:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)DRV - [2009/03/25 13:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)DRV - [2008/05/21 08:48:04 | 000,277,376 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)DRV - [2008/02/14 13:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)DRV - [2004/08/12 10:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)DRV - [2001/09/07 09:57:00 | 000,584,336 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys -- (winachsf)DRV - [2001/09/07 09:57:00 | 000,534,125 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)DRV - [2001/09/07 09:57:00 | 000,426,783 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)DRV - [2001/09/07 09:57:00 | 000,310,899 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)DRV - [2001/09/07 09:57:00 | 000,217,019 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)DRV - [2001/09/07 09:57:00 | 000,127,405 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)DRV - [2001/09/07 09:57:00 | 000,080,449 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\spkpnt.sys -- (SpeakerPhone)DRV - [2001/09/07 09:57:00 | 000,077,426 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)DRV - [2001/09/07 09:57:00 | 000,067,654 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)DRV - [2001/09/07 09:57:00 | 000,056,607 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKCU\..\SearchScopes\{5496894E-FE95-4A30-9F1A-944E9259673D}: "URL" = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}IE - HKCU\..\SearchScopes\{A0038F32-F1DB-4E89-B3C6-BDCFBB83AEEC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}IE - HKCU\..\SearchScopes\{D730CC2D-E51A-451C-BD7B-F3D5D2B6FBC5}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.search.selectedEngine: "Secure Search"FF - prefs.js..browser.startup.homepage: "http://www.google.com/"FF - prefs.js..extensions.enabledAddons: xvmaiknmln%40xvmaiknmln.org:2.5FF - prefs.js..extensions.enabledAddons: %7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:15.1.0FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="FF - prefs.js..network.proxy.no_proxies_on: "*.local"FF - prefs.js..network.proxy.type: 0FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/12/25 13:00:31 | 000,000,000 | ---D | M]FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@ascendo-inc/DataVault;version=1: C:\Program Files\DataVault\npapi.dll File not foundFF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll (NDS)FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS)FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF1FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/12/15 09:44:50 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2012/12/02 09:58:28 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/12/25 16:34:04 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/24 17:01:43 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins[2011/11/05 11:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roman\Application Data\Mozilla\Extensions[2012/12/23 08:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\43597dhz.default\Extensions[2006/02/28 07:00:00 | 000,004,815 | ---- | M] () (No name found) -- C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\43597dhz.default\Extensions\xvmaiknmln@xvmaiknmln.org.xpi[2012/12/24 17:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2012/12/24 17:01:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2012/12/25 16:34:04 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE[2012/12/15 09:44:50 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR[2012/12/24 17:01:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2012/11/25 07:28:43 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2011/11/05 11:58:17 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml[2012/11/25 07:28:43 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml========== Chrome ==========CHR - homepage:CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},CHR - homepage:CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dllCHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dllCHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dllCHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dllCHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dllCHR - plugin: NDS PCShow Plugin (Enabled) = C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dllCHR - plugin: PCShow Player Plugin (Enabled) = C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLLCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dllCHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dllCHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dllCHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dllCHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dllCHR - Extension: YouTube = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\CHR - Extension: Google Search = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\CHR - Extension: SiteAdvisor = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\CHR - Extension: Gmail = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\O1 HOSTS File: ([2012/06/17 07:18:41 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (HP Smart Print BHO) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()O4 - HKLM..\Run: [info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.)O4 - HKLM..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()O4 - HKCU..\Run: [Google] C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll (MainConcept GmbH)O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)O4 - HKCU..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)O4 - HKCU..\Run: [PCShowServer] C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)O4 - Startup: C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars presentO8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)O15 - HKCU\..Trusted Domains: xmradio.com ([xmro] http in Trusted sites)O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} https://www.mydlink.com/8D/activeX//TunnelX.ocx (TunnelX Control)O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class)O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP6EP1-15324/webex/ieatgpc.cab (GpcContainer Class)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53371D86-939F-42EB-8692-365423C01C6D}: DhcpNameServer = 192.168.0.1O18 - Protocol\Handler\AutorunsDisabled - No CLSID value foundO18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)O24 - Desktop Components:0 () -O24 - Desktop WallPaper: C:\Documents and Settings\Roman\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO24 - Desktop BackupWallPaper: C:\Documents and Settings\Roman\Local Settings\Application Data\Microsoft\Wallpaper1.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2008/09/05 20:08:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)NetSvcs: 6to4 - File not foundNetSvcs: Ias - File not foundNetSvcs: Iprip - File not foundNetSvcs: Irmon - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: WmdmPmSp - File not foundMsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)MsConfig - State: "system.ini" - 0MsConfig - State: "win.ini" - 0MsConfig - State: "bootini" - 0MsConfig - State: "services" - 0MsConfig - State: "startup" - 2SafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)SafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: SCSI Class - Driver GroupSafeBootMin: sermouse.sys - DriverSafeBootMin: System Bus Extender - Driver GroupSafeBootMin: vds - ServiceSafeBootMin: vga.sys - DriverSafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copySafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)SafeBootNet: mfevtp - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)SafeBootNet: MpfService - ServiceSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: SCSI Class - Driver GroupSafeBootNet: sermouse.sys - DriverSafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: vga.sys - DriverSafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShowActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimationActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dllActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for JavaActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - UniscribeActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET FrameworkActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced AuthoringActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NTActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShowActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java ClassesActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUserActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICWActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media PlayerActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET FrameworkActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web FoldersActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dllActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettingsActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,InstallActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET FrameworkActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdateActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET FrameworkActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task SchedulerActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave FlashActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exeActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMPActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfigActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUPActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUPActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOEActiveX: AutorunsDisabled -Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.pspgru - C:\WINDOWS\System32\PSPGRU.acm (Philips Austria GmbH - Speech Processing)Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)CLEARALLRESTOREPOINTSRestore point Set: OTL Restore Point========== Files/Folders - Created Within 30 Days ==========[2012/12/25 16:31:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Roman\Desktop\OTL.exe[2012/12/25 13:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Desktop\RK_Quarantine[2012/12/25 13:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Application Data\QuickScan[2012/12/25 13:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro[2012/12/25 13:04:11 | 000,000,000 | ---D | C] -- C:\rsit[2012/12/25 13:00:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT[2012/12/25 12:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT[2012/12/25 12:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT[2012/12/25 12:57:57 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Roman\Desktop\erunt-setup.exe[2012/12/24 20:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee[2012/12/24 17:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Roman\Start Menu\Programs\Administrative Tools[2012/12/24 17:44:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Roman\Desktop\dds.scr[2012/12/24 17:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox[2012/12/23 17:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8[2012/12/19 08:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox[2012/12/19 08:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes[2012/12/19 08:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2012/12/19 08:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2012/12/19 08:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1[2012/12/15 07:46:58 | 000,084,432 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys[2012/12/06 19:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype[2012/12/06 19:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype[2012/12/02 11:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime[2012/12/02 11:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime[2012/12/02 10:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Application Data\Hewlett-Packard[2012/12/02 10:03:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Roman\My Documents\HP Photo Creations[2012/12/02 10:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Application Data\Visan[2012/12/02 10:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan[2012/12/02 10:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations[2012/12/02 10:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations[2012/12/02 09:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant[2012/12/02 09:36:42 | 000,580,712 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5912.dll[2012/12/02 09:36:40 | 001,979,280 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanTRDrv_OJ8600.dll[2012/12/02 09:36:40 | 000,495,504 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_OJ8600.dll[2012/12/02 09:36:36 | 002,216,336 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkins5912.exe[2012/12/02 09:36:36 | 000,529,808 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5912.dll[2012/12/02 09:36:36 | 000,268,688 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5912LM.dll[2012/12/02 09:36:36 | 000,220,560 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5912.dll[2012/11/28 05:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\My Documents\Wireshark[2012/11/26 18:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Application Data\Wireshark[2012/11/26 18:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap[2012/11/26 18:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap[2012/11/26 18:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark[2009/08/20 17:59:23 | 003,902,784 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Roman\gosetup.exe[2009/05/18 18:24:08 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Roman\gotomypc_438.exe[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2012/12/25 16:31:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roman\Desktop\OTL.exe[2012/12/25 16:25:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job[2012/12/25 15:54:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job[2012/12/25 15:48:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job[2012/12/25 14:00:12 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job[2012/12/25 13:27:24 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BDE7133C-82B2-4BF4-85C5-B5D91B4A4BA3}.job[2012/12/25 13:25:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job[2012/12/25 13:23:56 | 000,758,272 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\RogueKiller.exe[2012/12/25 13:09:27 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\SecurityCheck.exe[2012/12/25 13:02:36 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\RSIT.exe[2012/12/25 12:59:11 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\NTREGOPT.lnk[2012/12/25 12:59:11 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\ERUNT.lnk[2012/12/25 12:57:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Roman\Desktop\erunt-setup.exe[2012/12/25 10:10:01 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job[2012/12/24 20:40:04 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job[2012/12/24 17:44:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Roman\Desktop\dds.scr[2012/12/24 06:23:12 | 000,001,659 | ---- | M] () -- C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk[2012/12/24 06:22:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl[2012/12/24 06:21:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2012/12/24 06:21:27 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT[2012/12/24 06:21:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs[2012/12/23 17:40:01 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk[2012/12/23 16:36:23 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\Microsoft Word 2010.lnk[2012/12/21 09:34:21 | 000,001,005 | ---- | M] () -- C:\WINDOWS\wsftppro.INI[2012/12/21 07:28:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2012/12/21 07:14:04 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Dropbox.lnk[2012/12/21 07:13:07 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\Dropbox.lnk[2012/12/19 08:24:14 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk[2012/12/18 07:54:50 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe[2012/12/18 07:54:50 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll[2012/12/12 06:14:44 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2012/12/12 06:13:08 | 002,001,455 | ---- | M] () -- C:\WINDOWS\iis6.BAK[2012/12/08 15:03:47 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk[2012/12/06 19:36:54 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk[2012/12/02 11:08:38 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk[2012/12/02 10:00:39 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\HP Printer Doctor.lnk[2012/12/02 09:45:51 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\HP Printing Software.url[2012/12/02 09:36:42 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8600.lnk[2012/12/02 09:36:42 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk[2012/12/02 08:05:27 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\Microsoft Excel 2010.lnk[2012/11/26 18:49:53 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ][2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2012/12/25 13:23:53 | 000,758,272 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\RogueKiller.exe[2012/12/25 13:09:27 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\SecurityCheck.exe[2012/12/25 13:02:32 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\RSIT.exe[2012/12/25 12:59:11 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\NTREGOPT.lnk[2012/12/25 12:59:11 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\ERUNT.lnk[2012/12/23 17:40:01 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk[2012/12/21 07:14:04 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Dropbox.lnk[2012/12/19 08:24:14 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk[2012/12/18 06:54:02 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job[2012/12/02 11:08:38 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk[2012/12/02 10:02:04 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk[2012/12/02 10:02:03 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job[2012/12/02 10:00:39 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\HP Printer Doctor.lnk[2012/12/02 09:44:15 | 000,000,279 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\HP Printing Software.url[2012/12/02 09:38:44 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk[2012/12/02 09:36:42 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk[2012/12/02 09:36:41 | 000,001,945 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8600.lnk[2012/11/26 18:49:53 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1[2012/11/26 18:49:22 | 000,001,481 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk[2012/10/28 15:20:30 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini[2012/06/17 07:11:35 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\Roman\GoToAssistDownloadHelper.exe[2012/02/16 19:57:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll[2012/01/30 06:29:00 | 002,473,151 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1687530015-1697978249-4202760790-1004-0.dat[2012/01/30 06:28:56 | 000,297,042 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat[2011/12/25 07:55:52 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc[2011/12/17 11:48:59 | 000,002,560 | ---- | C] () -- C:\Documents and Settings\Roman\repl.dat[2011/12/16 08:09:43 | 000,002,560 | ---- | C] () -- C:\WINDOWS\repl.dat[2011/09/29 17:20:07 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini[2011/09/29 17:19:02 | 000,068,951 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp[2011/09/29 17:19:02 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp[2011/08/19 04:26:20 | 010,919,784 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll[2011/08/19 04:26:20 | 000,338,136 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll[2011/08/19 04:26:20 | 000,103,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll[2011/06/27 21:34:03 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data[2011/05/04 21:13:28 | 000,021,907 | ---- | C] () -- C:\Documents and Settings\Roman\Application Data\Microsoft Excel.ADR[2011/04/11 14:40:24 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\corelcreatorpm.dll[2011/03/05 19:25:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat[2011/02/27 07:38:36 | 000,001,128 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat[2011/02/18 22:02:48 | 000,060,052 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat[2010/10/21 16:49:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Roman\Local Settings\Application Data\fusioncache.dat[2010/03/02 19:57:59 | 000,003,638 | ---- | C] () -- C:\Documents and Settings\Roman\Application Data\SAS7_000.DAT[2009/07/17 12:55:36 | 000,300,848 | ---- | C] ( ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe[2009/07/17 12:55:34 | 000,009,960 | ---- | C] () -- C:\Documents and Settings\All Users\invokesi.exe[2008/11/23 15:14:30 | 000,066,360 | ---- | C] () -- C:\Documents and Settings\Roman\g2ax_expert_downloadhelper_win32_x86.exe[2008/11/22 10:38:36 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Roman\default.pls[2008/11/06 20:15:14 | 000,023,139 | ---- | C] () -- C:\Documents and Settings\Roman\Application Data\Comma Separated Values (Windows).ADR========== ZeroAccess Check ==========[2008/10/31 20:23:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 11:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 11:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both========== Custom Scans ==========< %ALLUSERSPROFILE%\Application Data\*. >[2012/12/19 08:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1[2012/11/23 13:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe[2008/09/05 20:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead[2011/02/14 18:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple[2011/02/12 07:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer[2011/07/15 18:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications[2009/05/27 18:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge[2012/06/17 07:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix[2011/07/09 16:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel[2011/07/02 11:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel PDF Fusion[2009/10/15 06:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink[2011/07/29 17:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet[2011/09/10 02:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater[2012/12/02 09:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP[2012/12/08 15:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations[2012/12/02 09:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant[2010/03/02 19:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield[2010/01/29 18:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit[2010/09/26 07:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage[2010/02/12 19:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd[2011/12/03 19:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech[2012/11/18 08:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2012/11/14 03:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee[2012/10/29 15:39:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft[2012/12/12 06:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help[2012/11/22 06:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla[2009/08/01 07:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS[2011/12/30 11:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance[2012/10/23 05:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA[2009/10/15 07:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation[2009/08/16 14:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles[2010/06/15 17:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage[2012/12/25 13:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop[2012/01/21 06:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat[2011/12/30 11:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft[2009/04/15 17:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor[2012/12/06 19:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype[2010/01/27 06:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun[2008/10/29 07:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec[2012/12/25 16:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp[2012/12/02 10:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan[2010/09/26 07:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc[2008/09/05 21:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage[2011/12/30 11:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon[2011/02/12 07:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}< %ALLUSERSPROFILE%\Application Data\*.exe /s >[2012/08/21 13:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe[2012/08/21 13:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe[2012/12/19 08:18:42 | 000,077,288 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 11.0.1.12\SetupAdmin.exe[2009/05/27 18:23:02 | 000,599,304 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Controller.exe[2009/05/27 18:23:14 | 000,626,440 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Customer.exe[2009/05/27 18:22:51 | 000,353,544 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe[2011/04/11 09:46:50 | 115,760,736 | ---- | M] (Corel Corporation ) -- C:\Documents and Settings\All Users\Application Data\Corel PDF Fusion\1.0.0\CorelPDFFusionInstaller_x64_EN.exe[2011/04/11 09:44:38 | 099,148,288 | ---- | M] (Corel Corporation ) -- C:\Documents and Settings\All Users\Application Data\Corel PDF Fusion\1.0.0\CorelPDFFusionInstaller_x86_EN.exe[2011/06/05 20:41:34 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe[2011/06/05 20:41:34 | 000,206,112 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\dwusplay.exe[2011/06/05 20:41:34 | 000,402,720 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISDM.exe[2011/06/05 20:41:34 | 000,087,328 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\issch.exe[2011/06/05 20:41:34 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe[2011/11/18 05:11:00 | 000,185,472 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exe[2012/12/08 15:03:46 | 000,304,256 | ---- | M] (Visan / RocketLife) -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\PhotoProductCore.exe[2012/12/08 15:03:46 | 000,161,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\PhotoProductReg.exe[2011/02/11 18:26:04 | 000,265,560 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE[2010/11/29 18:26:12 | 000,026,456 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe[2010/11/29 18:26:12 | 000,026,456 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Hab\Custom\billmind.exe[2010/11/29 18:26:12 | 000,026,456 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe[2010/11/29 18:26:12 | 000,026,456 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe[2010/05/12 15:42:06 | 000,046,904 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Application Data\Logitech\LWS\PrivacyShades\LWS_PrivacyShade_Uninstall.exe[2011/05/25 01:09:21 | 000,194,152 | ---- | M] (NVIDIA Corporation) -- C:\Documents and Settings\All Users\Application Data\NVIDIA\Updatus\WLMerger.exe[2010/06/12 16:18:42 | 000,036,864 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Temp\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\PostBuild.exe[2010/04/10 17:15:10 | 000,036,864 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Temp\{516A7A9D-5659-4DF1-ADCA-3AB2770664F6}\PostBuild.exe[2010/06/12 16:17:59 | 000,036,864 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Temp\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\PostBuild.exe< %APPDATA%\*. >[2009/12/07 18:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Adobe[2008/11/02 11:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\AdobeUM[2011/10/16 10:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Ahead[2012/11/25 09:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Amazon[2011/11/18 20:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Apple Computer[2011/03/08 20:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Ascendo[2011/12/25 07:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\AuctionSentry[2009/12/07 18:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1[2010/04/10 17:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\CyberLink[2012/12/25 16:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Dropbox[2012/05/08 20:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\DTV[2011/07/29 17:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\FLEXnet[2010/12/27 07:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\GetRightToGo[2009/08/01 20:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Google[2008/11/01 11:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Help[2012/12/02 10:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Hewlett-Packard[2012/12/02 09:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\HpUpdate[2010/10/30 19:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\ID Vault[2008/09/05 20:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Identities[2008/09/05 20:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\InstallShield[2008/12/12 16:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\InterTrust[2010/01/29 18:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Intuit[2008/11/02 08:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Ipswitch[2010/01/27 19:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Leadertech[2008/10/30 21:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Macromedia[2012/11/18 08:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Malwarebytes[2012/06/17 06:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\McAfee[2012/12/08 12:51:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Roman\Application Data\Microsoft[2011/11/05 11:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Mozilla[2011/02/22 06:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Nolo[2011/12/30 11:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Nuance[2012/10/23 06:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\NVIDIA[2010/06/15 17:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Office Genuine Advantage[2008/11/22 06:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Quicken WillMaker[2012/12/25 13:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\QuickScan[2008/09/05 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\SampleView[2012/12/07 05:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Skype[2011/05/01 09:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\skypePM[2008/11/09 12:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Sun[2008/09/05 21:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Symantec[2012/12/23 17:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\TeamViewer[2010/04/11 06:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Uniblue[2012/12/02 10:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Visan[2012/11/09 15:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\webex[2011/07/17 18:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Windows Desktop Search[2011/07/17 18:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Windows Search[2012/11/27 18:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Wireshark[2011/12/30 11:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Zeon< %APPDATA%\*.exe /s >[2012/12/21 00:41:32 | 028,539,728 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe[2012/12/21 00:42:04 | 000,203,416 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\DropboxUninstaller.exe[2012/04/12 01:46:46 | 000,872,040 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\DropboxUpdateHelper.exe[2012/05/24 13:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Uninstall.exe[2010/02/18 21:04:43 | 000,038,784 | ---- | M] () -- C:\Documents and Settings\Roman\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe[2012/08/21 13:42:04 | 000,509,280 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Roman\Application Data\McAfee\Supportability\MVTLogs\mfehidin.exe[2012/12/02 09:43:47 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{069730C2-755A-485B-A205-27A1AAFA836A}\ARPPRODUCTICON.exe[2012/09/30 10:13:49 | 000,017,006 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_0385F1E82453815F656276.exe[2012/09/30 10:13:49 | 000,017,006 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_05B106666D04F6BA8A2E9A.exe[2012/09/30 10:13:49 | 000,017,006 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_2699BB552378E37916F4D2.exe[2012/09/30 10:13:49 | 000,017,006 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_853F67D554F05449430E7E.exe[2012/09/30 10:13:49 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_EB83BA19A4CD2A871AC3B4.exe[2011/12/03 19:22:33 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe[2012/05/08 20:37:51 | 000,063,080 | R--- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe[2009/01/09 18:54:05 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\ARPPRODUCTICON.exe[2009/01/09 18:54:05 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\DocumentationShortcu_EDEA8AB776834ED2AA19E6C078064C0D.exe[2012/10/31 19:34:26 | 000,544,160 | ---- | M] (Hewlett-Packard) -- C:\Documents and Settings\Roman\Application Data\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\SmartPrintUpdate.exe< %SYSTEMDRIVE%\*.exe >[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe< c:|Fun4IM;true;true;true; /FP >< c:|Bandoo;true;true;true; /FP >< c:|Searchn;true;true;true; /FP >< c:|Searchq;true;true;true; /FP >< c:|datamngr;true;true;true; /FP >< c:|iLivid;true;true;true; /FP >< c:|whitesmoke;true;true;true; /FP >< %USERPROFILE%\..|smtmp;true;true;true /FP >< %systemroot%\*. /mp /s >========== Files - Unicode (All) ==========[2012/02/15 06:28:23 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\헠ΰ[2012/02/15 06:28:23 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\헠ΰ========== Alternate Data Streams ==========@Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0574215C@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0FF263E8@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:F35A93AD@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D95ACC7D< End of report > Link to post Share on other sites More sharing options...
rplusr Posted December 25, 2012 Author ID:626854 Share Posted December 25, 2012 Logs continues:OTL Extras logfile created on: 12/25/2012 4:35:43 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roman\DesktopWindows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18702)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.12 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 81.42% Memory free4.97 Gb Paging File | 4.17 Gb Available in Paging File | 83.87% Paging File freePaging file location(s): C:\pagefile.sys 2046 4092 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 462.24 Gb Total Space | 412.23 Gb Free Space | 89.18% Space Free | Partition Type: NTFSDrive E: | 74.53 Gb Total Space | 48.17 Gb Free Space | 64.63% Space Free | Partition Type: NTFSComputer Name: ZTDESKTOP | User Name: Roman | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 0"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]"Start" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]"Start" = 2========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor -- (Hewlett-Packard Co.)"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)"C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)"C:\Documents and Settings\Roman\Local Settings\Temp\7zS4947\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Roman\Local Settings\Temp\7zS4947\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS"C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 FaxApplications -- (Hewlett-Packard Co.)"C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 DigitalWizards -- (Hewlett-Packard Co.)"C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 SendFaxAppExe -- (Hewlett-Packard Co.)"C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)"C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)"C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)"C:\Documents and Settings\Roman\Local Settings\Temp\7zS1CE9\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Roman\Local Settings\Temp\7zS1CE9\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)"C:\Documents and Settings\Roman\Local Settings\Temp\7zS6902\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Roman\Local Settings\Temp\7zS6902\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)"C:\Documents and Settings\Roman\Local Settings\Temp\7zS5FB7\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Roman\Local Settings\Temp\7zS5FB7\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)"C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan"{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager"{0F2F77E4-4053-4108-B153-81F0B42EDCF4}" = WebIQ Technology Engine"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 23"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport"{38ED4745-4015-4BF0-AB17-AA4B07595137}" = Auction Sentry"{39003340-EAA2-012B-ADCD-000000000000}" = TurboTax 2009 wkyiper"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support"{46235FF7-2CBE-4A84-BEDA-87348D1F7850}" = HP Officejet Pro 8600 Help"{46CB5C9E-BE06-42B6-8B59-C037B8E93889}" = NetObjects Fusion 12.0"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection"{4FE224A2-C56D-4289-AE73-F7267BA0C9F6}" = NetObjects Fusion 12.0"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone"{5F3783B7-F809-45A7-8A92-A44B441FDA7C}" = DIRECTV Player"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan"{669B49D6-BCA8-4F7C-9248-CE5677750285}" = HP Officejet Pro 8600 Product Improvement Study"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery"{6F9C25B0-6ABF-4FB0-8793-176487F963EE}" = Nuance PDF Converter Professional 7"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7752CBAC-3B2D-43c0-98CA-A1A16CCF7E3C}" = HP Smart Print 1.1.5.2"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc"{8EAB4100-B343-41AE-A880-418746998209}" = HP Officejet Pro 8600 Basic Device Software"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector"{97BA2B90-AF72-35CF-BFDC-E06531811B20}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9CC57E3F-0478-4005-98D3-4C6850C5A6E7}" = TurboTax 2011 wkyiper"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = TEG-PCITXR 32bit Gigabit PCI Adatper"{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.81"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.81"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help"{B762B2A5-883B-454B-A586-1DF6C4528262}" = MX-950 Editor"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2"{C3334366-BCED-4D4B-A266-23E3414FC29D}" = NetObjects Fusion 10.0"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{D0EE2F91-CC20-426F-A4D5-7FFE54E55015}" = TurboTax 2010 wkyiper"{D1CDE21A-E27A-48CE-8831-3E33E793222E}" = NetObjects Fusion 12.0"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime"{DF29A0E2-DF76-4932-98A9-34B441F40486}" = Auction Sentry"{E3436EE2-D5CB-4249-840B-3A0140CC34C1}" = PhoneTools"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0"{EA5B4DB8-BF9A-4E23-B7FB-0A387A3A0E8F}" = Free JavaScript Editor 4.7"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11"{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}" = Trainz"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"384C2C6074E8C219998710CE8D95B252A3A0CBAE" = Windows Driver Package - NVIDIA (nv) Display (10/16/2010 6.14.12.6099)"4E55C63BFCAACCF944B3AA49E7999CA9BAFFE208" = Windows Driver Package - NVIDIA (nv) Display (05/15/2012 6.14.13.0142)"5A3659A1699DAACF9BD615CB9AADA1F1BF3AE327" = Windows Driver Package - NVIDIA (nv) Display (06/07/2010 6.14.12.5721)"6B499777B71FB5ACC52946DD82ECB4D02826D410" = Windows Driver Package - NVIDIA (nv) Display (02/29/2012 6.14.12.9610)"86A6EABF7537A8DD39CE93DF122356CA3E99E579" = Windows Driver Package - NVIDIA (nv) Display (08/03/2011 6.14.12.8026)"8CE3EF3AF6188C2679CF2148F39931549AA983A1" = Windows Driver Package - Logitech (LVUVC) Image (09/21/2012 13.51.823.0)"971D4E9C5CED6477B8F2A6B10A77BA64785DC7B6" = Windows Driver Package - Logitech USB (01/17/2012 13.31.1044.0)"A00DACBCF80381024878EBEE918DADEFF532AC10" = Windows Driver Package - NVIDIA (nv) Display (02/09/2012 6.14.12.9573)"A261B7217DB17A0B0C1499769911A4C2763B50AC" = Windows Driver Package - Logitech (lvrs) MEDIA (01/17/2012 13.31.1044.0)"ActiveTouchMeetingClient" = Cisco WebEx Meetings"Adobe Acrobat 5.0" = Adobe Acrobat 5.0"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"AF5EBAB19E0AC92AFFCF6BB01BC6113C68246F96" = Windows Driver Package - NVIDIA (nv) Display (04/07/2011 6.14.12.7061)"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17"BB85278BE9A24627B9133B324B11AE8AAED9B52B" = Windows Driver Package - NVIDIA (nv) Display (09/23/2012 6.14.13.0681)"CDE5ADE5BBAD3E7B3EDC2254E9B4AA5699C49243" = Windows Driver Package - NVIDIA (nv) Display (10/07/2011 6.14.12.8558)"CLRPassword Tracker" = Password Tracker Deluxe 3.62"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager"D6FC380758CCD46F9200CAD66C4A7C041CBDC50E" = Windows Driver Package - NVIDIA (nv) Display (07/09/2010 6.14.12.5896)"dcmsvc_is1" = dcmsvc 1.0"DEF5BD9CE83771293DCFAEA94AC5FADFD235B2ED" = Windows Driver Package - NVIDIA (nv) Display (03/15/2010 6.14.11.9713)"Disney Dreams" = Disney Dreams Screen Saver"Disney Epic Mickey: Prima Official eGuide" = Disney Epic Mickey: Prima Official eGuide"E9CAC95DEDD5D81AF01EF321643F69919AB4CBB0" = Windows Driver Package - Logitech (LVUVC) Image (01/17/2012 13.31.1044.0)"ED32DE45B100947E631306FC4BC656D5E8212C18" = Windows Driver Package - NVIDIA (nv) Display (05/20/2011 6.14.12.7533)"ERUNT_is1" = ERUNT 1.1j"F4BBA3D2672296BC5BDBB7527330AD1C077B1C8C" = Windows Driver Package - Logitech (lvrs) MEDIA (09/21/2012 13.51.823.0)"Family Tree Maker 2009" = Family Tree Maker 2009"Family Tree Maker 2010" = Family Tree Maker 2010"FC9E8D6BEED299828396FA9693664A5B08161EBA" = Windows Driver Package - NVIDIA (nv) Display (01/07/2011 6.14.12.6658)"Google Chrome" = Google Chrome"Google Updater" = Google Updater"HP Photo & Imaging" = HP Image Zone 4.7"HP Photo Creations" = HP Photo Creations"ie8" = Windows Internet Explorer 8"Info Center_is1" = Info Center 1.0.0.7"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager"Logitech Vid" = Logitech Vid HD"lvdrivers_12.10" = Logitech Webcam Software Driver Package"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000"McAfee Virtual Technician" = McAfee Virtual Technician"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"MSC" = McAfee SecurityCenter"NeroMultiInstaller!UninstallKey" = Nero Suite"NVIDIA Drivers" = NVIDIA Drivers"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager"Office14.SingleImage" = Microsoft Office Home and Business 2010"Paint Shop Pro 6" = Paint Shop Pro 6.02 CD"Password Safe" = Password Safe"PC Matic_is1" = PC Matic 1.1.0.44"PrintMaster Premier 4.00" = PrintMaster Premier 4.00"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009"Quicken WillMaker Plus 2011" = Quicken WillMaker Plus 2011"SyncBack_is1" = SyncBack"SystemRequirementsLab" = System Requirements Lab"TeamViewer 8" = TeamViewer 8"TurboTax 2009" = TurboTax 2009"TurboTax 2010" = TurboTax 2010"TurboTax 2011" = TurboTax 2011"Windows CE Services" = Microsoft ActiveSync 3.7"Windows Media Encoder 9" = Windows Media Encoder 9 Series"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"Windows XP Service Pack" = Windows XP Service Pack 3"WinLiveSuite_Wave3" = Windows Live Essentials"WinPcapInst" = WinPcap 4.1.2"WinZip" = WinZip"Wireshark" = Wireshark 1.8.3 (32-bit)"WS_FTP Pro" = Ipswitch WS_FTP Pro========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Dropbox" = Dropbox========== Last 20 Event Log Errors ==========[ Application Events ]Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f)Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f)Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f)Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f)Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f)Error - 12/24/2012 1:41:38 PM | Computer Name = ZTDESKTOP | Source = Microsoft Office 14 | ID = 1000Description = Faulting application outlook.exe, version 14.0.6126.5003, stamp 505b1685, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x00000000.Error - 12/24/2012 5:14:29 PM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013Description = The entry <C:\DOCUMENTS AND SETTINGS\ROMAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f)Error - 12/24/2012 5:16:54 PM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013Description = The entry <C:\DOCUMENTS AND SETTINGS\ROMAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f)Error - 12/24/2012 5:17:41 PM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013Description = The entry <C:\DOCUMENTS AND SETTINGS\ROMAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f)Error - 12/24/2012 5:17:42 PM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013Description = The entry <C:\DOCUMENTS AND SETTINGS\ROMAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details: A device attached to the system is not functioning. (0x8007001f)[ System Events ]Error - 12/21/2012 7:41:47 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.Error - 12/21/2012 7:41:51 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 12/21/2012 7:41:51 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time.Error - 12/21/2012 7:44:20 AM | Computer Name = ZTDESKTOP | Source = DCOM | ID = 10010Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.Error - 12/21/2012 7:56:51 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 12/21/2012 7:56:51 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time.Error - 12/21/2012 8:08:26 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 12/21/2012 8:08:26 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time.Error - 12/21/2012 6:30:23 PM | Computer Name = ZTDESKTOP | Source = DCOM | ID = 10010Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.Error - 12/23/2012 6:41:51 PM | Computer Name = ZTDESKTOP | Source = DCOM | ID = 10010Description = The server {0006F03A-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.< End of report > Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 26, 2012 ID:626975 Share Posted December 26, 2012 (edited) Have you seen now, lately, or at anytime....ransomware messages of any sort? If so, what was the content of the message?There will be lots to do here.If you have any open programs you started, close / exit them.Step 1 Please double-click OTL.exe to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):*****************************************************************:processeskillallprocesses:filesC:\WINDOWS\tasks\At3.jobC:\WINDOWS\tasks\At4.jobC:\WINDOWS\tasks\At1.jobC:\WINDOWS\tasks\At2.jobC:\WINDOWS\System32\-1C:\WINDOWS\System32\??recycler /alldrives:reg[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Google"=-:Commands[purity][resethosts][emptytemp][CLEARALLRESTOREPOINTS][EMPTYFLASH][emptyjava][Reboot]*****************************************************************Return to OTL. Right click in the window (under the aqua-blue bar) and choose Paste.Close any browser(s) windows that may be open.Using your mouse, click on the red-lettered button .Once you see a message box "Fix complete! Click OK to open the fix log."Click the OK buttonThe log will open in Notepad (your default text editor).Save the log. Post a copy of that log in your next reply.Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.Step 2Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsPlease disconnect any USB or external drives from the computer before you run this scan!Double-Click RogueKiller to run RogueKiller.Wait until Prescan finishes.On the RogueKiller console, click the Registry tab.Put a check next to all of these and uncheck the rest: (if found)[RUN][sUSP PATH] HKCU\[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW)[RUN][sUSP PATH] HKUS\.DEFAULT[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) [RUN][sUSP PATH] HKUS\S-1-5-19[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) [RUN][sUSP PATH] HKUS\S-1-5-20[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) [RUN][sUSP PATH] HKUS\S-1-5-21-1687530015-1697978249-4202760790-1004[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW)[RUN][sUSP PATH] HKUS\S-1-5-18[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) [services][Rans.Gendarm] HKLM\[...]\ControlSet001\Services\CorelCreatorMessages ("C:\WINDOWS\system32\CorelCreatorMessages.exe") [services][Rans.Gendarm] HKLM\[...]\ControlSet003\Services\CorelCreatorMessages ("C:\WINDOWS\system32\CorelCreatorMessages.exe") [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUNDThen click on Delete on the right hand column under Options.When done, logoff & Restart the system.The log will be found as RKreportCopy & Paste the contents into next reply.Step 3See Grinler's article herehttp://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomwareSee the section titled Automated Removal InstructionsFollow his instructions to get into Safe Mode with Networkingand do the rest of the steps listed after that (including the tool from from EmsisoftReport back with the results. Edited December 26, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
rplusr Posted December 27, 2012 Author ID:627177 Share Posted December 27, 2012 I have never seen ransomeware messages appear. I just saw the result line in one of the earlier logs. I guess this is good news.Step 1: The log for OTL is below.Step 2: RogueKiller. The prescan ran fine. There were no entries listed in the Registry tab so there was nothing to check and the delete button remained greyed-out.Step 3: Emsisoft Emergency Kit was downloaded (45 minutes) in Safe Mode and the deep scan was run (2 hours). It found 5 registry keys (medium risk) and 2 files (high risk) Trojan.Script.199943(B). They were quarantined. The files were default.htm from an old web site that I archived before I took it over created a replacement.OTL Log:All processes killed========== PROCESSES ==================== FILES ==========C:\WINDOWS\tasks\At3.job moved successfully.C:\WINDOWS\tasks\At4.job moved successfully.C:\WINDOWS\tasks\At1.job moved successfully.C:\WINDOWS\tasks\At2.job moved successfully.C:\WINDOWS\System32\-1 moved successfully.C:\WINDOWS\System32\en folder moved successfully.C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\HomeNet\McSvHost folder moved successfully.C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\HomeNet folder moved successfully.C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data\McAfee\MCLOGS folder moved successfully.C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data\McAfee folder moved successfully.C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data folder moved successfully.C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users folder moved successfully.C:\WINDOWS\System32\헠ΰ\Documents and Settings folder moved successfully.C:\WINDOWS\System32\헠ΰ folder moved successfully.C:\RECYCLER\S-1-5-21-1687530015-1697978249-4202760790-1004 folder moved successfully.C:\RECYCLER\S-1-5-18 folder moved successfully.C:\RECYCLER folder moved successfully.E:\RECYCLER\S-1-5-21-3973020173-1465058494-1690550294-1006 folder moved successfully.E:\RECYCLER\S-1-5-21-1687530015-1697978249-4202760790-1004 folder moved successfully.E:\RECYCLER\S-1-5-18 folder moved successfully.E:\RECYCLER folder moved successfully.========== REGISTRY ==========Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google not found.========== COMMANDS ==========C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfully[EMPTYTEMP]User: Administrator->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 131072 bytesUser: All UsersUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 131273 bytes->Flash cache emptied: 41661 bytesUser: LocalService->Temp folder emptied: 65536 bytes->Temporary Internet Files folder emptied: 112166 bytes->Flash cache emptied: 574 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 112233 bytesUser: Roman->Temp folder emptied: 1128986 bytes->Temporary Internet Files folder emptied: 81454072 bytes->Java cache emptied: 44717215 bytes->FireFox cache emptied: 195304863 bytes->Google Chrome cache emptied: 26037862 bytes->Flash cache emptied: 42328 bytesUser: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 177024 bytes->Flash cache emptied: 41661 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 2176856 bytes%systemroot%\System32 .tmp files removed: 2984465 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 439 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 338.00 mbRestore point Set: OTL Restore Point[EMPTYFLASH]User: AdministratorUser: All UsersUser: Default User->Flash cache emptied: 0 bytesUser: LocalService->Flash cache emptied: 0 bytesUser: NetworkServiceUser: Roman->Flash cache emptied: 0 bytesUser: UpdatusUser->Flash cache emptied: 0 bytesTotal Flash Files Cleaned = 0.00 mb[EMPTYJAVA]User: AdministratorUser: All UsersUser: Default UserUser: LocalServiceUser: NetworkServiceUser: Roman->Java cache emptied: 0 bytesUser: UpdatusUserTotal Java Files Cleaned = 0.00 mbOTL by OldTimer - Version 3.2.69.0 log created on 12262012_172140Files\Folders moved on Reboot...PendingFileRenameOperations files...Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 27, 2012 ID:627260 Share Posted December 27, 2012 Ok, good so far. But there is more to do.Turn OFF your Mcafee antivirus so that it does not interfere.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsNext, Press Windows-key+R key {to get RUN option}type incmd.exeto get a command-prompt windowNext, you will see a black box window (command prompt)it should show c:\Windows\system32>I suggest you run Windows' System File checker.there type insfc /scannowand press ENTER keyIt will say Beginning system scan. This process will take some time.Let it run and observe it from time to time.I need to know what message you see when it is done.P.s. The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.When all done, re-Enable your Antivirus program. Link to post Share on other sites More sharing options...
rplusr Posted December 27, 2012 Author ID:627410 Share Posted December 27, 2012 After turning off McAfee, I ran the sfc /scannow from the command prompt. It opened up a small window with a progress bar. The process ran to completion and the progress bar window closed with no messages. The command prompt window did not display any messages either. Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 28, 2012 ID:627718 Share Posted December 28, 2012 Logoff and Restart the system fresh.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallIf you have a prior copy of Combofix, delete it now !Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stagesIt will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop. Link 1 Link 2* IMPORTANT !!! SAVE AS Combo-Fix.exe to your DesktopIf your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on Combo-Fix.exe accept the EULA & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.------------------------------------------------------- A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. Notes:[1] IF after Combofix reboot you get the message Illegal operation attempted on registry key that has been marked for deletion....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.[2] Do not mouseclick combofix's window nor run any program while Combofix is running.That may cause it to stall.[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now ? RE-Enable your AntiVirus and AntiSpyware applications. Link to post Share on other sites More sharing options...
rplusr Posted December 28, 2012 Author ID:627745 Share Posted December 28, 2012 Ran Combo-Fix as instructed above. Everything seems to have run with about 50 stages. After re-boot, I did receive a window that stated there was an error loading: c:\documents and settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll since I see that it was deleted by Combo-Fix.ComboFix 12-12-28.02 - Roman 12/28/2012 16:10:37.1.4 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3197.2336 [GMT -5:00]Running from: c:\documents and settings\Roman\Desktop\Combo-Fix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Administrator\WINDOWSc:\documents and settings\All Users\Application Data\TEMPc:\documents and settings\All Users\Application Data\TEMP\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\PostBuild.exec:\documents and settings\All Users\Application Data\TEMP\{516A7A9D-5659-4DF1-ADCA-3AB2770664F6}\PostBuild.exec:\documents and settings\All Users\Application Data\TEMP\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\PostBuild.exec:\documents and settings\All Users\Application Data\TEMP\0574215C.TMPc:\documents and settings\All Users\invokesi.exec:\documents and settings\Default User\WINDOWSc:\documents and settings\Roman\g2ax_expert_downloadhelper_win32_x86.exec:\documents and settings\Roman\GoToAssistDownloadHelper.exec:\documents and settings\Roman\Local Settings\Application Data\assembly\tmpc:\documents and settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exec:\documents and settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dllc:\documents and settings\Roman\SendTo\notepad.exec:\documents and settings\Roman\WINDOWSc:\documents and settings\UpdatusUser\WINDOWSC:\install.exec:\windows\system32\config\systemprofile\WINDOWSc:\windows\system32\gotomon.logc:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dllc:\windows\system32\URTTempc:\windows\system32\URTTemp\fusion.dllc:\windows\system32\URTTemp\mscoree.dllc:\windows\system32\URTTemp\mscoree.dll.localc:\windows\system32\URTTemp\mscorsn.dllc:\windows\system32\URTTemp\mscorwks.dllc:\windows\system32\URTTemp\msvcr71.dllc:\windows\system32\URTTemp\regtlib.exe..((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))..2012-12-27 22:30 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys2012-12-27 22:29 . 2001-08-17 19:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll2012-12-27 22:28 . 2001-08-17 19:02 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys2012-12-27 22:27 . 2001-08-17 17:19 63360 -c--a-w- c:\windows\system32\dllcache\ess.sys2012-12-27 22:26 . 2001-08-17 17:14 952007 -c--a-w- c:\windows\system32\dllcache\diwan.sys2012-12-27 22:25 . 2001-08-17 18:51 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys2012-12-27 22:23 . 2001-08-18 03:36 15360 -c--a-w- c:\windows\system32\dllcache\brmfbidi.dll2012-12-27 22:22 . 2001-08-17 17:49 9472 -c--a-w- c:\windows\system32\dllcache\ativmdcd.sys2012-12-27 22:21 . 2006-02-28 12:00 68608 -c--a-w- c:\windows\system32\dllcache\isatq.dll2012-12-27 05:00 . 2012-12-27 05:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe2012-12-27 04:58 . 2012-12-27 04:58 -------- d-----w- c:\program files\Common Files\Java2012-12-27 04:57 . 2012-12-27 04:57 73728 ----a-w- c:\windows\system32\javacpl.cpl2012-12-27 04:57 . 2012-12-27 04:57 477168 ----a-w- c:\windows\system32\npdeployJava1.dll2012-12-27 04:55 . 2012-12-27 04:56 -------- d-----w- c:\program files\Wireshark2012-12-27 04:49 . 2012-12-27 04:49 -------- d-----w- c:\documents and settings\Roman\Local Settings\Application Data\Secunia PSI2012-12-27 04:49 . 2012-12-27 04:49 -------- d-----w- c:\program files\Secunia2012-12-26 22:21 . 2012-12-26 22:21 -------- d-----w- C:\_OTL2012-12-25 18:17 . 2012-12-25 18:17 -------- d-----w- c:\documents and settings\Roman\Application Data\QuickScan2012-12-25 18:04 . 2012-12-25 18:04 -------- d-----w- C:\rsit2012-12-25 18:04 . 2012-12-25 18:04 -------- d-----w- c:\program files\trend micro2012-12-25 17:59 . 2012-12-25 17:59 -------- d-----w- c:\program files\ERUNT2012-12-19 13:33 . 2012-12-19 13:33 -------- d-----w- c:\program files\Dropbox2012-12-19 13:23 . 2012-12-19 13:23 -------- d-----w- c:\program files\iPod2012-12-19 13:23 . 2012-12-19 13:23 -------- d-----w- c:\program files\iTunes2012-12-19 13:23 . 2012-12-19 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12012-12-15 12:46 . 2012-11-09 11:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys2012-12-14 10:46 . 2012-11-01 00:34 544160 ----a-w- c:\documents and settings\Roman\Application Data\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\SmartPrintUpdate.exe2012-12-14 10:46 . 2012-09-21 20:02 139264 ----a-w- c:\documents and settings\Roman\Application Data\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\unzip32.dll2012-12-07 00:36 . 2012-12-07 00:36 -------- d-----w- c:\program files\Common Files\Skype2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll2012-12-02 16:08 . 2012-12-02 16:08 -------- d-----w- c:\program files\QuickTime2012-12-02 15:07 . 2012-12-02 15:07 -------- d-----w- c:\documents and settings\Roman\Application Data\Hewlett-Packard2012-12-02 15:03 . 2012-12-02 15:03 -------- d-----w- c:\documents and settings\Roman\Application Data\Visan2012-12-02 15:01 . 2012-12-08 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations2012-12-02 15:01 . 2012-12-02 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Visan2012-12-02 15:01 . 2012-12-02 15:02 -------- d-----w- c:\program files\HP Photo Creations2012-12-02 14:44 . 2012-12-02 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant2012-12-02 14:36 . 2012-10-17 09:04 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll2012-12-02 14:36 . 2012-06-18 15:54 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll2012-12-02 14:36 . 2012-06-18 15:54 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll2012-12-02 14:36 . 2012-06-18 15:54 529808 ----a-w- c:\windows\system32\hpinksts5912.dll2012-12-02 14:36 . 2012-06-18 15:54 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll2012-12-02 14:36 . 2012-06-18 15:54 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll2012-12-02 14:36 . 2012-06-18 15:21 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-12-27 04:57 . 2010-05-05 23:30 473072 -c--a-w- c:\windows\system32\deployJava1.dll2012-12-18 12:54 . 2012-04-02 21:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-12-18 12:54 . 2011-05-20 21:42 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-12-16 12:23 . 2006-02-28 19:00 290560 ----a-w- c:\windows\system32\atmfd.dll2012-11-13 01:25 . 2006-02-28 19:00 1866368 ----a-w- c:\windows\system32\win32k.sys2012-11-09 11:56 . 2012-06-17 12:52 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys2012-11-09 11:53 . 2012-06-17 12:44 167344 ----a-w- c:\windows\system32\mfevtps.exe2012-11-09 11:53 . 2012-06-17 12:52 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys2012-11-09 11:52 . 2012-06-17 12:52 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys2012-11-09 11:52 . 2012-06-17 12:52 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys2012-11-09 11:51 . 2012-02-22 17:29 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys2012-11-09 11:50 . 2012-06-17 12:52 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys2012-11-09 11:50 . 2012-06-17 12:52 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys2012-11-09 11:49 . 2012-06-17 12:52 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2012-11-09 11:49 . 2012-02-22 17:29 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2012-11-02 02:02 . 2006-02-28 19:00 375296 ----a-w- c:\windows\system32\dpnet.dll2012-11-01 12:17 . 2006-02-28 19:00 916992 ----a-w- c:\windows\system32\wininet.dll2012-11-01 12:17 . 2006-02-28 19:00 43520 ----a-w- c:\windows\system32\licmgr10.dll2012-11-01 12:17 . 2006-02-28 19:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2012-11-01 00:35 . 2006-02-28 19:00 385024 ----a-w- c:\windows\system32\html.iec2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts2012-10-02 18:04 . 2006-02-28 19:00 58368 ----a-w- c:\windows\system32\synceng.dll2012-09-30 00:54 . 2012-11-18 13:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2012-12-24 22:01 . 2012-12-24 22:01 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]2012-02-10 15:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]"PDF7 Registry Controller"="c:\program files\Nuance\PDF Professional 7\RegistryController.exe" [2011-09-09 141160]"PDFProHook"="c:\program files\Nuance\PDF Professional 7\pdfpro7hook.exe" [2011-11-03 1787752]"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-09-26 24216]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2012-09-21 466648].c:\documents and settings\Roman\Start Menu\Programs\Startup\Dropbox.lnk - c:\documents and settings\Roman\Application Data\Dropbox\bin\Dropbox.exe [2012-12-21 28539728]Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe [2006-2-28 33280].[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkbackup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0).[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"="c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"="c:\\Documents and Settings\\Roman\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"="c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"="c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"="c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=.R1 A2DDA;A2 Direct Disk Access Support Driver;c:\documents and settings\Roman\Desktop\Run\a2ddax86.sys [12/27/2012 12:17 AM 17904]R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/17/2012 7:52 AM 91168]R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 10:28 AM 193816]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/17/2012 7:52 AM 167784]R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/17/2012 7:52 AM 167784]R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/17/2012 7:52 AM 167784]R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [6/17/2012 7:52 AM 168880]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/17/2012 7:44 AM 167344]R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088]R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [1/21/2012 6:53 AM 86216]R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [11/26/2012 9:09 AM 659040]R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [12/23/2012 5:39 PM 3467768]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [6/17/2012 7:52 AM 60480]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [6/17/2012 7:52 AM 362640]R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/15/2012 7:46 AM 84432]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [9/5/2008 8:27 PM 277376]S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 10:28 AM 240408]S3 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [6/5/2011 7:12 PM 296808]S3 gupdate1ca13132833f7e2;Google Update Service (gupdate1ca13132833f7e2);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2009 8:47 PM 133104]S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [11/14/2012 3:42 AM 146872]S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/15/2012 7:46 AM 84432]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/17/2012 7:52 AM 92192]S3 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 7\PDFProFiltSrv.exe [9/9/2011 1:13 AM 135016]S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [11/26/2012 9:09 AM 1225312]S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 12:21 PM 160944]S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11/9/2009 12:12 PM 25088]S3 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 4:26 AM 450848]S4 CorelCreatorMessages;CorelCreatorMessages;"c:\windows\system32\CorelCreatorMessages.exe" --> c:\windows\system32\CorelCreatorMessages.exe [?].--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL*Deregistered* - mfeavfk01.Contents of the 'Scheduled Tasks' folder.2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:54].2012-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57].2012-12-28 c:\windows\Tasks\Google Software Updater.job- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-02 07:59].2012-12-28 c:\windows\Tasks\HP Photo Creations Communicator.job- c:\documents and settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2011-11-18 10:11].2012-12-28 c:\windows\Tasks\User_Feed_Synchronization-{BDE7133C-82B2-4BF4-85C5-B5D91B4A4BA3}.job- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.localuSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%sIE: Open with Nuance PDF Converter 7 - c:\program files\Nuance\PDF Professional 7\cnvres_eng.dll /100Trusted Zone: intuit.com\ttlcTrusted Zone: microsoft.com\*.updateTrusted Zone: windowsupdate.com\downloadTrusted Zone: xmradio.com\xmroTCP: DhcpNameServer = 192.168.0.1DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} - hxxps://www.mydlink.com/8D/activeX//TunnelX.ocxFF - ProfilePath - c:\documents and settings\Roman\Application Data\Mozilla\Firefox\Profiles\43597dhz.default\FF - prefs.js: browser.search.selectedEngine - Secure SearchFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=FF - prefs.js: network.proxy.type - 0FF - ExtSQL: 2012-12-02 09:58; quickprint@hp.com; c:\program files\Hewlett-Packard\SmartPrint\QPExtensionFF - user.js: general.useragent.extra.brc - BRI/1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKCU-Run-PCShowServer - c:\documents and settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exeHKCU-Run-Google - c:\documents and settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dllHKU-Default-Run-Google - c:\documents and settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2012-12-28 16:16Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ....scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(2120)c:\windows\system32\WININET.dllc:\progra~1\mcafee\SITEAD~1\saHook.dllc:\program files\TeamViewer\Version8\tv_w32.dllc:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dllc:\progra~1\WINDOW~2\wmpband.dllc:\windows\system32\ieframe.dllc:\windows\system32\msi.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\WS_FTP Pro\nsftpch.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\nvsvc32.exec:\windows\system32\SearchIndexer.exec:\program files\Common Files\McAfee\SystemCore\mcshield.exec:\program files\TeamViewer\Version8\TeamViewer.exec:\program files\TeamViewer\Version8\tv_w32.exec:\program files\iPod\bin\iPodService.exec:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exec:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exec:\windows\system32\wscntfy.exec:\windows\system32\SearchProtocolHost.exec:\windows\system32\SearchFilterHost.exe.**************************************************************************.Completion time: 2012-12-28 16:21:46 - machine was rebootedComboFix-quarantined-files.txt 2012-12-28 21:21.Pre-Run: 441,686,290,432 bytes freePost-Run: 441,737,011,200 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect.- - End Of File - - 05783A3BE586A87E7C50581B37E5A94A Link to post Share on other sites More sharing options...
rplusr Posted December 28, 2012 Author ID:627762 Share Posted December 28, 2012 Browser Testing: I re-booted to get a fresh start and tested IE, Firefox, and Chrome. Directly entered links and bookmarked links were not a problem before and are not now. When searching from Google.com and clicking on a link, the page opened correctly and no longer seems to re-direct to the rouge sites.My other main applications like Outlook and Quicken seem to work correctly and the overall response on the PC seems to have improved somewhat. Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 30, 2012 ID:628463 Share Posted December 30, 2012 (edited) Good results, then. Good going.Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Accept the EULA & Download the latest version of >> Windows Offline << from here and save it to your desktop.Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating systemClose any programs you may have running - especially your web browser(s).Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-7u10-windows-i586.exe to install the newest version.( jre-7u10-windows-x64.exe if this is a 64-bit Windows o.s.)After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button.Next, click on the Delete Files buttonThere are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files[*]Click OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.[*]Click OK to leave the Temporary Files WindowSmall tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:Click Advanced Tab. Expand the Miscellaneous item.UN-check the line Java quick starterPress Apply then OK. Close the applet when done.Adobe ReaderOlder versions of Adobe Reader pose a potential security risk.De-install your Adobe Reader: Use Control Panel's Add-or-Remove Programs, Un-install Adobe Reader. Get latest Adobe Reader versionhttp://get.adobe.com/reader/Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )I see that you are clear of your original issues. You are good to go after the following cleanups.If you have a problem with these steps, or something does not quite work here, do let me know.The following few steps will remove tools we used.We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it Combo-Fix ), put that name in the RUN box stated just below. The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.Note the space after exe and before the slash mark.The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.Click Start, then click Run. In the text box that opens, type or copy/paste c:\documents and settings\Roman\Desktop\Combo-Fix.exe /uninstall and then click OK.IF in the case Combofix un-install has an issue, skip that step.Download OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.ERUNT you should keep and use on a periodic basis to backup Windows registry.Delete the following if still present:RSIT.exeSecurityCheck.exeRogueKiller.exeUse Control Panel's Add-or-Remove Programs, Un-install BitDefender Quickscan if presentSafer practices & malware preventionHave a hardware router between the incoming internet-modem and your computer. Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.Check in at Windows Update and install any Important or Critical Updates offered.Make certain that Automatic Updates is enabled.How to configure and use Automatic Updates in Windowshttp://support.microsoft.com/kb/306525Check on other update issues as well, visit Secunia Online Software Inspector (OSI)See How to detect vulnerable and out-dated programs using Secunia Personal Software InspectorDownload, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and MalwareI'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm That would help to keep your browser away from known spyware/malware sites. Make regular backups of your system to removable media: DVD, USB external hard drive, etc.Having a total image backup of your system stored on DVD/CD is highly important.Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.aspor Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.htmlConsider using Web of Trust WOT add-on for your browser(s)http://www.mywot.com/en/downloadhttp://www.mywot.com/en/faq/add-onOn some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:ESET Online ScannerBitDefender Quickscan Trend Micro HousecallF-Secure Online Scanner Microsoft Safety Scanner Panda ActiveScan See Six tips to help you stay safer online Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !We are finished here. Best regards. Edited December 30, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
rplusr Posted December 30, 2012 Author ID:628506 Share Posted December 30, 2012 Great!I uninstalled and replaced both Java and Acrobat Reader with the most current versions per the instructions.I uninstalled all the tools used during our sessions (except for ERUNT) and will be looking at your recommendations once my PC is verified as running well over then next few days.Thanks for the help. Your directions were clear and your responses timely. Have a great New Year! Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 30, 2012 ID:628508 Share Posted December 30, 2012 Very Happy New Year to you. Link to post Share on other sites More sharing options...
Recommended Posts