Jump to content
rplusr

Infected with Trojan.Happili

Recommended Posts

I noticed intermittent redirects in IE and Firefox when clicking links from Google searches. Ran Malwarebytes and got a hit on Trojan.Happili. Logs show quarantined and deleted. Rebooted and keep getting the same type of re-directs. Could use some of that expert help please.

Requested logs follow:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Roman at 17:45:10 on 2012-12-24

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3197.2412 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\TeamViewer\Version8\TeamViewer.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\TeamViewer\Version8\tv_w32.exe

C:\Program Files\dcmsvc\dcmsvc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe

C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe

C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\Hewlett-Packard\SmartPrint\bootstrap.exe

C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

c:\PROGRA~1\mcafee\SITEAD~1\saui.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: AutorunsDisabled - <orphaned>

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: HP Smart Print BHO: {1658D3A1-9E13-4196-A82A-D70D70880F36} - c:\program files\hewlett-packard\smartprint\QuickPrintBHO.dll

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll

BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - c:\program files\nuance\pdf professional 7\bin\PlusIEContextMenu.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: WsftpBrowserHelper Class: {601ED020-FB6C-11D3-87D8-0050DA59922B} - c:\program files\ws_ftp pro\wsbho2k0.dll

BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: DocuCom PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - c:\program files\nuance\pdf professional 7\bin\ZeonIEFavClient.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [iSUSPM] "c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe" -scheduler

uRun: [PCShowServer] c:\documents and settings\roman\local settings\application data\directv player\PCShowServerPMWrapper.exe

uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN28SBWG2P05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1

uRun: [Google] rundll32 "c:\documents and settings\roman\local settings\application data\hp\google\eqsnx.dll",CreateIScalerW

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide

mRun: [PDF7 Registry Controller] c:\program files\nuance\pdf professional 7\RegistryController.exe

mRun: [PDFProHook] c:\program files\nuance\pdf professional 7\pdfpro7hook.exe

mRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [Google] rundll32 "c:\documents and settings\roman\local settings\application data\hp\google\eqsnx.dll",CreateIScalerW

dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0

StartupFolder: c:\docume~1\roman\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\roman\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\roman\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

IE: Open with Nuance PDF Converter 7 - c:\program files\nuance\pdf professional 7\cnvres_eng.dll /100

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\HPQuickPrintLauncher.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} - hxxps://www.mydlink.com/8D/activeX//TunnelX.ocx

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab

DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP6EP1-15324/webex/ieatgpc.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{53371D86-939F-42EB-8692-365423C01C6D} : DHCPNameServer = 192.168.0.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll

Handler: AutorunsDisabled - <Clsid value has no data>

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll

WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll

WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll

WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll

WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll

WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\roman\application data\mozilla\firefox\profiles\43597dhz.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\all users\application data\visan\plugins\npRLSecurePluginLayer.dll

FF - plugin: c:\documents and settings\roman\local settings\application data\directv player\npPCShowPlugin.dll

FF - plugin: c:\documents and settings\roman\local settings\application data\directv player\npPlayerPlugin.dll

FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll

FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\windows\npMSDM.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - ExtSQL: 2012-12-02 09:58; quickprint@hp.com; c:\program files\hewlett-packard\smartprint\QPExtension

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc - BRI/1

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-2-22 565352]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2012-6-17 91168]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-17 167784]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-17 167784]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-17 167784]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-6-17 167784]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-6-17 203400]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-6-17 168880]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-6-17 167344]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]

R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2012-1-21 86216]

R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-23 3467768]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-6-17 60480]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-6-17 234824]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-6-17 362640]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-15 84432]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-9-5 277376]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-5 296808]

S3 gupdate1ca13132833f7e2;Google Update Service (gupdate1ca13132833f7e2);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]

S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-11-14 146872]

S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-6-17 65488]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-15 84432]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-6-17 92192]

S3 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 7\PDFProFiltSrv.exe [2011-9-9 135016]

S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2009-11-9 25088]

S3 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 CorelCreatorMessages;CorelCreatorMessages;"c:\windows\system32\corelcreatormessages.exe" --> c:\windows\system32\CorelCreatorMessages.exe [?]

.

=============== Created Last 30 ================

.

2012-12-19 13:33:59 -------- d-----w- c:\program files\Dropbox

2012-12-19 13:23:29 -------- d-----w- c:\program files\iPod

2012-12-19 13:23:25 -------- d-----w- c:\program files\iTunes

2012-12-19 13:23:25 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-15 12:46:58 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2012-12-15 12:46:51 33944 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll

2012-12-14 10:46:14 544160 ----a-w- c:\documents and settings\roman\application data\microsoft\internet explorer\hewlett-packard\smartprint\SmartPrintUpdate.exe

2012-12-14 10:46:14 139264 ----a-w- c:\documents and settings\roman\application data\microsoft\internet explorer\hewlett-packard\smartprint\unzip32.dll

2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-12-02 16:08:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-12-02 16:08:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2012-12-02 15:03:07 -------- d-----w- c:\documents and settings\roman\application data\Visan

2012-12-02 15:01:52 -------- d-----w- c:\program files\HP Photo Creations

2012-12-02 15:01:52 -------- d-----w- c:\documents and settings\all users\application data\Visan

2012-12-02 15:01:52 -------- d-----w- c:\documents and settings\all users\application data\HP Photo Creations

2012-12-02 14:36:42 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll

2012-12-02 14:36:40 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll

2012-12-02 14:36:40 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll

2012-12-02 14:36:36 529808 ----a-w- c:\windows\system32\hpinksts5912.dll

2012-12-02 14:36:36 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll

2012-12-02 14:36:36 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe

2012-12-02 14:36:36 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll

2012-11-26 23:55:27 -------- d-----w- c:\documents and settings\roman\application data\Wireshark

2012-11-26 23:49:51 -------- d-----w- c:\program files\WinPcap

2012-11-26 23:49:18 -------- d-----w- c:\program files\Wireshark

2012-11-25 14:33:48 -------- d-----w- c:\program files\Amazon

2012-11-25 12:28:45 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2012-11-25 12:28:44 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll

2012-11-25 12:28:44 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll

2012-11-25 12:28:43 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe

2012-11-25 12:28:43 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe

.

==================== Find3M ====================

.

2012-12-18 12:54:50 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-18 12:54:50 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-09 11:56:16 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-11-09 11:53:22 167344 ----a-w- c:\windows\system32\mfevtps.exe

2012-11-09 11:53:02 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2012-11-09 11:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-11-09 11:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-11-09 11:51:12 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-11-09 11:50:20 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-11-09 11:50:00 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-11-09 11:49:40 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-11-09 11:49:10 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec

2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-24 20:08:38 1101436 -c--a-w- c:\windows\system32\nvdrsdb1.bin

2012-10-24 20:08:38 1 -c--a-w- c:\windows\system32\nvdrssel.bin

2012-10-24 20:04:23 1101436 -c--a-w- c:\windows\system32\nvdrsdb0.bin

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-30 00:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 15:32:56 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-09-28 15:32:56 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys

.

============= FINISH: 17:45:43.87 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 10/28/2008 9:11:13 AM

System Uptime: 12/24/2012 6:21:14 AM (11 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5N73-AM

Processor: Intel® Core™2 Quad CPU Q6700 @ 2.66GHz | Socket 775 | 2666/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 462 GiB total, 412.18 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 75 GiB total, 48.17 GiB free.

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: NVIDIA nForce Networking Controller

Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV07DC\4&1BE66D70&1&000

Manufacturer: NVIDIA

Name: NVIDIA nForce 10/100 Mbps Ethernet

PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV07DC\4&1BE66D70&1&000

Service: NVENETFD

.

==== System Restore Points ===================

.

RP1500: 12/22/2012 4:37:33 PM - System Checkpoint

RP1501: 12/23/2012 6:00:42 PM - System Checkpoint

.

==== Installed Programs ======================

.

7300

7300_Help

7300Trb

Adobe Acrobat 5.0

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 8.3.1

AiO_Scan

AiOSoftware

Amazon MP3 Downloader 1.0.17

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Auction Sentry

Bing Bar

Bing Rewards Client Installer

Bonjour

BufferChm

CameraHelperMsi

Cisco WebEx Meetings

Compatibility Pack for the 2007 Office system

Conexant HSF V92 56K RTAD Speakerphone PCI Modem

Copy

CP_AtenaShokunin1Config

cp_dwShrek2Albums1

cp_dwShrek2Cards1

CreativeProjects

CreativeProjectsTemplates

CueTour

dcmsvc 1.0

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

Director

DIRECTV Player

Disney Dreams Screen Saver

Disney Epic Mickey: Prima Official eGuide

DocProc

DocumentViewer

Dragon NaturallySpeaking 11

Dropbox

erLT

Family Tree Maker 2009

Family Tree Maker 2010

Fax

Free JavaScript Editor 4.7

Google Chrome

Google Earth

Google Update Helper

Google Updater

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB954550-v5)

HP FWUpdateEDO2

HP Image Zone 4.7

HP Officejet Pro 8600 Basic Device Software

HP Officejet Pro 8600 Help

HP Officejet Pro 8600 Product Improvement Study

HP Photo Creations

HP Product Assistant

HP Product Detection

HP PSC & OfficeJet 4.7

HP Smart Print 1.1.5.2

HP Update

HPSystemDiagnostics

I.R.I.S. OCR

Info Center 1.0.0.7

InstantShare

InstantShareAlert

Ipswitch WS_FTP Pro

iSEEK AnswerWorks English Runtime

iTunes

Java Auto Updater

Java™ 6 Update 23

LightScribe 1.4.44.1

Logitech Vid HD

Logitech Webcam Software

Logitech Webcam Software Driver Package

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS VideoEffects

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.65.1.1000

McAfee SecurityCenter

McAfee Virtual Technician

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft ActiveSync 3.7

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Download Manager

Microsoft Office 2003 Primary Interop Assemblies

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Home and Business 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Edition 2003

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Primary Interoperability Assemblies 2005

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

Microsoft Works 6-9 Converter

Microsoft WSE 3.0

Mozilla Firefox 17.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MultiScreen

MX-950 Editor

Nero Suite

NetObjects Fusion 10.0

NetObjects Fusion 12.0

Nuance PDF Converter Professional 7

NVIDIA Control Panel 306.81

NVIDIA Drivers

NVIDIA Graphics Driver 306.81

NVIDIA Install Application

NVIDIA nView 136.28

NVIDIA nView Desktop Manager

NVIDIA Update 1.10.8

NVIDIA Update Components

OGA Notifier 2.0.0048.0

Paint Shop Pro 6.02 CD

PanoStandAlone

Password Safe

Password Tracker Deluxe 3.62

PC Matic 1.1.0.44

PhoneTools

PhotoGallery

Platform

PowerDVD

PrintMaster Premier 4.00

ProductContext

QFolder

Quicken 2011

Quicken WillMaker Plus 2009

Quicken WillMaker Plus 2011

QuickTime

Readme

Scan

ScannerCopy

Scansoft PDF Professional

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB923789)

Segoe UI

Shared C Run-time for x86

SkinsHP1

Skype Click to Call

Skype™ 6.0

SyncBack

System Requirements Lab

TeamViewer 8

TEG-PCITXR 32bit Gigabit PCI Adatper

Trainz

TrayApp

TRS2004

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wkyiper

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wkyiper

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wkyiper

TurboTax 2011 wrapper

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2749655)

VIA Platform Device Manager

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking

Visual C++ Runtime for Dragon NaturallySpeaking

Visual Studio 2005 Tools for Office Second Edition Runtime

Warner Bros. Digital Copy Manager

WebFldrs XP

WebIQ Technology Engine

WebReg

Windows 7 Upgrade Advisor

Windows Driver Package - Logitech (lvrs) MEDIA (01/17/2012 13.31.1044.0)

Windows Driver Package - Logitech (lvrs) MEDIA (09/21/2012 13.51.823.0)

Windows Driver Package - Logitech (LVUVC) Image (01/17/2012 13.31.1044.0)

Windows Driver Package - Logitech (LVUVC) Image (09/21/2012 13.51.823.0)

Windows Driver Package - Logitech USB (01/17/2012 13.31.1044.0)

Windows Driver Package - NVIDIA (nv) Display (01/07/2011 6.14.12.6658)

Windows Driver Package - NVIDIA (nv) Display (02/09/2012 6.14.12.9573)

Windows Driver Package - NVIDIA (nv) Display (02/29/2012 6.14.12.9610)

Windows Driver Package - NVIDIA (nv) Display (03/15/2010 6.14.11.9713)

Windows Driver Package - NVIDIA (nv) Display (04/07/2011 6.14.12.7061)

Windows Driver Package - NVIDIA (nv) Display (05/15/2012 6.14.13.0142)

Windows Driver Package - NVIDIA (nv) Display (05/20/2011 6.14.12.7533)

Windows Driver Package - NVIDIA (nv) Display (06/07/2010 6.14.12.5721)

Windows Driver Package - NVIDIA (nv) Display (07/09/2010 6.14.12.5896)

Windows Driver Package - NVIDIA (nv) Display (08/03/2011 6.14.12.8026)

Windows Driver Package - NVIDIA (nv) Display (09/23/2012 6.14.13.0681)

Windows Driver Package - NVIDIA (nv) Display (10/07/2011 6.14.12.8558)

Windows Driver Package - NVIDIA (nv) Display (10/16/2010 6.14.12.6099)

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Encoder 9 Series

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinPcap 4.1.2

WinZip

Wireshark 1.8.3 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

12/21/2012 6:56:51 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

12/21/2012 6:41:47 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

12/21/2012 5:26:00 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\sclgntfy.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.

12/21/2012 5:26:00 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\kbdus.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello rplusr and welcome to MalwareBytes forums.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Close all open browsers at this point.
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com
and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.
Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button
Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.
The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.
Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.
Step 6
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 7

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.

Use separate replies as needed if logs do not fit into one reply box.

xmas.gif

Share this post


Link to post
Share on other sites

First, I really appreciate the quick response and even on Christmas Day! I did not get a notification of your reply and will check my Notification settings, otherwise I would have completed this sooner. I completed all 7 steps and logs follow:

info.txt logfile of random's system information tool 1.09 2012-12-25 13:04:46

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_135_Plugin.exe -maintain plugin

Adobe Reader 8.3.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A83000000003}

Amazon MP3 Downloader 1.0.17-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe

AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly

Apple Application Support-->MsiExec.exe /I{CCE825DB-347A-4004-A186-5F4A6FDD8547}

Apple Mobile Device Support-->MsiExec.exe /I{459699C3-9430-4381-964B-4248D87B49F9}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Auction Sentry-->MsiExec.exe /I{38ED4745-4015-4BF0-AB17-AA4B07595137}

Auction Sentry-->MsiExec.exe /X{DF29A0E2-DF76-4932-98A9-34B441F40486}

Bing Bar-->MsiExec.exe /X{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}

Bing Rewards Client Installer-->MsiExec.exe /X{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}

Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}

CameraHelperMsi-->MsiExec.exe /I{15634701-BACE-4449-8B25-1567DA8C9FD3}

Cisco WebEx Meetings-->C:\WINDOWS\DOWNLO~1\atcliun.exe

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Conexant HSF V92 56K RTAD Speakerphone PCI Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0

dcmsvc 1.0-->"C:\Program Files\dcmsvc\unins000.exe"

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{99F50845-55E3-4E06-9A5A-17D37F4D4FB9}" "1033" "0"

DIRECTV Player-->MsiExec.exe /X{5F3783B7-F809-45A7-8A92-A44B441FDA7C}

Disney Dreams Screen Saver-->C:\WINDOWS\system32\Disney Dreams.scr /u

Disney Epic Mickey: Prima Official eGuide-->"C:\Program Files\Prima Games\DisneyEpicMickeyPrimaOfficialeGuide\Uninstall.exe"

Dragon NaturallySpeaking 11-->MsiExec.exe /I{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}

erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

Family Tree Maker 2009-->C:\Program Files\InstallShield Installation Information\{27711CB0-26B3-4D99-88A9-4E4D60C34850}\setup.exe -runfromtemp -l0x0409

Family Tree Maker 2010-->"C:\Program Files\InstallShield Installation Information\{89EAD745-088B-4160-B964-42C4D4D273AD}\setup.exe" -runfromtemp -l0x0409 -removeonly

Family Tree Maker 2010-->MsiExec.exe /X{89EAD745-088B-4160-B964-42C4D4D273AD}

Free JavaScript Editor 4.7-->MsiExec.exe /I{EA5B4DB8-BF9A-4E23-B7FB-0A387A3A0E8F}

Google Chrome-->"C:\Program Files\Google\Chrome\Application\23.0.1271.64\Installer\setup.exe" --uninstall --multi-install --chrome --system-level

Google Earth-->MsiExec.exe /X{28E82311-8616-11E1-BEB0-B8AC6F97B88E}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows XP (KB2756822)-->"C:\WINDOWS\$NtUninstallKB2756822$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB2779562)-->"C:\WINDOWS\$NtUninstallKB2779562$\spuninst\spuninst.exe"

HP FWUpdateEDO2-->MsiExec.exe /I{415FA9AD-DA10-4ABE-97B6-5051D4795C90}

HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat

HP Officejet Pro 8600 Basic Device Software-->MsiExec.exe /I{8EAB4100-B343-41AE-A880-418746998209}

HP Officejet Pro 8600 Help-->MsiExec.exe /I{46235FF7-2CBE-4A84-BEDA-87348D1F7850}

HP Officejet Pro 8600 Help-->MsiExec.exe /I{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}

HP Officejet Pro 8600 Product Improvement Study-->MsiExec.exe /I{669B49D6-BCA8-4F7C-9248-CE5677750285}

HP Photo Creations-->"C:\Program Files\HP Photo Creations\uninst.exe"

HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}

HP Product Detection-->MsiExec.exe /I{4F38594F-2C4A-4C42-B2C4-505E225F6F80}

HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat

HP Smart Print 1.1.5.2-->MsiExec.exe /I{7752CBAC-3B2D-43C0-98CA-A1A16CCF7E3C}

HP Update-->MsiExec.exe /X{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}

I.R.I.S. OCR-->MsiExec.exe /I{CA6BCA2F-EDEB-408F-850B-31404BE16A61}

Info Center 1.0.0.7-->"C:\Program Files\PCPitstop\Info Center\unins000.exe"

InstantShareAlert-->MsiExec.exe /I{069730C2-755A-485B-A205-27A1AAFA836A}

Ipswitch WS_FTP Pro-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\WS_FTP Pro\uninst.isu" -c"C:\Program Files\WS_FTP Pro\FTPInstUtils.dll"

iSEEK AnswerWorks English Runtime-->MsiExec.exe /I{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}

iTunes-->MsiExec.exe /I{B0261E53-B6F1-474A-864B-E7C3CBF468E0}

Java 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216019FF}

Logitech Vid HD-->C:\Program Files\Logitech\Vid HD\uninst.exe

Logitech Webcam Software Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\12.10.1110\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=200 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_12.10" /clone_wait /hide_progress

Logitech Webcam Software-->"C:\Program Files\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe" /lang=ENU /guid="{D40EB009-0499-459c-A8AF-C9C110766215}"

LWS Gallery-->MsiExec.exe /I{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}

LWS Help_main-->MsiExec.exe /I{1651216E-E7AD-4250-92A1-FB8ED61391C9}

LWS Launcher-->MsiExec.exe /I{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}

LWS Motion Detection-->MsiExec.exe /I{71E66D3F-A009-44AB-8784-75E2819BA4BA}

LWS Pictures And Video-->MsiExec.exe /I{08610298-29AE-445B-B37D-EFBE05802967}

LWS Twitter-->MsiExec.exe /I{174A3B31-4C43-43DD-866F-73C9DB887B48}

LWS Video Mask Maker-->MsiExec.exe /I{EED027B7-0DB6-404B-8F45-6DFEE34A0441}

LWS VideoEffects-->MsiExec.exe /I{138A4072-9E64-46BD-B5F9-DB2BB395391F}

LWS Webcam Software-->MsiExec.exe /I{8937D274-C281-42E4-8CDB-A0B2DF979189}

LWS WLM Plugin-->MsiExec.exe /I{9DAEA76B-E50F-4272-A595-0124E826553D}

LWS YouTube Plugin-->MsiExec.exe /I{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}

Malwarebytes Anti-Malware version 1.65.1.1000-->"C:\Program Files\Malwarebytes\unins000.exe"

McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall

McAfee Virtual Technician-->C:\Program Files\McAfee\Supportability\MVT\MVTInstaller.exe /uninstall

Microsoft .NET Framework 1.1 Security Update (KB2656370)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp"

Microsoft .NET Framework 1.1 Security Update (KB2698023)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2698023\M2698023Uninstall.msp"

Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft ActiveSync 3.7-->"C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"

Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

Microsoft Download Manager-->MsiExec.exe /X{654977DB-0001-0002-0001-EABD228DDE8B}

Microsoft Office 2003 Primary Interop Assemblies-->MsiExec.exe /X{91490409-6000-11D3-8CFE-0150048383C9}

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"

Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"

Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}

Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}

Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Home and Business 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL

Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}

Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-0081-0409-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}

Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}

Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}

Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}

Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)-->c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exe

Microsoft Visual Studio 2010 Tools for Office Runtime (x86)-->MsiExec.exe /X{97BA2B90-AF72-35CF-BFDC-E06531811B20}

Microsoft Works 6-9 Converter-->MsiExec.exe /X{172423F9-522A-483A-AD65-03600CE4CA4F}

Microsoft WSE 3.0-->MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}

Mozilla Firefox 17.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MultiScreen-->C:\Program Files\InstallShield Installation Information\{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}\setup.exe -runfromtemp -l0x0009 -removeonly

MX-950 Editor-->MsiExec.exe /X{B762B2A5-883B-454B-A586-1DF6C4528262}

Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""

NetObjects Fusion 10.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3334366-BCED-4D4B-A266-23E3414FC29D}\setup.exe" -l0x9 anything -uninst

NetObjects Fusion 12.0-->"C:\Program Files\InstallShield Installation Information\{46CB5C9E-BE06-42B6-8B59-C037B8E93889}\setup.exe" -runfromtemp -l0x0009anything -uninst -removeonly

Nuance PDF Converter Professional 7-->MsiExec.exe /I{6F9C25B0-6ABF-4FB0-8793-176487F963EE}

NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI

NVIDIA Graphics Driver 306.81-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.7\NVI2.DLL",UninstallPackage Display.Driver

NVIDIA nView 136.28-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.7\NVI2.DLL",UninstallPackage Display.NView

NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall

NVIDIA Update 1.10.8-->"C:\WINDOWS\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.7\NVI2.DLL",UninstallPackage Display.Update

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

Paint Shop Pro 6.02 CD-->C:\Program Files\Paint Shop Pro 6\Unwise.exe C:\PROGRA~1\PAINTS~1\INSTALL.LOG

Password Safe-->"C:\Program Files\Password Safe\Uninstall.exe"

Password Tracker Deluxe 3.62-->"C:\Program Files\Password Tracker Deluxe\PwTrkr.exe" /uninstall

PC Matic 1.1.0.44-->"C:\Program Files\PCPitstop\PC Matic\unins000.exe"

PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C1}\setup.exe" ControlPanel

PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall

PrintMaster Premier 4.00-->c:\PROGRA~1\pmw\msrun.exe Unins

Quicken 2011-->MsiExec.exe /X{5FE545A1-D215-4216-9189-E7B39C9D1CC1}

Quicken WillMaker Plus 2009-->C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2009\uninstal.log

Quicken WillMaker Plus 2011-->C:\WINDOWS\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2011\uninstal.log

QuickTime-->MsiExec.exe /I{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder Client

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{73CC972E-6ABF-456B-9E1E-BADC0E65B57A}" "1033" "0"

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{D267D0F7-9770-467D-ACF3-FB2F7E0AC532}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CC39BA1F-7A25-440C-86A7-77E35D8CC88C}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DAB57906-C0A9-486D-BBAB-7F71BD701C96}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{54A1B66B-F5B2-45AD-8B19-5F51A027A1B9}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B5489515-6DD4-47A5-AE4E-64751D15F10E}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{9FF4E0C9-11BB-4B32-AC5E-EAB896CB4216}" "1033" "0"

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A5E549EB-FDD3-4CD1-8163-50D429A36516}" "1033" "0"

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{61461470-8168-4F4B-97B7-617AF354F028}" "1033" "0"

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{0A682BA4-3C78-42C3-8DDF-EB9A6ABE5535}" "1033" "0"

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F8243081-3FB0-4EE8-9B2A-6F7D70AF5269}" "1033" "0"

Security Update for Windows Internet Explorer 8 (KB2761465)-->"C:\WINDOWS\ie8updates\KB2761465-IE8\spuninst\spuninst.exe"

Security Update for Windows XP (KB2724197)-->"C:\WINDOWS\$NtUninstallKB2724197$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2727528)-->"C:\WINDOWS\$NtUninstallKB2727528$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2753842)-->"C:\WINDOWS\$NtUninstallKB2753842$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2753842-v2)-->"C:\WINDOWS\$NtUninstallKB2753842-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2758857)-->"C:\WINDOWS\$NtUninstallKB2758857$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2761226)-->"C:\WINDOWS\$NtUninstallKB2761226$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2770660)-->"C:\WINDOWS\$NtUninstallKB2770660$\spuninst\spuninst.exe"

Security Update for Windows XP (KB2779030)-->"C:\WINDOWS\$NtUninstallKB2779030$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Shared C Run-time for x86-->MsiExec.exe /I{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}

Skype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}

Skype™ 6.0-->MsiExec.exe /X{EA17F4FC-FDBF-4CF8-A529-2D983132D053}

SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

TeamViewer 8-->C:\Program Files\TeamViewer\Version8\uninstall.exe

TEG-PCITXR 32bit Gigabit PCI Adatper-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly

Trainz-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}\setup.exe" -l0x9

TRS2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDE1289F-4025-41A5-AD17-101DB4D82CA7}\setup.exe" -l0x9

TurboTax 2009 WinPerFedFormset-->MsiExec.exe /I{3881DB80-EAA2-012B-ADAE-000000000000}

TurboTax 2009 WinPerReleaseEngine-->MsiExec.exe /I{38975F50-EAA2-012B-ADB4-000000000000}

TurboTax 2009 WinPerTaxSupport-->MsiExec.exe /I{38A34630-EAA2-012B-ADB6-000000000000}

TurboTax 2009 wkyiper-->MsiExec.exe /I{39003340-EAA2-012B-ADCD-000000000000}

TurboTax 2009 wrapper-->MsiExec.exe /I{3C5A81D0-EAA2-012B-AE9F-000000000000}

TurboTax 2009-->C:\Program Files\TurboTax\Deluxe 2009\Installer\TurboTax 2009 Installer.exe /u /t /a

TurboTax 2010 WinPerFedFormset-->MsiExec.exe /I{3782EC09-4000-475E-8A59-9CABD6F03B4C}

TurboTax 2010 WinPerReleaseEngine-->MsiExec.exe /I{A525E00B-6609-442E-9DCD-64453C233E8D}

TurboTax 2010 WinPerTaxSupport-->MsiExec.exe /I{05BDC796-3451-4F81-B91D-E98F7ADA76C2}

TurboTax 2010 wkyiper-->MsiExec.exe /I{D0EE2F91-CC20-426F-A4D5-7FFE54E55015}

TurboTax 2010 wrapper-->MsiExec.exe /I{4F2FCCCF-29F3-44B9-886F-6D16F8417522}

TurboTax 2010-->C:\Program Files\TurboTax\Deluxe 2010\Installer\TurboTax 2010 Installer.exe /u /t /a

TurboTax 2011 WinPerReleaseEngine-->MsiExec.exe /I{E463E171-4082-4744-A466-F7CBE8502789}

TurboTax 2011 WinPerTaxSupport-->MsiExec.exe /I{CAF5B770-082F-40C4-853D-3973BB81BDAA}

TurboTax 2011 wkyiper-->MsiExec.exe /I{9CC57E3F-0478-4005-98D3-4C6850C5A6E7}

TurboTax 2011 wrapper-->MsiExec.exe /I{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}

TurboTax 2011-->C:\Program Files\TurboTax\Deluxe 2011\Installer\TurboTax 2011 Installer.exe /u /t /a

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1033" "0"

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1033" "0"

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{18B3CF2A-73F7-4716-B1AE-86D68726D408}" "1033" "0"

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{73E67A3A-8D61-44EF-90C2-1697C3DBE668}" "1033" "0"

Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1033" "0"

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1033" "0"

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{C4F26A9B-B121-4135-8084-A0D9C780C7C8}" "1033" "0"

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{460FF681-BC66-4C38-99DF-7012E03F1EBA}" "1033" "0"

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{C633216E-FF30-45B6-B2AB-21922A9353EF}" "1033" "0"

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{1CBEDB37-C438-473F-8BA0-2535B0D237E2}" "1033" "0"

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{9865DC3A-2898-48D9-B96A-46397571C934}" "1033" "0"

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DFE7321B-F914-4AB5-8C74-1F8CC932B1B0}" "1033" "0"

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{47894754-0FEC-4920-9A65-6C1E732587AC}" "1033" "0"

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{326F9E80-FE16-4D2A-827A-4EE1A87B1CE8}" "1033" "0"

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}" "1033" "0"

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}" "1033" "0"

Update for Windows XP (KB2661254-v2)-->"C:\WINDOWS\$NtUninstallKB2661254-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB2749655)-->"C:\WINDOWS\$NtUninstallKB2749655$\spuninst\spuninst.exe"

VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking-->MsiExec.exe /I{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}

Visual C++ Runtime for Dragon NaturallySpeaking-->MsiExec.exe /I{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}

Visual Studio 2005 Tools for Office Second Edition Runtime-->C:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe

Warner Bros. Digital Copy Manager-->msiexec /qb /x {0E6EC2D7-5C9B-28B7-C848-171EDACB9625}

Warner Bros. Digital Copy Manager-->MsiExec.exe /I{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}

WebIQ Technology Engine-->MsiExec.exe /X{0F2F77E4-4053-4108-B153-81F0B42EDCF4}

Windows 7 Upgrade Advisor-->MsiExec.exe /I{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}

Windows Driver Package - Logitech (lvrs) MEDIA (01/17/2012 13.31.1044.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5s_EC6F58D0768F50BA52841701F07D93224CCBC418\lvpro5s.inf

Windows Driver Package - Logitech (lvrs) MEDIA (09/21/2012 13.51.823.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5s_B2A99D387D2BC7834AC22520D8B1925C395063F6\lvpro5s.inf

Windows Driver Package - Logitech (LVUVC) Image (01/17/2012 13.31.1044.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5v_D2C9E2D5867D472251514011BBE78B5772FF85F4\lvpro5v.inf

Windows Driver Package - Logitech (LVUVC) Image (09/21/2012 13.51.823.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5v_8009832C96BA2EC6FBB36C272247C99207D2CF34\lvpro5v.inf

Windows Driver Package - Logitech USB (01/17/2012 13.31.1044.0)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\lvpro5c_CFEA30E7EC4EFEFA29100B1389F8CC4E7815C557\lvpro5c.inf

Windows Driver Package - NVIDIA (nv) Display (01/07/2011 6.14.12.6658)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_023219CF3A4917CCA41B16B1E8B93E1DDC0892D0\nv4_disp.inf

Windows Driver Package - NVIDIA (nv) Display (02/09/2012 6.14.12.9573)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_D57F88388DBB75A1A9F016A4439CE7941366B9CC\nv4_disp.inf

Windows Driver Package - NVIDIA (nv) Display (02/29/2012 6.14.12.9610)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_F40C8CD5B9A6521F54F4F7E14A360CB5AE46AB6B\nv4_disp.inf

Windows Driver Package - NVIDIA (nv) Display (03/15/2010 6.14.11.9713)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_01A1720D7453D730F20FAFBEA4D6B9A2105287C9\nv4_disp.inf

Windows Driver Package - NVIDIA (nv) Display (04/07/2011 6.14.12.7061)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_CCC0A428AE64891D9B1B7F5C8E54AC2C95FE3671\nv4_disp.inf

Windows Driver Package - NVIDIA (nv) Display (05/15/2012 6.14.13.0142)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_7D446CFBFA4A85956C4FA21B72A07064B3CD147E\nv4_disp.inf

Windows Driver Package - NVIDIA (nv) Display (05/20/2011 6.14.12.7533)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_14FA122036C65C3E9AA05BF676F2EE944AFC831C\nv4_disp.inf

Windows Driver Package - NVIDIA (nv) Display (06/07/2010 6.14.12.5721)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_6B8341AFD9CC5A9A6A5B2D844EEBBD241AB9C81C\nv4_disp.inf

Windows Driver Package - NVIDIA (nv) Display (07/09/2010 6.14.12.5896)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_6691F1BDB0DC3B805E5970F75D7834FC0D37C6EE\nv4_disp.inf

Windows Driver Package - NVIDIA (nv) Display (08/03/2011 6.14.12.8026)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_2E7B5C052AFEB20F28FCD99D5AE9F5DB070782DB\nv4_disp.inf

Windows Driver Package - NVIDIA (nv) Display (09/23/2012 6.14.13.0681)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_dispi_C9E7FAAB72598782BB81E5D97AE9C3200C96917C\nv4_dispi.inf

Windows Driver Package - NVIDIA (nv) Display (10/07/2011 6.14.12.8558)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_90681DB143FDAFA00A0689935B55440102A1AF67\nv4_disp.inf

Windows Driver Package - NVIDIA (nv) Display (10/16/2010 6.14.12.6099)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nv4_disp_01CF2A199AEBDA193CB0ABAB5E8168F9160AA86F\nv4_disp.inf

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}

Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}

Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}

Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

WinPcap 4.1.2-->C:\Program Files\WinPcap\uninstall.exe

WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

Wireshark 1.8.3 (32-bit)-->"C:\Program Files\Wireshark\uninstall.exe"

======Hosts File======

======Security center information======

AV: McAfee Anti-Virus and Anti-Spyware

FW: McAfee Firewall

======System event log======

Computer Name: ZTDESKTOP

Event Code: 10010

Message: The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register with DCOM within the required timeout.

Record Number: 83768

Source Name: DCOM

Time Written: 20121123101934.000000-300

Event Type: error

User: NT AUTHORITY\SYSTEM

Computer Name: ZTDESKTOP

Event Code: 7001

Message: The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Record Number: 83744

Source Name: Service Control Manager

Time Written: 20121123101138.000000-300

Event Type: error

User:

Computer Name: ZTDESKTOP

Event Code: 7001

Message: The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Record Number: 83743

Source Name: Service Control Manager

Time Written: 20121123101138.000000-300

Event Type: error

User:

Computer Name: ZTDESKTOP

Event Code: 7001

Message: The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Record Number: 83742

Source Name: Service Control Manager

Time Written: 20121123101138.000000-300

Event Type: error

User:

Computer Name: ZTDESKTOP

Event Code: 64008

Message: The protected system file c:\windows\system32\kbdus.dll could not be verified as valid because Windows

File Protection is terminating.

Use the SFC utility to verify the integrity of the file at a later time.

Record Number: 83738

Source Name: Windows File Protection

Time Written: 20121123101036.000000-300

Event Type: warning

User:

=====Application event log=====

Computer Name: ZTDESKTOP

Event Code: 3013

Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Record Number: 46054

Source Name: Windows Search Service

Time Written: 20121214182735.000000-300

Event Type: error

User:

Computer Name: ZTDESKTOP

Event Code: 3013

Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Record Number: 46053

Source Name: Windows Search Service

Time Written: 20121214182735.000000-300

Event Type: error

User:

Computer Name: ZTDESKTOP

Event Code: 3013

Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Record Number: 46052

Source Name: Windows Search Service

Time Written: 20121214182735.000000-300

Event Type: error

User:

Computer Name: ZTDESKTOP

Event Code: 3013

Message: The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE SECURITYCENTER.LNK> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:

A device attached to the system is not functioning. (0x8007001f)

Record Number: 46051

Source Name: Windows Search Service

Time Written: 20121214182735.000000-300

Event Type: error

User:

Computer Name: ZTDESKTOP

Event Code: 902

Message: The Software Protection service has started.

14.0.370.400

Record Number: 46034

Source Name: Office Software Protection Platform Service

Time Written: 20121214053108.000000-300

Event Type:

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=4

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"asl.log"=Destination=file

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

McAfee Anti-Virus and Anti-Spyware

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.65.1.1000

Java 6 Update 23

Free JavaScript Editor 4.7

Java version out of Date!

Adobe Flash Player 11.5.502.135

Adobe Reader 8 Adobe Reader out of Date!

Mozilla Firefox (17.0)

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 2%

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Logs Continued:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Roman at 2012-12-25 13:04:11

Microsoft Windows XP Professional Service Pack 3

System drive C: has 422 GB (89%) free of 473 GB

Total RAM: 3197 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:04:44 PM, on 12/25/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\dcmsvc\dcmsvc.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe

C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe

C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Program Files\Hewlett-Packard\SmartPrint\bootstrap.exe

C:\PROGRA~1\MICROS~2\Office14\OUTLOOK.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

c:\PROGRA~1\mcafee\SITEAD~1\saui.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Roman\Desktop\RSIT.exe

C:\Program Files\trend micro\Roman.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: (no name) - AutorunsDisabled - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: QpBHO Class - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll

O2 - BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll

O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121224175840.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM\..\Run: [PDF7 Registry Controller] C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe

O4 - HKLM\..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe

O4 - HKLM\..\Run: [info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iSUSPM] "C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [PCShowServer] C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe

O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN28SBWG2P05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1

O4 - HKCU\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW

O4 - HKUS\S-1-5-19\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Google] rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x0809 -f video -m logitech -d 13.51.823.0 (User 'Default user')

O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe

O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

O8 - Extra context menu item: Open with Nuance PDF Converter 7 - res://C:\Program Files\Nuance\PDF Professional 7\cnvres_eng.dll /100

O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe

O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://download.windowsupdate.com

O15 - Trusted Zone: http://xmro.xmradio.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} (TunnelX Control) - https://www.mydlink.com/8D/activeX//TunnelX.ocx

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/WBXclient-T28L10NSP6EP1-15324/webex/ieatgpc.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe

O23 - Service: Google Update Service (gupdate1ca13132833f7e2) (gupdate1ca13132833f7e2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O24 - Desktop Component 0: (no name) - (no file)

--

End of file - 17583 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\At1.job

C:\WINDOWS\tasks\At2.job

C:\WINDOWS\tasks\At3.job

C:\WINDOWS\tasks\At4.job

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\HP Photo Creations Communicator.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{BDE7133C-82B2-4BF4-85C5-B5D91B4A4BA3}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\43597dhz.default

prefs.js - "browser.startup.homepage" - "http://www.google.com/"

prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=mcafee&p="

"{1650a312-02bc-40ee-977e-83f158701739}"=C:\Program Files\SiteAdvisor\FF1

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"quickprint@hp.com"=C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension

"{D19CA586-DD6C-4a0a-96F8-14644F340D60}"=C:\Program Files\Common Files\McAfee\SystemCore

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.5.502.135 Plugin

"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]

"Description"=McAfee Total Protection MIME Plugin

"Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MVT]

"Description"=McAfee Virtual Technician Plugin

"Path"=C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/SAFFPlugin]

"Description"=

"Path"=C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1]

"Description"=Microsoft Download Manager

"Path"=C:\WINDOWS\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]

"Description"=Office Authorization plug-in for NPAPI browsers

"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]

"Description"=Microsoft SharePoint Plug-in for Firefox

"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]

"Description"=Google Updater

"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5]

"Description"=A component of your photo software powered by RocketLife

"Path"=C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\

{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

McSiteAdvisor.xml

twitter.xml

wikipedia.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-08-30 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1658D3A1-9E13-4196-A82A-D70D70880F36}]

HP Smart Print BHO - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll [2012-10-31 644000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{551A852F-39A6-44A7-9C13-AFBEC9185A9D}]

PlusIEEventHelper Class - C:\Program Files\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll [2011-06-30 245016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{601ED020-FB6C-11D3-87D8-0050DA59922B}]

WsftpBrowserHelper Class - C:\Program Files\WS_FTP Pro\wsbho2k0.dll [2001-12-20 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121224175840.dll [2012-11-09 89040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-09-10 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-06-21 261568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]

Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9}]

ZeonIEEventHelper Class - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll [2011-07-08 488728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-24 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

{E3286BF1-E654-42FF-B4A6-5E111731DF6B} - DocuCom PDF - C:\Program Files\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll [2011-07-08 488728]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-06-21 261568]

{eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]

"dcmsvc"=C:\Program Files\dcmsvc\dcmsvc.exe [2009-04-07 30440]

"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-16 81920]

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-11-28 59280]

"LWS"=C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [2011-08-12 205336]

"PDF7 Registry Controller"=C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe [2011-09-09 141160]

"PDFProHook"=C:\Program Files\Nuance\PDF Professional 7\pdfpro7hook.exe [2011-11-03 1787752]

"Info Center"=C:\Program Files\PCPitstop\Info Center\InfoCenter.exe [2011-09-26 24216]

"mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2012-09-12 1278648]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2012-09-23 15512424]

"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []

"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-09-23 1634112]

""= []

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-12-12 152544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"ISUSPM"=C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe [2011-06-05 222496]

"PCShowServer"=C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe [2012-03-01 351888]

"HP Officejet Pro 8600 (NET)"=C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2012-10-17 1837672]

"Google"=rundll32 C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll,CreateIScalerW []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048]

C:\Documents and Settings\Roman\Start Menu\Programs\Startup

Dropbox.lnk - C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe

Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - C:\WINDOWS\system32\RunDll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"

"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"

"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"

"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"

"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"

"C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"

"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server"

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"

"C:\Program Files\Logitech\Vid HD\Vid.exe"="C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD"

"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"

"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe"="C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host"

"C:\Documents and Settings\Roman\Local Settings\Temp\7zS4947\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Roman\Local Settings\Temp\7zS4947\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS"

"C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 FaxApplications"

"C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 DigitalWizards"

"C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 SendFaxAppExe"

"C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Officejet Pro 8600)"

"C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Officejet Pro 8600)"

"C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet Pro 8600)"

"C:\Documents and Settings\Roman\Local Settings\Temp\7zS1CE9\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Roman\Local Settings\Temp\7zS1CE9\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS"

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"

"C:\Documents and Settings\Roman\Local Settings\Temp\7zS6902\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Roman\Local Settings\Temp\7zS6902\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Documents and Settings\Roman\Local Settings\Temp\7zS5FB7\HPDiagnosticCoreUI.exe"="C:\Documents and Settings\Roman\Local Settings\Temp\7zS5FB7\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\TeamViewer\Version8\TeamViewer.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"

"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midimapper"=midimap.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msadpcm"=msadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.trspch"=tssoft32.acm

"vidc.cvid"=iccvid.dll

"VIDC.I420"=lvcodec2.dll

"vidc.iv31"=ir32_32.dll

"vidc.iv32"=ir32_32.dll

"vidc.iv41"=ir41_32.ax

"VIDC.IYUV"=iyuv_32.dll

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVU9"=tsbyuv.dll

"VIDC.YVYU"=msyuv.dll

"wavemapper"=msacm32.drv

"msacm.msg723"=msg723.acm

"vidc.M263"=msh263.drv

"vidc.M261"=msh261.drv

"msacm.msaudio1"=msaud32.acm

"msacm.sl_anet"=sl_anet.acm

"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax

"vidc.iv50"=ir50_32.dll

"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm

"wave1"=serwvdrv.dll

"MSVideo8"=VfWWDM32.dll

"MSVideo"=vfwwdm32.dll

"msacm.siren"=sirenacm.dll

"wave3"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux2"=wdmaud.drv

"wave4"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux3"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

"msacm.pspgru"=pspgru.acm

"MSACM.CEGSM"=mobilev.acm

"wave2"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-12-25 13:04:11 ----D---- C:\rsit

2012-12-25 13:04:11 ----D---- C:\Program Files\trend micro

2012-12-25 13:00:31 ----D---- C:\WINDOWS\ERDNT

2012-12-25 12:59:10 ----D---- C:\Program Files\ERUNT

2012-12-21 16:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$

2012-12-19 08:33:59 ----D---- C:\Program Files\Dropbox

2012-12-19 08:23:29 ----D---- C:\Program Files\iPod

2012-12-19 08:23:25 ----D---- C:\Program Files\iTunes

2012-12-19 08:23:25 ----D---- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-15 07:46:58 ----A---- C:\WINDOWS\system32\drivers\mfendisk.sys

2012-12-12 06:14:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$

2012-12-12 06:14:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$

2012-12-12 06:14:15 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$

2012-12-12 06:13:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842$

2012-12-12 06:12:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$

2012-12-06 19:36:54 ----D---- C:\Program Files\Common Files\Skype

2012-12-02 11:08:11 ----D---- C:\Program Files\QuickTime

2012-12-02 10:07:15 ----D---- C:\Documents and Settings\Roman\Application Data\Hewlett-Packard

2012-12-02 10:03:07 ----D---- C:\Documents and Settings\Roman\Application Data\Visan

2012-12-02 10:01:52 ----D---- C:\Program Files\HP Photo Creations

2012-12-02 10:01:52 ----D---- C:\Documents and Settings\All Users\Application Data\Visan

2012-12-02 10:01:52 ----D---- C:\Documents and Settings\All Users\Application Data\HP Photo Creations

2012-12-02 09:44:03 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

2012-12-02 09:36:42 ----N---- C:\WINDOWS\system32\HPDiscoPM5912.dll

2012-12-02 09:36:40 ----A---- C:\WINDOWS\system32\HPWia1_OJ8600.dll

2012-12-02 09:36:40 ----A---- C:\WINDOWS\system32\HPScanTRDrv_OJ8600.dll

2012-12-02 09:36:36 ----A---- C:\WINDOWS\system32\hpinksts5912LM.dll

2012-12-02 09:36:36 ----A---- C:\WINDOWS\system32\hpinksts5912.dll

2012-12-02 09:36:36 ----A---- C:\WINDOWS\system32\hpinkins5912.exe

2012-12-02 09:36:36 ----A---- C:\WINDOWS\system32\hpinkcoi5912.dll

2012-11-26 18:55:27 ----D---- C:\Documents and Settings\Roman\Application Data\Wireshark

2012-11-26 18:49:51 ----D---- C:\Program Files\WinPcap

2012-11-26 18:49:18 ----D---- C:\Program Files\Wireshark

======List of files/folders modified in the last 1 month======

2012-12-25 13:04:44 ----RSHDC---- C:\WINDOWS\system32\dllcache

2012-12-25 13:04:44 ----D---- C:\WINDOWS\Temp

2012-12-25 13:04:43 ----AD---- C:\Documents and Settings\All Users\Application Data\Temp

2012-12-25 13:04:11 ----RD---- C:\Program Files

2012-12-25 13:03:35 ----D---- C:\WINDOWS\Prefetch

2012-12-25 13:00:31 ----D---- C:\WINDOWS

2012-12-25 00:23:31 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop

2012-12-24 18:10:02 ----D---- C:\Documents and Settings\Roman\Application Data\Dropbox

2012-12-24 17:58:40 ----D---- C:\Program Files\Mozilla Firefox

2012-12-24 17:42:36 ----D---- C:\WINDOWS\system32\drivers

2012-12-24 16:54:00 ----A---- C:\WINDOWS\SchedLgU.Txt

2012-12-24 06:22:19 ----D---- C:\WINDOWS\system32\CatRoot2

2012-12-24 06:21:17 ----D---- C:\WINDOWS\PIXTRAN

2012-12-23 17:44:20 ----D---- C:\Documents and Settings\Roman\Application Data\TeamViewer

2012-12-23 17:40:06 ----RSD---- C:\WINDOWS\Fonts

2012-12-23 17:39:45 ----D---- C:\Program Files\TeamViewer

2012-12-22 01:11:00 ----D---- C:\WINDOWS\ie8updates

2012-12-21 17:26:41 ----D---- C:\WINDOWS\system32

2012-12-21 16:33:09 ----HD---- C:\WINDOWS\inf

2012-12-21 16:32:06 ----HD---- C:\WINDOWS\$hf_mig$

2012-12-21 09:34:21 ----AC---- C:\WINDOWS\wsftppro.INI

2012-12-19 08:24:54 ----SHD---- C:\WINDOWS\Installer

2012-12-19 08:23:29 ----D---- C:\Program Files\Common Files\Apple

2012-12-18 07:54:50 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

2012-12-18 06:54:02 ----SD---- C:\WINDOWS\Tasks

2012-12-16 07:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll

2012-12-15 09:42:24 ----D---- C:\Program Files\Common Files\Mcafee

2012-12-15 07:48:19 ----D---- C:\WINDOWS\system32\config

2012-12-12 06:14:44 ----A---- C:\WINDOWS\imsins.BAK

2012-12-12 06:14:28 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help

2012-12-12 06:13:08 ----AC---- C:\WINDOWS\iis6.BAK

2012-12-12 06:11:53 ----D---- C:\Program Files\Internet Explorer

2012-12-12 06:07:29 ----AC---- C:\WINDOWS\system32\MRT.exe

2012-12-09 06:20:25 ----SD---- C:\WINDOWS\Downloaded Program Files

2012-12-08 12:51:53 ----SD---- C:\Documents and Settings\Roman\Application Data\Microsoft

2012-12-07 05:41:04 ----D---- C:\Documents and Settings\Roman\Application Data\Skype

2012-12-06 19:37:00 ----D---- C:\Documents and Settings\All Users\Application Data\Skype

2012-12-06 19:36:54 ----RD---- C:\Program Files\Skype

2012-12-06 19:36:54 ----D---- C:\Program Files\Common Files

2012-12-02 11:10:59 ----DC---- C:\WINDOWS\system32\DRVSTORE

2012-12-02 09:44:20 ----D---- C:\Documents and Settings\Roman\Application Data\HpUpdate

2012-12-02 09:44:04 ----D---- C:\WINDOWS\WinSxS

2012-12-02 09:38:05 ----D---- C:\WINDOWS\system32\CatRoot

2012-12-02 09:36:30 ----D---- C:\Documents and Settings\All Users\Application Data\HP

2012-12-02 09:36:28 ----D---- C:\WINDOWS\twain_32

2012-12-02 09:05:59 ----RSD---- C:\WINDOWS\assembly

2012-12-02 09:05:43 ----D---- C:\Program Files\Hewlett-Packard

2012-11-26 05:59:48 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2012-11-09 565352]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]

R1 mfetdi2k;McAfee Inc. mfetdi2k; C:\WINDOWS\system32\drivers\mfetdi2k.sys [2012-11-09 91168]

R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\fallback.sys [2001-09-07 310899]

R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\fsksnt.sys [2001-09-07 127405]

R2 K56;K56; C:\WINDOWS\system32\DRIVERS\k56nt.sys [2001-09-07 426783]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-28 11868]

R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2010-06-25 35088]

R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\faxnt.sys [2001-09-07 217019]

R2 SpeakerPhone;SpeakerPhone; C:\WINDOWS\system32\DRIVERS\spkpnt.sys [2001-09-07 80449]

R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\tonesnt.sys [2001-09-07 56607]

R2 V124;V124; C:\WINDOWS\system32\DRIVERS\v124nt.sys [2001-09-07 534125]

R3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\basic2.sys [2001-09-07 77426]

R3 cfwids;McAfee Inc. cfwids; C:\WINDOWS\system32\drivers\cfwids.sys [2012-11-09 60480]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 26840]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2012-09-21 310504]

R3 LVUVC;Logitech Webcam Pro 9000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2012-09-21 4261224]

R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2012-11-09 132912]

R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2012-11-09 234824]

R3 mfefirek;McAfee Inc. mfefirek; C:\WINDOWS\system32\drivers\mfefirek.sys [2012-11-09 362640]

R3 mfendiskmp;mfendiskmp; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2012-11-09 84432]

R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 monfilt;monfilt; C:\WINDOWS\system32\drivers\monfilt.sys [2008-02-14 1389056]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2012-09-23 12557728]

R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-01 13824]

R3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\rksample.sys [2001-09-07 67654]

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]

R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]

R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2008-05-21 277376]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2001-09-07 584336]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]

S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2009-10-07 23832]

S3 HipShieldK;McAfee Inc. HipShieldK; C:\WINDOWS\system32\drivers\HipShieldK.sys [2012-04-20 146872]

S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2006-02-28 1041536]

S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2006-02-28 220032]

S3 mbr;mbr; \??\C:\DOCUME~1\Roman\LOCALS~1\Temp\mbr.sys []

S3 mfeavfk01;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk01.sys []

S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2012-11-09 65488]

S3 mfendisk;McAfee Core NDIS Intermediate Filter; C:\WINDOWS\system32\DRIVERS\mfendisk.sys [2012-11-09 84432]

S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2012-11-09 92192]

S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]

S3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-01 66688]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]

S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-09-28 44544]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]

S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

S4 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]

R2 McMPFSvc;McAfee Personal Firewall Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]

R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]

R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]

R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]

R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2012-08-31 167784]

R2 McShield;McAfee McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2012-11-09 203400]

R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 168880]

R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2012-11-09 167344]

R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2012-09-23 164200]

R2 PCPitstop Scheduling;PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [2012-12-02 86216]

R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-12-12 553440]

R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 250808]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 DragonSvc;Dragon Service; C:\Program Files\Common Files\Nuance\dgnsvc.exe [2011-06-05 296808]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gupdate1ca13132833f7e2;Google Update Service (gupdate1ca13132833f7e2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-01 133104]

S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-01 133104]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-10 194104]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2010-08-23 13672]

S3 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]

S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248]

S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2012-11-16 279048]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-11-25 115168]

S3 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-09-23 1258856]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]

S3 PDFProFiltSrv;PDFProFiltSrv; C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2011-09-09 135016]

S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]

S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]

S3 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]

S3 UMVPFSrv;UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S4 CorelCreatorMessages;CorelCreatorMessages; C:\WINDOWS\system32\CorelCreatorMessages.exe []

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

Logs Continued:

QuickScan 32-bit v0.9.9.118

---------------------------

Scan date: Tue Dec 25 13:17:31 2012

Machine ID: 4489E2EA

No infection found.

-------------------

Processes

---------

Bing Bar 3780 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

Bonjour 264 C:\Program Files\Bonjour\mDNSResponder.exe

dcmsvc.exe 492 C:\Program Files\dcmsvc\dcmsvc.exe

Dropbox 3664 C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe

HP Digital Imaging 2220 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

HP Digital Imaging 784 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

HP Digital Imaging 4028 C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

HP Smart Print 5536 C:\Program Files\Hewlett-Packard\SmartPrint\BootStrap.exe

InstallShield Update Service 584 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

iTunes 272 C:\Program Files\iPod\bin\iPodService.exe

iTunes 2920 C:\Program Files\iTunes\iTunesHelper.exe

Logitech Camera Software 872 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

McAfee SecurityCenter 4808 C:\Program Files\McAfee.com\Agent\mcagent.exe

McAfee Shared Service Host 808 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

McAfee SiteAdvisor 6020 C:\PROGRA~1\McAfee\SITEAD~1\saUI.exe

Microsoft® Office 1772 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

Microsoft® Windows® Operating System 1876 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 5852 C:\WINDOWS\system32\wscntfy.exe

MobileDeviceService 2032 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

NDSPCSho Application 2192 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe

Nuance PDF Products 1756 C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe

NVIDIA Driver Helper Service, Version 3 1304 C:\WINDOWS\system32\nvsvc32.exe

PC Pitstop Scheduler 1340 C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

PC Show power management wrapper 3816 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe

PCPitstopInfoCenter 2000 C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

Software Manager 3692 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

SYSCORE 2436 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

SYSCORE 1072 C:\WINDOWS\system32\mfevtps.exe

TeamViewer 1640 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

VSCORE 544 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe

(verified) Microsoft® Windows® Operating System 2392 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 3740 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 1068 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 3552 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 1148 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 2420 C:\WINDOWS\system32\rundll32.exe

(verified) Microsoft® Windows® Operating System 2660 C:\WINDOWS\system32\rundll32.exe

(verified) Microsoft® Windows® Operating System 180 C:\WINDOWS\system32\rundll32.exe

(verified) Microsoft® Windows® Operating System 3712 C:\WINDOWS\system32\rundll32.exe

(verified) Microsoft® Windows® Operating System 2836 C:\WINDOWS\system32\searchindexer.exe

(verified) Microsoft® Windows® Operating System 1136 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 1316 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 672 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 504 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1624 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1800 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1964 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1600 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1552 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1400 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1092 C:\WINDOWS\system32\winlogon.exe

(verified) Windows® Internet Explorer 2196 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 4312 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 4860 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process HPNetworkCommunicatorCom.exe (784) connected on port 8080 (HTTP Proxy) --> 192.168.0.190

Process McSvHost.exe (808) connected on port 443 (HTTP over SSL) --> 161.69.92.10

Process HPNetworkCommunicator.exe (2220) connected on port 8080 (HTTP Proxy) --> 192.168.0.190

Process Dropbox.exe (3664) connected on port 80 (HTTP) --> 199.47.217.144

Process iexplore.exe (4312) connected on port 80 (HTTP) --> 72.247.191.139

Process iexplore.exe (4312) connected on port 80 (HTTP) --> 74.125.137.102

Process iexplore.exe (4312) connected on port 80 (HTTP) --> 74.125.137.102

Process iexplore.exe (4312) connected on port 80 (HTTP) --> 173.194.37.57

Process iexplore.exe (4312) connected on port 80 (HTTP) --> 74.125.140.154

Process iexplore.exe (4312) connected on port 80 (HTTP) --> 74.125.130.106

Process McSvHost.exe (808) listens on ports: 6646

Process svchost.exe (1400) listens on ports: 135 (RPC)

Process svchost.exe (1800) listens on ports: 2869 (SSDP event notification, UPNP)

Process Dropbox.exe (3664) listens on ports: 17500

Autoruns and critical files

---------------------------

Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Apple Push C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Communicator.exe C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exe

dcmsvc.exe C:\Program Files\dcmsvc\dcmsvc.exe

Dropbox C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe

Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

HP Digital Imaging C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe

HP Digital Imaging C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

iTunes C:\Program Files\iTunes\iTunesHelper.exe

Logitech Camera Software C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

MainConcept® ImageScaler Dll C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll

McAfee SecurityCenter C:\Program Files\McAfee.com\Agent\mcagent.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

Nuance PDF Products C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe

Nuance PDF Products C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe

NVIDIA Media Center Library C:\WINDOWS\system32\NvMCTray.dll

NVIDIA Windows Display driver, Version C:\WINDOWS\system32\NvCpl.dll

nwiz.exe C:\Program Files\NVIDIA Corporation\nview\nwiz.exe

PC Show power management wrapper C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe

PCPitstopInfoCenter C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

Recguard Application C:\WINDOWS\SMINST\RECGUARD.EXE

Software Manager C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

AmazonMP3DownloaderPlugin C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll

atcliun C:\WINDOWS\Downloaded Program Files\atcliun.exe

Bing Bar c:\program files\microsoft\bingbar\7.1.361.0\bingext.dll

Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

Google Update C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

Google Updater C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

GoogleToolbarNotifier c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

HP Smart Print C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe

HP Smart Print C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll

InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll

InterTrust Redemption Wizard C:\Program Files\Internet Explorer\plugins\NPDocBox.dll

Java Platform SE 6 U23 c:\program files\java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U23 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

Java Platform SE 6 U23 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

McAfee SiteAdvisor C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll

McAfee SiteAdvisor c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll

McAfee SiteAdvisor C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

McAfee Virtual Technician C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

mhLbl Module C:\WINDOWS\Downloaded Program Files\mhLbl.dll

Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL

Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL

Microsoft Office 2010 c:\program files\microsoft office\office14\urlredir.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

mydlink C:\WINDOWS\Downloaded Program Files\TunnelX.ocx

NDS PCShow Plugin C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll

npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

npMcSnFFPl.dll c:\Program Files\McAfee\MSC\npMcSnFFPl.dll

NPSWF32_11_5_502_135.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

PC Pitstop C:\WINDOWS\Downloaded Program Files\PCPitStop.dll

PC Pitstop C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll

PC Pitstop C:\WINDOWS\Downloaded Program Files\PCPitstop3D.dll

PC Pitstop C:\WINDOWS\Downloaded Program Files\PCPitstopAntiVirus2.dll

PC Pitstop DiskMD3 C:\WINDOWS\Downloaded Program Files\DiskMD3Ctrl.dll

PCShow Player Plugin C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll

PlusIEContextMenu c:\program files\nuance\pdf professional 7\bin\plusiecontextmenu.dll

QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.7.3 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

RocketLife Secure Plug-In Layer C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

Sunbelt AntiMalware Common SDK Merge Mo C:\WINDOWS\Downloaded Program Files\SBTE.DLL

Sunbelt AntiMalware Common SDK Merge Mo C:\WINDOWS\Downloaded Program Files\SPURSDOWNLOAD.DLL

VIPRE Threat detection and remediation C:\WINDOWS\Downloaded Program Files\VIPRE.DLL

WebEx Download Module C:\WINDOWS\Downloaded Program Files\ieatgpc.dll

Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll

wsbho2k0 Module c:\program files\ws_ftp pro\wsbho2k0.dll

ZeonIEFavClient c:\program files\nuance\pdf professional 7\bin\zeoniefavclient.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe

(verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Missing files

-------------

File not found: "c:\program files\microsoft\bingbar\7.1.361.0\bingext.dll"

--> HKLM\Software\Classes\CLSID\{eec0f710-38b5-4aba-99bf-ec87564a4e13}\InprocServer32\"(default)"

Scan

----

MD5: 6bf7676296d5359afc135a5397000053 C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

MD5: 62712a07b8dcc497e57bd8b74eb1dd85 C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exe

MD5: f51ec06aac2e7c2ad8f4d0bf23d01963 C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll

MD5: 5596cb8e20cec08a1307274a02356c70 C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe

MD5: d1f4ef194a129726fbf30e2f514824aa C:\Documents and Settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll

MD5: 56629acf84c1d1f42d35761b8f17c55d C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\boost_thread-vc90-mt-1_39.dll

MD5: 108564ef272d62a5ed2e04612e6229d5 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\CatalogDll.dll

MD5: d5e60f8ed43707c608bccc91b5ce6e11 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\DrmSingleton.dll

MD5: fdaf8c36a5742365a0df502e20f69a28 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\gsttspplugin.dll

MD5: 9edcaf5058f9626638ee8f0ac6af8976 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libglib-2.0-0.dll

MD5: 9aff67245ce824328ffd26134edc6759 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libgmodule-2.0-0.dll

MD5: 9f3ffac085263828f032a52f9b838419 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libgobject-2.0-0.dll

MD5: 2c997d1df778ee61046bf5de3082ad43 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libgstreamer-0.10.dll

MD5: 7ab4fdd2299a9c7ddedc0c6c77c5c454 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libgthread-2.0-0.dll

MD5: f5be4fa3ba8c3727fe062fab9112e5b0 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libiconv-2.dll

MD5: eabdd9e3e36069d68d55ed0f0a446c6e C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\libxml2-2.dll

MD5: 020d010677f04243b400d75fa4f33eb2 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\ndsLogStore.dll

MD5: f365d4b0a5b5552f0d2fa3e4aba36d91 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe

MD5: e347e05b060c0c57c56406de5b12a020 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll

MD5: adee98380dfb75550304dba850078c98 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll

MD5: 6b8de507dd6324134826e594c88838b9 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerDll.dll

MD5: 52f4a51ca22ab2d4701ac5faf9c845b8 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe

MD5: c627f5a7e414a4d5bb00999fc895f1c4 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\TSB.dll

MD5: 6ce680bbee0ba239c8abd02aa88be104 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\XferManagerDll.dll

MD5: 016f69e8fcd9afe5081781b1487306c5 C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\z.dll

MD5: a2cb17c6ecd68ab13d3589f626cf3e86 C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll

MD5: d1506baa5dd4bc62b54b2a9a3743ace4 C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll

MD5: cf000d9a2df8568dc86b35e12b3531e0 C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll

MD5: 1224d741ce1a54d67429e04a5b1ec4e2 C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll

MD5: 34ebd4ff6a24d86bb4716d6afcc1a89b C:\Program Files\Apple Software Update\SoftwareUpdate.exe

MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files\Bonjour\mdnsNSP.dll

MD5: db5bea73edaf19ac68b2c0fad0f92b1a C:\Program Files\Bonjour\mDNSResponder.exe

MD5: 897493762a427d94b66a30ee6ab35966 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 848bc9a0bb2361e549fd4c22d7548fb8 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll

MD5: c26b09276755e0698b31cf0bae0bf182 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

MD5: f6fd367c9eaaedf90cd7a7952ae0b336 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

MD5: af54247f97ccf3539de7505c09972ff9 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll

MD5: ef8cd3c64ee9c08980d6d06ccce46c68 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll

MD5: ff9831030678c7b6d70bac00f68f8976 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll

MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll

MD5: 73862ff693168369a90f046e7f227b83 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MD5: 78865abc5f5d13190f8b35bd9044714a C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll

MD5: 152f8772d5a5cd7883305c3b8d28470e C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll

MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll

MD5: 64894527838c86454e2f378ff39fa336 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll

MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MD5: a5299d04ed225d64cf07a568a3e1bf8c C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: 4e4edf9ca82e95bab2977dd9f21b00f6 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: ab781c0e4c09e08f464081d17c0f6184 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 31fb275f3384353592fc908535b46e18 C:\Program Files\Common Files\Apple\Mobile Device Support\LIBEAY32.dll

MD5: 0e1b02c9cc352a1f61703b7d1a8a2c45 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll

MD5: 3353fa13f36e0694ee92eed9f0225135 C:\Program Files\Common Files\Apple\Mobile Device Support\SSLEAY32.dll

MD5: d2aeadfd998706b4216315b2bd3fa79e C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

MD5: 1663a135865f0ba6e853353e98e67f2a C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

MD5: 3dc635b66dd7412e1c9c3a77b8d78f25 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

MD5: c12476de1affb1bba1a48a459ceb3d39 C:\Program Files\Common Files\LightScribe\LSSrvc.exe

MD5: 67a95b9d129ed5399e7965cd09cf30e7 C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

MD5: 156399dae7a45d83827d1b9fb0a53df2 C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\Main_Help.dll

MD5: 28e60c4ec03340ee7c5d51d79c19498b c:\Program Files\Common Files\Mcafee\Core\mccoreps.dll

MD5: c3333dd48a39c17689414275e09d7cc7 c:\Program Files\Common Files\Mcafee\Core\McEvtBrk.dll

MD5: 43979c30662f322e720b50b3d95f5d95 c:\Program Files\Common Files\Mcafee\HackerWatch\HWAPI.dll

MD5: f0012f09428ad9952ff57c93acaab585 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll

MD5: ecab006ac6136f1307e140b633cdb8c2 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

MD5: f721987c5a710ef2eda2cba9cffafaf7 C:\Program Files\Common Files\Mcafee\MNA\McNASvc.dll

MD5: ae02e6dac99fa4dc642c71b10fee9971 C:\Program Files\Common Files\McAfee\MSC\LangSel.dll

MD5: b1e8af364027029272758c8e34776144 C:\Program Files\Common Files\McAfee\MSC\LogCntrl.dll

MD5: 85ad707f3c3af8079b2f22c1dc7238c0 C:\Program Files\Common Files\Mcafee\MSC\mcbrwsr2.dll

MD5: 017ec72c3c9add080daa10956374884a c:\Program Files\Common Files\Mcafee\MSC\McDspWrp.dll

MD5: 4be8d8fb641f43f4c4d6cf6ab5ade968 C:\Program Files\Common Files\McAfee\MSC\McRtMui.dll

MD5: 2e50b9e0c0647475116247dce4357161 c:\Program Files\Common Files\Mcafee\MSC\mcutil\11,6,277,0\mcutil.dll

MD5: 32d2c44247c8f9cac70de1f3ae121964 C:\Program Files\Common Files\Mcafee\MSC\sqlite3.dll

MD5: b17440a103bc883b57974d63f43b7485 C:\Program Files\Common Files\Mcafee\NMC\McDisc.dll

MD5: 3eca9b282687a529995953e1c048bb2d c:\Program Files\Common Files\Mcafee\NMC\McMPFEvt.dll

MD5: a518d3c9fb121f0f37f86b3f1f5d1c32 C:\Program Files\Common Files\Mcafee\NMC\McNDSv.dll

MD5: 6c169a7b9cd228cd56bd95814ebc6194 C:\Program Files\Common Files\Mcafee\NMC\McNmcSrv.dll

MD5: 6c2d89c52da8592c57fb0dc7bab36ff7 C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

MD5: 4e13ea496e202bcb4fcc342d96faf83a C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

MD5: 250304dc7238574a6cecc88f13e07538 C:\Program Files\Common Files\McAfee\SystemCore\FTL.Dll

MD5: a4d46b6fa6ad0e3aa309d060f00a3808 C:\Program Files\Common Files\McAfee\SystemCore\LockDown.dll

MD5: 240f879f13cffae974b8929adc42a257 C:\Program Files\Common Files\McAfee\SystemCore\McShield.dll

MD5: 6c2d89c52da8592c57fb0dc7bab36ff7 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe

MD5: f0898390403be08777978b4f483953a8 C:\Program Files\Common Files\McAfee\SystemCore\mfeapfa.dll

MD5: da7212a2e5df4058ff72840bf4ef67ec C:\Program Files\Common Files\McAfee\SystemCore\mfeavfa.dll

MD5: e64585a16e4452df3f756ec4ca809e75 C:\Program Files\Common Files\McAfee\SystemCore\mfeelama.dll

MD5: 4e13ea496e202bcb4fcc342d96faf83a C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

MD5: fc76f0803bf2b86e3abd2c63bb0fdefd C:\Program Files\Common Files\McAfee\SystemCore\mfefwctl.dll

MD5: 7509744ad3eca4d625520b55633cb2cf C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll

MD5: 55e8267140290d8e1bf291252f3723d1 C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll

MD5: 01e8d9b07eeb603cc6bf5cdb21f1dcc9 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3.dll

MD5: 8d3ff64e90496c73c0344774329581b6 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_server.dll

MD5: d37356755af6b5a6c84735258edbbc57 C:\Program Files\Common Files\McAfee\SystemCore\mytilus3_worker.dll

MD5: d51e1ff7f4aa27fa10f95b3150741f35 C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121215074655.dll

MD5: d51e1ff7f4aa27fa10f95b3150741f35 C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121224175840.dll

MD5: a4d46b6fa6ad0e3aa309d060f00a3808 C:\Program Files\Common Files\McAfee\VSCore\Lockdown.dll

MD5: d5761dd586c54bf710174e992fa83eaa C:\Program Files\Common Files\Nuance\dgnsvc.exe

MD5: 36143067e041a98083fb204dac49293c C:\Program Files\dcmsvc\dcmsvc.exe

MD5: 408ddd80eede47175f6844817b90213e C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

MD5: b78f4c2c592c87df54e8e0c6aaef3874 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

MD5: 358878e398ab0fb8b1ee176c2e3edf48 C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

MD5: 586fdc4e02623ee228ec35b9604ae5f2 C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

MD5: f8ecc22460ffb1326aa7d35dcbae67e8 C:\Program Files\Hewlett-Packard\SmartPrint\BootStrap.exe

MD5: 1a3a1a8beffb1fc15091f64f588c1cb5 C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe

MD5: 3cc2f1568c2d4c1383cb0aa05a52e455 C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll

MD5: add4425af62c314f8c49033db7561bc5 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe

MD5: 135724d3f79e261b63628d75a6dd0817 C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

MD5: f4cc196e5633297c2122e5d7d92ce0ee C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

MD5: ef7a25631c5ffa09324206816a248708 C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll

MD5: 203cc41b7693bc3ce131561af33c6f2e C:\Program Files\HP\HP Officejet Pro 8600\bin\HPStatusUI.dll

MD5: 395bcc9122e705f6586217e32cd01cc9 C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

MD5: ce22799e6b81b336021d611a432c4e32 C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationUI.dll

MD5: b306ab1a1cf5a3c652466f74f7ee27d2 C:\Program Files\Internet Explorer\ieproxy.dll

MD5: 0cbe3e4166a08fc379eabf532b4efe18 C:\Program Files\Internet Explorer\plugins\NPDocBox.dll

MD5: 4687b6f8cf5f62ddcf21916114142ff7 C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: 419680fce774976fd752eb425d91aedf C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: 854274ac89f9b0aa0dd7dee518c225a7 C:\Program Files\Internet Explorer\xpshims.dll

MD5: e8a39d41474be42fd8830ced32932d6c C:\Program Files\iPod\bin\iPodService.exe

MD5: 7df0decd3006b8ba450aec714086ff3c C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL

MD5: 280013e1ca1a648a6b896d884cc46601 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL

MD5: c85eccbaa179719e658ffdbf99221e1e C:\Program Files\iTunes\iTunesHelper.dll

MD5: e4401cf27225c1d6e664e86195978562 C:\Program Files\iTunes\iTunesHelper.exe

MD5: 9df319f1c2d4b80d8ce8214ea4899adf C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 814a169c40b55178bd8e1f79d1ada649 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 3fcf47bd73094fa62d81373515f46110 C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

MD5: 67e74163c6178aa696e2b4a726770a02 c:\program files\java\jre6\bin\jp2ssv.dll

MD5: e731921db2e17dcd3db472fad5549c57 C:\Program Files\Java\jre6\bin\jqs.exe

MD5: ea8fcf30d2961369435c84ce3b3063f1 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

MD5: 054dcc54b7de3a9511f50b9fcbf4cdd1 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

MD5: af51b4250f9a37eb88d8f92e4a3c2f79 C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll

MD5: c12479cc7830aec5f35a2750094a9d14 C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

MD5: 8ffcfe3351f51e19b856a2347e19b850 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

MD5: 9c11630d403b2768f3eaf9230181e01a C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll

MD5: 58fbf6ef281bf78cf16c3b7f58530673 C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll

MD5: 5d1d4f50129e4b35c44f3d4f341ef51f C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll

MD5: 581a9fe27c17b1679085a066b069b65d C:\Program Files\McAfee.com\Agent\mcagent.exe

MD5: a727eaf1c956f05f51592d715e50f725 c:\Program Files\McAfee\MPF\MpfApi.dll

MD5: 355db4f5e585ca04c08519ce98cd5ca2 c:\Program Files\McAfee\MPF\MpfEvt.dll

MD5: a75338fabf3c24ebc4058faf8a7203d7 c:\Program Files\McAfee\MPF\MpfShm.dll

MD5: 8cd7f18d1ef09160fd201446ca70a2fd c:\Program Files\McAfee\MPF\MpfSvc.dll

MD5: 5fb8031590222674792690fe7f7ae004 C:\Program Files\McAfee\MPF\Twerp.dll

MD5: f891d113ae1488653db2c0fa34a6fbe9 c:\Program Files\McAfee\MQS\QCProgressIcon.dll

MD5: 45df6a66256026df51d719c87c16b2ce c:\Program Files\McAfee\MSC\McDBMgr.dll

MD5: 9aa3ee13e8cb7671db730015a23f5af5 c:\Program Files\McAfee\MSC\McGsShm.dll

MD5: 7c51822e2c94257f3c39551b2e4b8d6a c:\Program Files\McAfee\MSC\McIPTShm.dll

MD5: fd83993dbfec4eee7c13bc8fa74dfacc C:\Program Files\McAfee\MSC\mclwapi.dll

MD5: d390cda2d132c6d8cc27db7e007970fa c:\Program Files\McAfee\MSC\mcmispps.dll

MD5: c76be4b014d2fad9a3e38f2a773bd912 c:\Program Files\McAfee\MSC\mcmschlp.dll

MD5: b01860e256305c775c4678f66710aa60 c:\Program Files\McAfee\MSC\McMscShm.dll

MD5: cac6f6f206c978deea928b9302646a09 c:\Program Files\McAfee\MSC\mcmscsub.dll

MD5: 9adea7a6e21e72de50a152194c8510fe C:\Program Files\McAfee\MSC\McOemRes.dll

MD5: 2b07418ae23172777fe4ad68361f24df C:\Program Files\McAfee\MSC\mcprlalt.dll

MD5: 516f2ed421d9689696d38d5b5f825370 C:\Program Files\McAfee\MSC\mcprlres.dll

MD5: 49f62a7d70c930dba98c8ff8b5d6850c c:\Program Files\McAfee\MSC\mcregobj\11,6,434,0\mcregobj.dll

MD5: e6d44bf4a7a11bc06520b8ce54128f7b c:\Program Files\McAfee\MSC\mcsubmgr\11,6,434,0\mcsubmgr.dll

MD5: e7abc004978055616431654f63a3e5a7 c:\Program Files\McAfee\MSC\mcuicfg.dll

MD5: 354277d6e1b93f111351d523845b6257 c:\Program Files\McAfee\MSC\McUpdShm.dll

MD5: 4b06ba13e36358ddabb87b59abe16c3b C:\Program Files\McAfee\MSC\mscjsres.dll

MD5: 3234e4bb71dad2c13dc5c8cd85203e8b c:\Program Files\McAfee\MSC\mscuild.dll

MD5: a44bffa5d6cc1e909e6a3c16d9bb009b c:\Program Files\McAfee\MSC\npMcSnFFPl.dll

MD5: 6a9a136c7403fa7452834ff025ecfa9d C:\Program Files\McAfee\MSC\OemUI.dll

MD5: 2e72f6bd5d0c055780537b6711e14eaa c:\Program Files\McAfee\MSC\oemuild.dll

MD5: 5686edb3b234003c5e110f49c07a99b8 c:\Program Files\McAfee\SiteAdvisor\mcbrwctl.dll

MD5: 5c4ba8ef8fba80397c33cc33f7f3922f c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll

MD5: 4011e202d10468cd68ef1791a7f5e2f3 c:\Program Files\McAfee\SiteAdvisor\McPlgUI.dll

MD5: f9f003ecab0ac26e2aba43e672f15bd9 c:\Program Files\McAfee\SiteAdvisor\McSACorePS.dll

MD5: c6fd288c265157410a17ae0531d3af4c C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

MD5: e84b3cb28ab4d95c07738ae9937c2734 c:\Program Files\McAfee\SiteAdvisor\sahook.dll

MD5: 1d702a6e768510f2623171c963afae36 c:\Program Files\McAfee\SiteAdvisor\SaSSHMod.dll

MD5: cd64b78db77d443181a9e2e834796863 c:\Program Files\McAfee\SiteAdvisor\saUI.exe

MD5: 7ded7521eb8b8d56dadcd044d1b77709 c:\Program Files\McAfee\SiteAdvisor\saupkeep.dll

MD5: fa910662b178e09857ca6b98e3e22435 C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll

MD5: 80a617849b004d1c6c4beab7aa86f021 C:\Program Files\McAfee\VirusScan\Engine\5500.1093\mcscan32.dll

MD5: b776af46bbcb0a48d6a18efaa49e6fa4 c:\Program Files\McAfee\VirusScan\EScnPlug.dll

MD5: 9bd0c29c5c78c74a8d177399f07bd194 c:\Program Files\McAfee\VirusScan\McOasShm.dll

MD5: c7da06c9a9aeefbe37aac281ea6385d5 C:\Program Files\McAfee\VirusScan\mcods.exe

MD5: 93624b1849df1f5ed709522a302a1db2 c:\Program Files\McAfee\VirusScan\mcodsax.dll

MD5: b8b742537bfa1ac4f742b36beb310bf6 c:\Program Files\McAfee\VirusScan\McVsPs.dll

MD5: 2e645c11aab7a7e5f607355f6cbdf068 c:\Program Files\McAfee\VirusScan\MVsCfg.dll

MD5: 2f25b52b0cf0f6f5be2d789181d61735 c:\Program Files\McAfee\VirusScan\mvslog.dll

MD5: 7cc9484fbc922f7dc0b1d767a256c1e5 c:\Program Files\McAfee\VirusScan\NaiAnn.dll

MD5: 149da63ed179de9b46d5c38a867f3199 c:\Program Files\McAfee\VirusScan\NaiAnnPs.dll

MD5: 618b5e4d16dcba693b421c5062d84f9a c:\Program Files\McAfee\VirusScan\VSJsRes.dll

MD5: bfcce364e88a2cb9d64327f7ba7a77f5 C:\Program Files\McAfee\VirusScan\vsores.dll

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: a5d08b86e8a437aa6deaf7a187bf6ca5 c:\program files\microsoft office\office14\urlredir.dll

MD5: 9013599b12923a45c029c34e8d2211ac c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

MD5: a2494901e7226b356b8c1005c45f1c5f C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe

MD5: 809263143a1622f9768a4f68431bd45d c:\program files\microsoft\bingbar\7.1.361.0\bingext.dll

MD5: 63b1cbbae4790b5bac98f01bf9449722 C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

MD5: 313265cf4f5f02ed927774da1db3fe00 C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

MD5: b74db0119593f722ef6fb3d407c2da3a c:\program files\nuance\pdf professional 7\bin\plusiecontextmenu.dll

MD5: 08603efc5a8f1aa8d2cdec4fc00325e4 c:\program files\nuance\pdf professional 7\bin\zeoniefavclient.dll

MD5: 869cc2b32e989bf203165ee6d27d0c8c C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe

MD5: 3f87885cb3767bfd27811b3ca3cc608d C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe

MD5: d6fb9634096473c3a54fbeac10139203 C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe

MD5: 210ee09cb9c2655e55bd48d851369dc1 C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

MD5: bf9addb37c6f5f3159aa78df586dda8d C:\Program Files\NVIDIA Corporation\nview\nwiz.exe

MD5: d9c2c7c1552093da582e1ab9b3432b55 C:\Program Files\NVIDIA Corporation\Update Common\easyDaemonAPIU.DLL

MD5: 0ba077efedbd024029d2f77c355cadde C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll

MD5: a15b420eeb9850b22d803a676e3423cc C:\Program Files\NVIDIA Corporation\Update Common\NVUPDTR.DLL

MD5: 59325d3245246df17235a4a551b9853a C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

MD5: 1aef52f2cc9acb260cdc93904a0b36df C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

MD5: d0c0b700152b1f610f10b356483b3401 C:\Program Files\Skype\Updater\Updater.exe

MD5: 9f3e7cabe86bbdeca009de291db6d9e2 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

MD5: 11e618a8a8c56a2063428ba1c3b615d0 C:\Program Files\TeamViewer\Version8\tv_w32.dll

MD5: 0e3d30f8cdd82e7e64938459ca90d9f0 C:\Program Files\Windows Media Player\wmpband.dll

MD5: b60f58f175de20a6739194e85b035178 C:\Program Files\WinPcap\rpcapd.exe

MD5: 2e0fe4c6595296051a1533f2e19a7eb2 C:\Program Files\WS_FTP Pro\nsftpch.dll

MD5: b570f2f4031ae076f58a53d6b238ca05 c:\program files\ws_ftp pro\wsbho2k0.dll

MD5: cd64b78db77d443181a9e2e834796863 C:\PROGRA~1\McAfee\SITEAD~1\saUI.exe

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 7a4d7b91bc815ed33e63122ca7078fd0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll

MD5: 878f6183cef9bef0019fe03ee10ad269 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll

MD5: c1a1f10bd3839c6c583ae84c9d6d0b22 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll

MD5: bb5b7e95212d816aff7a329f248a1adf C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll

MD5: 89be7f1e47ade757e0460027ec5cd998 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll

MD5: c2b9b86d3037ad3902058939954d6109 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll

MD5: 5cffbd7d881a175ca94b4972157f8034 C:\WINDOWS\Downloaded Program Files\atcliun.exe

MD5: 84bc80b9d12f8611592346fe1477069e C:\WINDOWS\Downloaded Program Files\DiskMD3Ctrl.dll

MD5: 1b71f118d7393976b5e53e99f3f4d695 C:\WINDOWS\Downloaded Program Files\ieatgpc.dll

MD5: 3f4413dcd8d3bbabf08f68f25e6d60e1 C:\WINDOWS\Downloaded Program Files\isusweb.dll

MD5: 6c079a0e753cbcd7f34ae8446589199a C:\WINDOWS\Downloaded Program Files\mhLbl.dll

MD5: 0a69653cdc454f714b1e2e86923bc2f9 C:\WINDOWS\Downloaded Program Files\PCPitStop.dll

MD5: d8c4d4b92b29b5856293da270cfaae44 C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll

MD5: 6ef25bb1191df8a37e863551de4f4a45 C:\WINDOWS\Downloaded Program Files\PCPitstop3D.dll

MD5: ef46173fa99251ad3994fa2c9a194f93 C:\WINDOWS\Downloaded Program Files\PCPitstopAntiVirus2.dll

MD5: 56940b50ab0e5923822f47b0e4463885 C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: b0af3f6c7ee623eedc275f34e69ce692 C:\WINDOWS\Downloaded Program Files\SBTE.DLL

MD5: 861884fc6522c2ee25d86c84e5384d42 C:\WINDOWS\Downloaded Program Files\SPURSDOWNLOAD.DLL

MD5: c95bbeda7cb9b019229aa8706254f6b4 C:\WINDOWS\Downloaded Program Files\TunnelX.ocx

MD5: dfe4a062ffed0c938867de4647a55c48 C:\WINDOWS\Downloaded Program Files\VIPRE.DLL

MD5: 860fad57b4668a9f5f350a9d5444ae89 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

MD5: b560a085eed4d5d72b039929f9ae4991 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: f282d4edd85d53e20d902cc92190c5f5 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

MD5: fb53a700132d9a97d1e10e9f80bd6174 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: d3cc7a3813123e955b3a497c04b404e2 C:\WINDOWS\SMINST\RECGUARD.EXE

MD5: c85670ab64068f8080998aeba6c5019c C:\WINDOWS\system32\ATL100.DLL

MD5: cfd4e51402da9838b5a04ae680af54a0 c:\windows\system32\browser.dll

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 698f56b7f74bdf9433a30f2c323169ee C:\WINDOWS\system32\corelcreatorpm.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: 06f2aea1065838aae394553063cdf28e C:\WINDOWS\system32\CRTDLL.dll

MD5: 6bee5d4eff0a0341bcc4a462d81ccfc1 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll

MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll

MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 062373995eae5f0eac9eaa9192136bfb C:\WINDOWS\system32\dnssd.dll

MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys

MD5: 9372cc48814a17e67c28945eb4acc189 C:\WINDOWS\system32\DRIVERS\basic2.sys

MD5: 67b20da4727f54aea29fddad810c898d C:\WINDOWS\system32\drivers\cfwids.sys

MD5: 9ea76a7f28cd968f8adc709e479f23b2 C:\WINDOWS\system32\DRIVERS\fallback.sys

MD5: 413cfa795cad19a010889df0ec060408 C:\WINDOWS\system32\DRIVERS\faxnt.sys

MD5: b7b262d0431374f3afd1349e35b368d9 C:\WINDOWS\system32\DRIVERS\fsksnt.sys

MD5: 185ada973b5020655cee342059a86cbb C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

MD5: d61e53e3fec0c92bc8dd3969fad63f87 C:\WINDOWS\system32\drivers\HipShieldK.sys

MD5: a941aa38e3951058e584c4bbddd56ed9 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

MD5: 970178e8e003eb1481293830069624b9 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys

MD5: ebb354438a4c5a3327fb97306260714a C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys

MD5: a4e3277398c8aba999483d4c658c9696 C:\WINDOWS\system32\DRIVERS\k56nt.sys

MD5: ba1347822d01b2d29c14cf09663a6457 C:\WINDOWS\system32\DRIVERS\lvrs.sys

MD5: e2c99d3b692ba2173114c9df79313b70 C:\WINDOWS\system32\DRIVERS\lvuvc.sys

MD5: b73ec688c29f81f9da0fcf63682b3ecb C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

MD5: 195741aee20369980796b557358cd774 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

MD5: ba3004f4c0a0cd19db9c2c0ab3a84efe C:\WINDOWS\system32\drivers\mfeapfk.sys

MD5: 39c20b7d9ac19bfe616ca09dd3a240af C:\WINDOWS\system32\drivers\mfeavfk.sys

MD5: e3470decda0a4015a0ca00ed645f2ebe C:\WINDOWS\system32\drivers\mfebopk.sys

MD5: c8ac8147e02ed8795e1fd946165baccf C:\WINDOWS\system32\drivers\mfefirek.sys

MD5: 7aaf92954d8d2801b17a1163c60abfe9 C:\WINDOWS\system32\drivers\mfehidk.sys

MD5: 3474b9391903c0ab2e9987cb4de943d8 C:\WINDOWS\system32\DRIVERS\mfendisk.sys

MD5: 62d55d882d58a1250348f324bc0afc06 C:\WINDOWS\system32\drivers\mferkdet.sys

MD5: fcfab391e3736769fe5865f3acb3dccb C:\WINDOWS\system32\drivers\mfetdi2k.sys

MD5: 9fa7207d1b1adead88ae8eed9cdbbaa5 C:\WINDOWS\system32\drivers\monfilt.sys

MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys

MD5: b48dc6abcd3aeff8618350ccbdc6b09a C:\WINDOWS\system32\drivers\npf.sys

MD5: 68b8c35782ffd20973524f748234b5a9 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

MD5: a12ec731bb00adad2d016d41c1f18fa4 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

MD5: 5dc6a149897820de315916b6ec984ec9 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

MD5: 4c35e57300a2dc5932a8e29efa527c32 C:\WINDOWS\system32\DRIVERS\rksample.sys

MD5: a9573045baa16eab9b1085205b82f1ed C:\WINDOWS\system32\DRIVERS\serscan.sys

MD5: c11082c80723771c1979eacf7fdde1c3 C:\WINDOWS\system32\DRIVERS\spkpnt.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: 9101fffcfccd1a30e870a5b8a9091b10 C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys

MD5: e0f10a379239b4fab319c55a9cd6bc96 C:\WINDOWS\system32\DRIVERS\tonesnt.sys

MD5: 8bf5d980cdce35fb26f05047144bb57e C:\WINDOWS\System32\Drivers\usbaapl.sys

MD5: 177b65899d418f8c8f037b20567a99d6 C:\WINDOWS\system32\DRIVERS\v124nt.sys

MD5: 5822017d17d7f14cb5a57c04767135d1 C:\WINDOWS\system32\drivers\viahduaa.sys

MD5: 4c0b8ef721783f52f8e531fbdc4b1f74 C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

MD5: ffb3115aa757abefba7fba90bad5dd0a C:\WINDOWS\system32\en-us\tQuery.dll.mui

MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll

MD5: fb034de7f0d706eba9513d8ed7478acb C:\WINDOWS\system32\HPDiscoPM5912.dll

MD5: 5f923ae1c8cdff1d6890a2994ed33e0e C:\WINDOWS\system32\hpgwiamd.dll

MD5: b4cd580096ede5be874fa5b92a34aec4 C:\WINDOWS\system32\hpinksts5912LM.dll

MD5: efc067aab4af13c03f9fb8c385351a60 C:\WINDOWS\system32\HPScanTRDrv_OJ8600.dll

MD5: 0e40a02ddc65f33af80c962a3b00345a C:\WINDOWS\system32\hptcpmib.dll

MD5: b3d7330f19c7ad35b4bf8bb2fbecf372 C:\WINDOWS\system32\hptcpmon.dll

MD5: fb5a1d9e11e1cdad9d0cda06d7e86981 C:\WINDOWS\system32\HPTcpMUI.dll

MD5: aea9ed3acafe9f47735f8e048ca21b19 C:\WINDOWS\system32\HPWia1_OJ8600.dll

MD5: 2d091a99624fb9e7eef0a86d872ec0c3 C:\WINDOWS\system32\HPZipm12.exe

MD5: b85ec14c7a5f7b2c8d70d4443486dd77 C:\WINDOWS\system32\hpzjrd01.dll

MD5: 52417880ac75ac4b7f4e5c3b54ca6621 C:\WINDOWS\system32\hpzlnt12.dll

MD5: 903c8c110131b8a71501514b61a17761 C:\WINDOWS\system32\ieframe.dll

MD5: 7b6f5a09bcb1e8017a964ffe0992e8f6 C:\WINDOWS\system32\iepeers.dll

MD5: 994b77915ea49a467cda144806ae42d6 C:\WINDOWS\system32\iertutil.dll

MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll

MD5: 63e8d944afbeebb243f25c4ed07e74c5 C:\WINDOWS\system32\inetmib1.dll

MD5: b6932761058dc21beaa7a1245b1b20e6 C:\WINDOWS\system32\infosoft.dll

MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\JScript.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: 6fe42512ab1b89f32a7407f261b1d2d0 C:\WINDOWS\system32\kernel32.dll

MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll

MD5: 5677dfe438ec1f009273fc84feed6b10 C:\WINDOWS\system32\localspl.dll

MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: 25def2ef843275862ffbf55487cefddd C:\WINDOWS\system32\Macromed\Flash\Flash32_11_5_502_135.ocx

MD5: 95ce557d16a75606ccc2d7f3b0b0bccb C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

MD5: 54fc590185d7d00d65e53b9a5990dc14 C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

MD5: 82b7415d5a8fb24d3f6736400f5e1600 C:\WINDOWS\system32\mfevtps.exe

MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll

MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime

MD5: bd4d9d7b6a3880d42cda8492452c9e71 C:\WINDOWS\system32\msfeeds.dll

MD5: 9c46e5c82f94d9aedd2ce798f0df1158 C:\WINDOWS\system32\mshtml.dll

MD5: 29bd913d8fd1feb6728dc9b43b55c1d2 C:\WINDOWS\system32\MSRATING.dll

MD5: bc83108b18756547013ed443b8cdb31b C:\WINDOWS\system32\MSVCP100.dll

MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\WINDOWS\system32\MSVCR100.dll

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll

MD5: acfee2392503dd5e457363a0510b8bcb c:\Windows\System32\msxml3.dll

MD5: a0ae7f043497c9971e9d7fe291099d40 C:\WINDOWS\system32\msxml6.dll

MD5: cac752bf84db4666ed3ce0948e6ea937 C:\WINDOWS\system32\NETAPI32.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\netshell.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 981027c4b940bbe220eccb00f0b159b4 C:\WINDOWS\system32\nvapi.dll

MD5: ed43760c9a61c0abd91a473762e5a791 C:\WINDOWS\system32\NvCpl.dll

MD5: b3c1ba5f5ab8f9d8fc3b00f907522631 C:\WINDOWS\system32\NvMCTray.dll

MD5: ffd30daaf62d605069f6eb42d2e807c3 C:\WINDOWS\system32\nvsvc32.exe

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll

MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll

MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll

MD5: b84990566b1a5611818e36379e49dad2 C:\WINDOWS\system32\pdfports.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS\system32\schannel.dll

MD5: f0a0ebf086597e645bc14b0d98f8ba58 C:\WINDOWS\system32\scrrun.dll

MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll

MD5: e73f18195ccf4aaaa87b2d22e83f791c C:\WINDOWS\system32\serwvdrv.dll

MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll

MD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: ef588ebd27aa2124f83c630c61c126bc C:\WINDOWS\System32\spool\PRTPROCS\W32X86\WfxPrint2000.dll

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll

MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\T2EMBED.DLL

MD5: ec2ad9ac452e0a8d976fb1b1718517ce C:\WINDOWS\system32\umdmxfrm.dll

MD5: bca608797a3e8eec0094cd6d596d77d7 C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll

MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\VBScript.dll

MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll

MD5: 9ad88ea663124336e88eb031f917ce20 C:\WINDOWS\system32\WININET.dll

MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll

MD5: d458b738b4c2ce33174cfb2ce12412db C:\WINDOWS\system32\WINTRUST.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe

MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll

MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll

MD5: bdc0c99e472176c8c2c853a68adc5073 C:\WINDOWS\system32\wups2.dll

MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll

MD5: c701d4500d0cb03ff4543f9907b624ea C:\WINDOWS\system32\xmllite.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll

MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll

MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll

The following file(s) must be uploaded for server-side scanning:

C:\WINDOWS\system32\hptcpmib.dll

C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

C:\Program Files\Internet Explorer\plugins\NPDocBox.dll

C:\WINDOWS\system32\hptcpmon.dll

C:\WINDOWS\Downloaded Program Files\isusweb.dll

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

C:\Program Files\Internet Explorer\plugins\nppdf32.dll

C:\WINDOWS\SMINST\RECGUARD.EXE

C:\WINDOWS\system32\corelcreatorpm.dll

C:\WINDOWS\System32\spool\PRTPROCS\W32X86\WfxPrint2000.dll

C:\Program Files\dcmsvc\dcmsvc.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll

C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll

C:\Program Files\WS_FTP Pro\nsftpch.dll

C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

C:\WINDOWS\system32\hpzjrd01.dll

C:\WINDOWS\system32\pdfports.dll

C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll

c:\program files\ws_ftp pro\wsbho2k0.dll

C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\HPTcpMUI.dll

Upload started - 28 file(s)

dcmsvc.exe (30440)

LSSrvc.exe (53248)

HPZipm12.exe (73728)

issch.exe (81920)

RECGUARD.EXE (212992)

WfxPrint2000.dll (16840)

pdfports.dll (20584)

nsftpch.dll (24576)

npjp2.dll (69632)

hptcpmib.dll (73728)

adistres.dll (77824)

nppdf32.dll (103344)

hptcpmon.dll (122880)

corelcreatorpm.dll (126976)

wsbho2k0.dll (131072)

hpzjrd01.dll (139264)

npqtplugin.dll (159744)

eqsnx.dll (208896)

HPTcpMUI.dll (212992)

NPDocBox.dll (225280)

isusweb.dll (401408)

System.Configuration.ni.dll (971264)

Upload speed - 20 KB/s

Upload finished - 28 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 174 sec

Total traffic - 3.42 MB sent, 0.88 KB recvd

Scanned 809 files and modules - 250 seconds

==============================================================================

RogueKiller V8.4.1 [Dec 24 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Roman [Admin rights]

Mode : Scan -- Date : 12/25/2012 13:26:37

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] PCShowServerPMWrapper.exe -- C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe -> KILLED [TermProc]

[DLL] rundll32.exe -- C:\WINDOWS\system32\rundll32.exe : C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll -> KILLED [TermProc]

[sUSP PATH] NDSPCShowServer.exe -- C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : PCShowServer (C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe) -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND

[RUN][sUSP PATH] HKUS\.DEFAULT[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-19[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-20[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1687530015-1697978249-4202760790-1004[...]\Run : PCShowServer (C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1687530015-1697978249-4202760790-1004[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-18[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW) -> FOUND

[services][Rans.Gendarm] HKLM\[...]\ControlSet001\Services\CorelCreatorMessages ("C:\WINDOWS\system32\CorelCreatorMessages.exe") -> FOUND

[services][Rans.Gendarm] HKLM\[...]\ControlSet003\Services\CorelCreatorMessages ("C:\WINDOWS\system32\CorelCreatorMessages.exe") -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380012A +++++

--- User ---

[MBR] 63d314d6f97c15e54d341fb66a926441

[bSP] ab90a61d0cadfefa0824665e9ce9ec94 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST3500320AS +++++

--- User ---

[MBR] 2422b9798518f2263a8cf51995fac452

[bSP] 8312934f688144256aeb1d7b8230715f : Legit2 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 7373835 | Size: 473337 Mo

1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 3600 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12252012_02d1326.txt >>

RKreport[1]_S_12252012_02d1326.txt

Share this post


Link to post
Share on other sites

Next, what I'd like for you to do, is to manually review the toolbars in each browser you have. Internet Explorer first, then, Firefox & or Chrome, as appropriate.

The following is a very good write-up to follow. Look at it, print it out, and look for any toolbar from 2gunsfiring_v1.gifBandoo or even iLivid.

If you find one by these, then disable it and write down the name for me.

See http://deletemalware...tall-guide.html

Skip the first section about "antimalware".

Start with the section "Remove Searchqu Toolbar in Internet Explorer:

1. Open Internet Explorer. Go to Tools ? Manage Add-ons."

and onwards.

Do the section for Internet Explorer.

Only if you have Chrome, do the section on Chrome.

Only if you have Firefox, do the section on Firefox.

Once you have checked in your browsers, proceed to Step 2 below.

Do NOT do any manual registry deletions or tweaks/fixes on your own.

Step 2 Custom Scan with OTL

Please close any of your open windows/programs and exit; saving any open work you have.

Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Do not run it .....yet.

Go slow and careful. This will be a Custom scan with OTL tool. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\*. /mp /s
    CLEARALLRESTOREPOINTS
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote.

There will be more to do later.

xmas.gif

Share this post


Link to post
Share on other sites

I found no toolbars that reference Bandoo, iLivid, or Searchqu. I found no add-ons for the same in either IE, Firefox, or Chrome.

You may have seen it, but on one of the previous scans above, it appears that I also have a touch of ** Infection : Rans.Gendarm **

OTL logs follow:

OTL logfile created on: 12/25/2012 4:35:43 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roman\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 81.42% Memory free

4.97 Gb Paging File | 4.17 Gb Available in Paging File | 83.87% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 462.24 Gb Total Space | 412.23 Gb Free Space | 89.18% Space Free | Partition Type: NTFS

Drive E: | 74.53 Gb Total Space | 48.17 Gb Free Space | 64.63% Space Free | Partition Type: NTFS

Computer Name: ZTDESKTOP | User Name: Roman | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/25 16:31:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roman\Desktop\OTL.exe

PRC - [2012/12/21 00:41:32 | 028,539,728 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe

PRC - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

PRC - [2012/12/02 10:07:55 | 000,086,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

PRC - [2012/11/09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe

PRC - [2012/11/09 06:50:10 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe

PRC - [2012/11/09 06:48:10 | 000,203,400 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe

PRC - [2012/10/31 19:38:02 | 000,519,584 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\SmartPrint\BootStrap.exe

PRC - [2012/10/17 04:05:54 | 001,837,672 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

PRC - [2012/10/17 04:05:10 | 000,673,384 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

PRC - [2012/10/17 04:02:20 | 000,790,120 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

PRC - [2012/09/12 12:21:04 | 001,278,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

PRC - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

PRC - [2011/11/03 10:21:00 | 001,787,752 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe

PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2011/06/05 20:41:34 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

PRC - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe

PRC - [2008/04/14 11:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/14 03:08:11 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\41cac4885974d07de06f0b4fec9883f0\System.Configuration.ni.dll

MOD - [2012/11/14 03:05:53 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\d35b50eb6bb7b1bfb6592419d9feba47\System.Xml.ni.dll

MOD - [2012/11/14 03:05:49 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6585a5fcaaa1b49b9a1bd9ca5c5c306e\System.Windows.Forms.ni.dll

MOD - [2012/11/14 03:05:37 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\da4bcb702feb770ce40cf1371b0c4d02\System.Drawing.ni.dll

MOD - [2012/11/14 03:04:12 | 007,977,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\90ad0c96693527ae685ff40019bb33b0\System.ni.dll

MOD - [2012/11/14 03:03:58 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3add69b075f3da012fb97ce00cd795c0\mscorlib.ni.dll

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/12 12:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll

MOD - [2011/08/12 12:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll

MOD - [2011/08/12 12:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll

MOD - [2011/08/12 12:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll

MOD - [2011/08/12 12:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll

MOD - [2011/04/11 14:40:24 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\corelcreatorpm.dll

MOD - [2009/04/07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe

MOD - [2001/12/20 15:21:10 | 000,024,576 | ---- | M] () -- C:\Program Files\WS_FTP Pro\nsftpch.dll

MOD - [2001/10/11 16:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\system32\CorelCreatorMessages.exe -- (CorelCreatorMessages)

SRV - [2012/12/24 17:01:43 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/18 07:54:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)

SRV - [2012/12/02 10:07:55 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)

SRV - [2012/11/16 21:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2012/11/09 12:21:16 | 000,160,944 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/11/09 06:53:22 | 000,167,344 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2012/11/09 06:50:10 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV - [2012/11/09 06:48:10 | 000,203,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV - [2012/09/23 09:28:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [On_Demand | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)

SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV - [2012/02/10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2012/01/18 04:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/09/09 01:13:50 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Nuance\PDF Professional 7\PDFProFiltSrv.exe -- (PDFProFiltSrv)

SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2011/06/05 19:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)

SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Roman\LOCALS~1\Temp\mbr.sys -- (mbr)

DRV - [2012/11/09 06:56:16 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)

DRV - [2012/11/09 06:53:02 | 000,091,168 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)

DRV - [2012/11/09 06:52:12 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2012/11/09 06:51:12 | 000,565,352 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2012/11/09 06:50:30 | 000,084,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)

DRV - [2012/11/09 06:50:30 | 000,084,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)

DRV - [2012/11/09 06:50:20 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)

DRV - [2012/11/09 06:50:00 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2012/11/09 06:49:40 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2012/11/09 06:49:10 | 000,132,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2012/09/21 15:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)

DRV - [2012/09/21 15:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HipShieldK.sys -- (HipShieldK)

DRV - [2010/06/25 12:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)

DRV - [2009/11/09 12:12:42 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)

DRV - [2009/10/07 03:49:50 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2009/07/01 10:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2009/07/01 10:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2009/03/25 13:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2008/05/21 08:48:04 | 000,277,376 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)

DRV - [2008/02/14 13:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)

DRV - [2004/08/12 10:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

DRV - [2001/09/07 09:57:00 | 000,584,336 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsf_cnxt.sys -- (winachsf)

DRV - [2001/09/07 09:57:00 | 000,534,125 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v124nt.sys -- (V124)

DRV - [2001/09/07 09:57:00 | 000,426,783 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\k56nt.sys -- (K56)

DRV - [2001/09/07 09:57:00 | 000,310,899 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fallback.sys -- (Fallback)

DRV - [2001/09/07 09:57:00 | 000,217,019 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\faxnt.sys -- (SoftFax)

DRV - [2001/09/07 09:57:00 | 000,127,405 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fsksnt.sys -- (Fsks)

DRV - [2001/09/07 09:57:00 | 000,080,449 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\spkpnt.sys -- (SpeakerPhone)

DRV - [2001/09/07 09:57:00 | 000,077,426 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\basic2.sys -- (basic2)

DRV - [2001/09/07 09:57:00 | 000,067,654 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rksample.sys -- (Rksample)

DRV - [2001/09/07 09:57:00 | 000,056,607 | R--- | M] (Conexant Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tonesnt.sys -- (Tones)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{5496894E-FE95-4A30-9F1A-944E9259673D}: "URL" = http://www.amazon.com/s?ie=UTF8&tag=amznsearch.ms-20&index=aps&link%5Fcode=qs&field-keywords={searchTerms}

IE - HKCU\..\SearchScopes\{A0038F32-F1DB-4E89-B3C6-BDCFBB83AEEC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKCU\..\SearchScopes\{D730CC2D-E51A-451C-BD7B-F3D5D2B6FBC5}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledAddons: xvmaiknmln%40xvmaiknmln.org:2.5

FF - prefs.js..extensions.enabledAddons: %7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:15.1.0

FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.5.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/12/25 13:00:31 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Documents and Settings\All Users\Application Data\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@ascendo-inc/DataVault;version=1: C:\Program Files\DataVault\npapi.dll File not found

FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll (NDS)

FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\FF1

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/12/15 09:44:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2012/12/02 09:58:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/12/25 16:34:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/24 17:01:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/11/05 11:57:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roman\Application Data\Mozilla\Extensions

[2012/12/23 08:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\43597dhz.default\Extensions

[2006/02/28 07:00:00 | 000,004,815 | ---- | M] () (No name found) -- C:\Documents and Settings\Roman\Application Data\Mozilla\Firefox\Profiles\43597dhz.default\Extensions\xvmaiknmln@xvmaiknmln.org.xpi

[2012/12/24 17:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/12/24 17:01:33 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/12/25 16:34:04 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE

[2012/12/15 09:44:50 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR

[2012/12/24 17:01:43 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/11/25 07:28:43 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/11/05 11:58:17 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2012/11/25 07:28:43 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: NDS PCShow Plugin (Enabled) = C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll

CHR - plugin: PCShow Player Plugin (Enabled) = C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll

CHR - Extension: YouTube = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google Search = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: SiteAdvisor = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\

CHR - Extension: Gmail = C:\Documents and Settings\Roman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/06/17 07:18:41 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (HP Smart Print BHO) - {1658D3A1-9E13-4196-A82A-D70D70880F36} - C:\Program Files\Hewlett-Packard\SmartPrint\QuickPrintBHO.dll (Hewlett-Packard)

O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)

O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()

O4 - HKLM..\Run: [info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe (PC Pitstop LLC)

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()

O4 - HKLM..\Run: [PDF7 Registry Controller] C:\Program Files\Nuance\PDF Professional 7\RegistryController.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PDFProHook] C:\Program Files\Nuance\PDF Professional 7\PdfPro7Hook.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKCU..\Run: [Google] C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll (MainConcept GmbH)

O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

O4 - HKCU..\Run: [iSUSPM] C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

O4 - HKCU..\Run: [PCShowServer] C:\Documents and Settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)

O4 - Startup: C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present

O8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\HPQuickPrintLauncher.exe (Hewlett-Packard)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)

O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)

O15 - HKCU\..Trusted Domains: xmradio.com ([xmro] http in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} https://www.mydlink.com/8D/activeX//TunnelX.ocx (TunnelX Control)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (GMNRev Class)

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP6EP1-15324/webex/ieatgpc.cab (GpcContainer Class)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53371D86-939F-42EB-8692-365423C01C6D}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found

O18 - Protocol\Handler\AutorunsDisabled\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 () -

O24 - Desktop WallPaper: C:\Documents and Settings\Roman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Roman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/09/05 20:08:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()

SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)

SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)

SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)

SafeBootNet: mfevtp - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)

SafeBootNet: MpfService - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: AutorunsDisabled -

Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.pspgru - C:\WINDOWS\System32\PSPGRU.acm (Philips Austria GmbH - Speech Processing)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CLEARALLRESTOREPOINTS

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/12/25 16:31:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Roman\Desktop\OTL.exe

[2012/12/25 13:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Desktop\RK_Quarantine

[2012/12/25 13:17:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Application Data\QuickScan

[2012/12/25 13:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2012/12/25 13:04:11 | 000,000,000 | ---D | C] -- C:\rsit

[2012/12/25 13:00:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/12/25 12:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

[2012/12/25 12:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/12/25 12:57:57 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Roman\Desktop\erunt-setup.exe

[2012/12/24 20:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee

[2012/12/24 17:45:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Roman\Start Menu\Programs\Administrative Tools

[2012/12/24 17:44:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Roman\Desktop\dds.scr

[2012/12/24 17:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/12/23 17:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 8

[2012/12/19 08:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox

[2012/12/19 08:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2012/12/19 08:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/12/19 08:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/12/19 08:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012/12/15 07:46:58 | 000,084,432 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys

[2012/12/06 19:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2012/12/06 19:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2012/12/02 11:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2012/12/02 11:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2012/12/02 10:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Application Data\Hewlett-Packard

[2012/12/02 10:03:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Roman\My Documents\HP Photo Creations

[2012/12/02 10:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Application Data\Visan

[2012/12/02 10:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Visan

[2012/12/02 10:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations

[2012/12/02 10:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations

[2012/12/02 09:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

[2012/12/02 09:36:42 | 000,580,712 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5912.dll

[2012/12/02 09:36:40 | 001,979,280 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanTRDrv_OJ8600.dll

[2012/12/02 09:36:40 | 000,495,504 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPWia1_OJ8600.dll

[2012/12/02 09:36:36 | 002,216,336 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkins5912.exe

[2012/12/02 09:36:36 | 000,529,808 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5912.dll

[2012/12/02 09:36:36 | 000,268,688 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5912LM.dll

[2012/12/02 09:36:36 | 000,220,560 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5912.dll

[2012/11/28 05:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\My Documents\Wireshark

[2012/11/26 18:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Application Data\Wireshark

[2012/11/26 18:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap

[2012/11/26 18:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap

[2012/11/26 18:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark

[2009/08/20 17:59:23 | 003,902,784 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Roman\gosetup.exe

[2009/05/18 18:24:08 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Roman\gotomypc_438.exe

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/25 16:31:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roman\Desktop\OTL.exe

[2012/12/25 16:25:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job

[2012/12/25 15:54:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/12/25 15:48:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job

[2012/12/25 14:00:12 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job

[2012/12/25 13:27:24 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BDE7133C-82B2-4BF4-85C5-B5D91B4A4BA3}.job

[2012/12/25 13:25:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2012/12/25 13:23:56 | 000,758,272 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\RogueKiller.exe

[2012/12/25 13:09:27 | 000,856,731 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\SecurityCheck.exe

[2012/12/25 13:02:36 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\RSIT.exe

[2012/12/25 12:59:11 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\NTREGOPT.lnk

[2012/12/25 12:59:11 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\ERUNT.lnk

[2012/12/25 12:57:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Roman\Desktop\erunt-setup.exe

[2012/12/25 10:10:01 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job

[2012/12/24 20:40:04 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job

[2012/12/24 17:44:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Roman\Desktop\dds.scr

[2012/12/24 06:23:12 | 000,001,659 | ---- | M] () -- C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk

[2012/12/24 06:22:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/12/24 06:21:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/12/24 06:21:27 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/12/24 06:21:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2012/12/23 17:40:01 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk

[2012/12/23 16:36:23 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\Microsoft Word 2010.lnk

[2012/12/21 09:34:21 | 000,001,005 | ---- | M] () -- C:\WINDOWS\wsftppro.INI

[2012/12/21 07:28:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/12/21 07:14:04 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Dropbox.lnk

[2012/12/21 07:13:07 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\Dropbox.lnk

[2012/12/19 08:24:14 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2012/12/18 07:54:50 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012/12/18 07:54:50 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll

[2012/12/16 07:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll

[2012/12/12 06:14:44 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/12/12 06:13:08 | 002,001,455 | ---- | M] () -- C:\WINDOWS\iis6.BAK

[2012/12/08 15:03:47 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk

[2012/12/06 19:36:54 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2012/12/02 11:08:38 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2012/12/02 10:00:39 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\HP Printer Doctor.lnk

[2012/12/02 09:45:51 | 000,000,279 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\HP Printing Software.url

[2012/12/02 09:36:42 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8600.lnk

[2012/12/02 09:36:42 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk

[2012/12/02 08:05:27 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Roman\Desktop\Microsoft Excel 2010.lnk

[2012/11/26 18:49:53 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1

[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/25 13:23:53 | 000,758,272 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\RogueKiller.exe

[2012/12/25 13:09:27 | 000,856,731 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\SecurityCheck.exe

[2012/12/25 13:02:32 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\RSIT.exe

[2012/12/25 12:59:11 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\NTREGOPT.lnk

[2012/12/25 12:59:11 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\ERUNT.lnk

[2012/12/23 17:40:01 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 8.lnk

[2012/12/21 07:14:04 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Dropbox.lnk

[2012/12/19 08:24:14 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2012/12/18 06:54:02 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/12/02 11:08:38 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

[2012/12/02 10:02:04 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk

[2012/12/02 10:02:03 | 000,000,490 | ---- | C] () -- C:\WINDOWS\tasks\HP Photo Creations Communicator.job

[2012/12/02 10:00:39 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\HP Printer Doctor.lnk

[2012/12/02 09:44:15 | 000,000,279 | ---- | C] () -- C:\Documents and Settings\Roman\Desktop\HP Printing Software.url

[2012/12/02 09:38:44 | 000,001,659 | ---- | C] () -- C:\Documents and Settings\Roman\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk

[2012/12/02 09:36:42 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk

[2012/12/02 09:36:41 | 000,001,945 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet Pro 8600.lnk

[2012/11/26 18:49:53 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1

[2012/11/26 18:49:22 | 000,001,481 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Wireshark.lnk

[2012/10/28 15:20:30 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini

[2012/06/17 07:11:35 | 000,103,784 | ---- | C] () -- C:\Documents and Settings\Roman\GoToAssistDownloadHelper.exe

[2012/02/16 19:57:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2012/01/30 06:29:00 | 002,473,151 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1687530015-1697978249-4202760790-1004-0.dat

[2012/01/30 06:28:56 | 000,297,042 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011/12/25 07:55:52 | 000,000,681 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc

[2011/12/17 11:48:59 | 000,002,560 | ---- | C] () -- C:\Documents and Settings\Roman\repl.dat

[2011/12/16 08:09:43 | 000,002,560 | ---- | C] () -- C:\WINDOWS\repl.dat

[2011/09/29 17:20:07 | 000,000,656 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini

[2011/09/29 17:19:02 | 000,068,951 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp

[2011/09/29 17:19:02 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp

[2011/08/19 04:26:20 | 010,919,784 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

[2011/08/19 04:26:20 | 000,338,136 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

[2011/08/19 04:26:20 | 000,103,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2011/06/27 21:34:03 | 002,811,988 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data

[2011/05/04 21:13:28 | 000,021,907 | ---- | C] () -- C:\Documents and Settings\Roman\Application Data\Microsoft Excel.ADR

[2011/04/11 14:40:24 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\corelcreatorpm.dll

[2011/03/05 19:25:48 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011/02/27 07:38:36 | 000,001,128 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat

[2011/02/18 22:02:48 | 000,060,052 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/10/21 16:49:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Roman\Local Settings\Application Data\fusioncache.dat

[2010/03/02 19:57:59 | 000,003,638 | ---- | C] () -- C:\Documents and Settings\Roman\Application Data\SAS7_000.DAT

[2009/07/17 12:55:36 | 000,300,848 | ---- | C] ( ) -- C:\Documents and Settings\All Users\dcmsvcsetup.exe

[2009/07/17 12:55:34 | 000,009,960 | ---- | C] () -- C:\Documents and Settings\All Users\invokesi.exe

[2008/11/23 15:14:30 | 000,066,360 | ---- | C] () -- C:\Documents and Settings\Roman\g2ax_expert_downloadhelper_win32_x86.exe

[2008/11/22 10:38:36 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Roman\default.pls

[2008/11/06 20:15:14 | 000,023,139 | ---- | C] () -- C:\Documents and Settings\Roman\Application Data\Comma Separated Values (Windows).ADR

========== ZeroAccess Check ==========

[2008/10/31 20:23:15 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 11:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 11:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

[2012/12/19 08:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

[2012/11/23 13:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2008/09/05 20:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead

[2011/02/14 18:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2011/02/12 07:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2011/07/15 18:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications

[2009/05/27 18:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge

[2012/06/17 07:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix

[2011/07/09 16:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel

[2011/07/02 11:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Corel PDF Fusion

[2009/10/15 06:04:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink

[2011/07/29 17:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2011/09/10 02:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater

[2012/12/02 09:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP

[2012/12/08 15:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations

[2012/12/02 09:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant

[2010/03/02 19:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield

[2010/01/29 18:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit

[2010/09/26 07:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage

[2010/02/12 19:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd

[2011/12/03 19:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logitech

[2012/11/18 08:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012/11/14 03:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2012/10/29 15:39:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2012/12/12 06:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2012/11/22 06:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mozilla

[2009/08/01 07:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS

[2011/12/30 11:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance

[2012/10/23 05:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA

[2009/10/15 07:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2009/08/16 14:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles

[2010/06/15 17:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

[2012/12/25 13:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop

[2012/01/21 06:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstopDat

[2011/12/30 11:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2009/04/15 17:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

[2012/12/06 19:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2010/01/27 06:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun

[2008/10/29 07:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec

[2012/12/25 16:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp

[2012/12/02 10:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visan

[2010/09/26 07:57:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc

[2008/09/05 21:23:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2011/12/30 11:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon

[2011/02/12 07:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2012/08/21 13:01:28 | 001,977,816 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\GEARDIFx.exe

[2012/08/21 13:01:22 | 000,115,672 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\DifXInst32.exe

[2012/12/19 08:18:42 | 000,077,288 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 11.0.1.12\SetupAdmin.exe

[2009/05/27 18:23:02 | 000,599,304 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Controller.exe

[2009/05/27 18:23:14 | 000,626,440 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\Customer.exe

[2009/05/27 18:22:51 | 000,353,544 | ---- | M] (CA, Inc) -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe

[2011/04/11 09:46:50 | 115,760,736 | ---- | M] (Corel Corporation ) -- C:\Documents and Settings\All Users\Application Data\Corel PDF Fusion\1.0.0\CorelPDFFusionInstaller_x64_EN.exe

[2011/04/11 09:44:38 | 099,148,288 | ---- | M] (Corel Corporation ) -- C:\Documents and Settings\All Users\Application Data\Corel PDF Fusion\1.0.0\CorelPDFFusionInstaller_x86_EN.exe

[2011/06/05 20:41:34 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\agent.exe

[2011/06/05 20:41:34 | 000,206,112 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\dwusplay.exe

[2011/06/05 20:41:34 | 000,402,720 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISDM.exe

[2011/06/05 20:41:34 | 000,087,328 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\issch.exe

[2011/06/05 20:41:34 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe

[2011/11/18 05:11:00 | 000,185,472 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\Communicator.exe

[2012/12/08 15:03:46 | 000,304,256 | ---- | M] (Visan / RocketLife) -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\PhotoProductCore.exe

[2012/12/08 15:03:46 | 000,161,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations\PhotoProductReg.exe

[2011/02/11 18:26:04 | 000,265,560 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE

[2010/11/29 18:26:12 | 000,026,456 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe

[2010/11/29 18:26:12 | 000,026,456 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Hab\Custom\billmind.exe

[2010/11/29 18:26:12 | 000,026,456 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe

[2010/11/29 18:26:12 | 000,026,456 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe

[2010/05/12 15:42:06 | 000,046,904 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\All Users\Application Data\Logitech\LWS\PrivacyShades\LWS_PrivacyShade_Uninstall.exe

[2011/05/25 01:09:21 | 000,194,152 | ---- | M] (NVIDIA Corporation) -- C:\Documents and Settings\All Users\Application Data\NVIDIA\Updatus\WLMerger.exe

[2010/06/12 16:18:42 | 000,036,864 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Temp\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\PostBuild.exe

[2010/04/10 17:15:10 | 000,036,864 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Temp\{516A7A9D-5659-4DF1-ADCA-3AB2770664F6}\PostBuild.exe

[2010/06/12 16:17:59 | 000,036,864 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Application Data\Temp\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\PostBuild.exe

< %APPDATA%\*. >

[2009/12/07 18:56:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Adobe

[2008/11/02 11:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\AdobeUM

[2011/10/16 10:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Ahead

[2012/11/25 09:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Amazon

[2011/11/18 20:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Apple Computer

[2011/03/08 20:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Ascendo

[2011/12/25 07:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\AuctionSentry

[2009/12/07 18:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1

[2010/04/10 17:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\CyberLink

[2012/12/25 16:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Dropbox

[2012/05/08 20:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\DTV

[2011/07/29 17:14:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\FLEXnet

[2010/12/27 07:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\GetRightToGo

[2009/08/01 20:47:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Google

[2008/11/01 11:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Help

[2012/12/02 10:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Hewlett-Packard

[2012/12/02 09:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\HpUpdate

[2010/10/30 19:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\ID Vault

[2008/09/05 20:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Identities

[2008/09/05 20:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\InstallShield

[2008/12/12 16:40:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\InterTrust

[2010/01/29 18:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Intuit

[2008/11/02 08:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Ipswitch

[2010/01/27 19:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Leadertech

[2008/10/30 21:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Macromedia

[2012/11/18 08:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Malwarebytes

[2012/06/17 06:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\McAfee

[2012/12/08 12:51:53 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Roman\Application Data\Microsoft

[2011/11/05 11:57:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Mozilla

[2011/02/22 06:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Nolo

[2011/12/30 11:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Nuance

[2012/10/23 06:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\NVIDIA

[2010/06/15 17:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Office Genuine Advantage

[2008/11/22 06:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Quicken WillMaker

[2012/12/25 13:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\QuickScan

[2008/09/05 20:57:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\SampleView

[2012/12/07 05:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Skype

[2011/05/01 09:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\skypePM

[2008/11/09 12:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Sun

[2008/09/05 21:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Symantec

[2012/12/23 17:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\TeamViewer

[2010/04/11 06:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Uniblue

[2012/12/02 10:03:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Visan

[2012/11/09 15:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\webex

[2011/07/17 18:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Windows Desktop Search

[2011/07/17 18:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Windows Search

[2012/11/27 18:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Wireshark

[2011/12/30 11:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Application Data\Zeon

< %APPDATA%\*.exe /s >

[2012/12/21 00:41:32 | 028,539,728 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe

[2012/12/21 00:42:04 | 000,203,416 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\DropboxUninstaller.exe

[2012/04/12 01:46:46 | 000,872,040 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\DropboxUpdateHelper.exe

[2012/05/24 13:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Uninstall.exe

[2010/02/18 21:04:43 | 000,038,784 | ---- | M] () -- C:\Documents and Settings\Roman\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2012/08/21 13:42:04 | 000,509,280 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Roman\Application Data\McAfee\Supportability\MVTLogs\mfehidin.exe

[2012/12/02 09:43:47 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{069730C2-755A-485B-A205-27A1AAFA836A}\ARPPRODUCTICON.exe

[2012/09/30 10:13:49 | 000,017,006 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_0385F1E82453815F656276.exe

[2012/09/30 10:13:49 | 000,017,006 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_05B106666D04F6BA8A2E9A.exe

[2012/09/30 10:13:49 | 000,017,006 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_2699BB552378E37916F4D2.exe

[2012/09/30 10:13:49 | 000,017,006 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_853F67D554F05449430E7E.exe

[2012/09/30 10:13:49 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{38ED4745-4015-4BF0-AB17-AA4B07595137}\_EB83BA19A4CD2A871AC3B4.exe

[2011/12/03 19:22:33 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

[2012/05/08 20:37:51 | 000,063,080 | R--- | M] (Flexera Software, Inc.) -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe

[2009/01/09 18:54:05 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\ARPPRODUCTICON.exe

[2009/01/09 18:54:05 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Roman\Application Data\Microsoft\Installer\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}\DocumentationShortcu_EDEA8AB776834ED2AA19E6C078064C0D.exe

[2012/10/31 19:34:26 | 000,544,160 | ---- | M] (Hewlett-Packard) -- C:\Documents and Settings\Roman\Application Data\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\SmartPrintUpdate.exe

< %SYSTEMDRIVE%\*.exe >

[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\*. /mp /s >

========== Files - Unicode (All) ==========

[2012/02/15 06:28:23 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\헠ΰ

[2012/02/15 06:28:23 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\헠ΰ

========== Alternate Data Streams ==========

@Alternate Data Stream - 239 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0574215C

@Alternate Data Stream - 235 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:0FF263E8

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:F35A93AD

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:D95ACC7D

< End of report >

Share this post


Link to post
Share on other sites

Logs continues:

OTL Extras logfile created on: 12/25/2012 4:35:43 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Roman\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.12 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 81.42% Memory free

4.97 Gb Paging File | 4.17 Gb Available in Paging File | 83.87% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 462.24 Gb Total Space | 412.23 Gb Free Space | 89.18% Space Free | Partition Type: NTFS

Drive E: | 74.53 Gb Total Space | 48.17 Gb Free Space | 64.63% Space Free | Partition Type: NTFS

Computer Name: ZTDESKTOP | User Name: Roman | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\PROGRA~1\MICROS~2\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor -- (Hewlett-Packard Co.)

"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)

"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)

"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

"C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Roman\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)

"C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update v4 Shared Downloads Server -- (Intuit Inc.)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)

"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)

"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

"C:\Documents and Settings\Roman\Local Settings\Temp\7zS4947\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Roman\Local Settings\Temp\7zS4947\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS

"C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 FaxApplications -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\DigitalWizards.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 DigitalWizards -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\SendAFax.exe:LocalSubNet:Enabled:HP Officejet Pro 8600 SendFaxAppExe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:HP Network Communicator COM (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)

"C:\Documents and Settings\Roman\Local Settings\Temp\7zS1CE9\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Roman\Local Settings\Temp\7zS1CE9\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS

"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

"C:\Documents and Settings\Roman\Local Settings\Temp\7zS6902\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Roman\Local Settings\Temp\7zS6902\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

"C:\Documents and Settings\Roman\Local Settings\Temp\7zS5FB7\HPDiagnosticCoreUI.exe" = C:\Documents and Settings\Roman\Local Settings\Temp\7zS5FB7\HPDiagnosticCoreUI.exe:*:Enabled:HPSAPS

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional

"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan

"{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager

"{0F2F77E4-4053-4108-B153-81F0B42EDCF4}" = WebIQ Technology Engine

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter

"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax

"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime

"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86

"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare

"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java 6 Update 23

"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1

"{27711CB0-26B3-4D99-88A9-4E4D60C34850}" = Family Tree Maker 2009

"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth

"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload

"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{37C39957-B0B3-40DC-8BA4-2363241159ED}" = LightScribe 1.4.44.1

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{38ED4745-4015-4BF0-AB17-AA4B07595137}" = Auction Sentry

"{39003340-EAA2-012B-ADCD-000000000000}" = TurboTax 2009 wkyiper

"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help

"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2

"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support

"{46235FF7-2CBE-4A84-BEDA-87348D1F7850}" = HP Officejet Pro 8600 Help

"{46CB5C9E-BE06-42B6-8B59-C037B8E93889}" = NetObjects Fusion 12.0

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking

"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection

"{4FE224A2-C56D-4289-AE73-F7267BA0C9F6}" = NetObjects Fusion 12.0

"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone

"{5F3783B7-F809-45A7-8A92-A44B441FDA7C}" = DIRECTV Player

"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects

"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery

"{654977DB-0001-0002-0001-EABD228DDE8B}" = Microsoft Download Manager

"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan

"{669B49D6-BCA8-4F7C-9248-CE5677750285}" = HP Officejet Pro 8600 Product Improvement Study

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations

"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{6F9C25B0-6ABF-4FB0-8793-176487F963EE}" = Nuance PDF Converter Professional 7

"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7752CBAC-3B2D-43c0-98CA-A1A16CCF7E3C}" = HP Smart Print 1.1.5.2

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1

"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{89EAD745-088B-4160-B964-42C4D4D273AD}" = Family Tree Maker 2010

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc

"{8EAB4100-B343-41AE-A880-418746998209}" = HP Officejet Pro 8600 Basic Device Software

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies

"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{97BA2B90-AF72-35CF-BFDC-E06531811B20}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CC57E3F-0478-4005-98D3-4C6850C5A6E7}" = TurboTax 2011 wkyiper

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor

"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1

"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = TEG-PCITXR 32bit Gigabit PCI Adatper

"{ADBFF96D-EE54-46EA-A835-899955CDCFD8}" = 7300

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.81

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.81

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.28

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help

"{B762B2A5-883B-454B-A586-1DF6C4528262}" = MX-950 Editor

"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director

"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3334366-BCED-4D4B-A266-23E3414FC29D}" = NetObjects Fusion 10.0

"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR

"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg

"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0EE2F91-CC20-426F-A4D5-7FFE54E55015}" = TurboTax 2010 wkyiper

"{D1CDE21A-E27A-48CE-8831-3E33E793222E}" = NetObjects Fusion 12.0

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime

"{DF29A0E2-DF76-4932-98A9-34B441F40486}" = Auction Sentry

"{E3436EE2-D5CB-4249-840B-3A0140CC34C1}" = PhoneTools

"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EA5B4DB8-BF9A-4E23-B7FB-0A387A3A0E8F}" = Free JavaScript Editor 4.7

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0

"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11

"{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}" = Trainz

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset

"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"384C2C6074E8C219998710CE8D95B252A3A0CBAE" = Windows Driver Package - NVIDIA (nv) Display (10/16/2010 6.14.12.6099)

"4E55C63BFCAACCF944B3AA49E7999CA9BAFFE208" = Windows Driver Package - NVIDIA (nv) Display (05/15/2012 6.14.13.0142)

"5A3659A1699DAACF9BD615CB9AADA1F1BF3AE327" = Windows Driver Package - NVIDIA (nv) Display (06/07/2010 6.14.12.5721)

"6B499777B71FB5ACC52946DD82ECB4D02826D410" = Windows Driver Package - NVIDIA (nv) Display (02/29/2012 6.14.12.9610)

"86A6EABF7537A8DD39CE93DF122356CA3E99E579" = Windows Driver Package - NVIDIA (nv) Display (08/03/2011 6.14.12.8026)

"8CE3EF3AF6188C2679CF2148F39931549AA983A1" = Windows Driver Package - Logitech (LVUVC) Image (09/21/2012 13.51.823.0)

"971D4E9C5CED6477B8F2A6B10A77BA64785DC7B6" = Windows Driver Package - Logitech USB (01/17/2012 13.31.1044.0)

"A00DACBCF80381024878EBEE918DADEFF532AC10" = Windows Driver Package - NVIDIA (nv) Display (02/09/2012 6.14.12.9573)

"A261B7217DB17A0B0C1499769911A4C2763B50AC" = Windows Driver Package - Logitech (lvrs) MEDIA (01/17/2012 13.31.1044.0)

"ActiveTouchMeetingClient" = Cisco WebEx Meetings

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AF5EBAB19E0AC92AFFCF6BB01BC6113C68246F96" = Windows Driver Package - NVIDIA (nv) Display (04/07/2011 6.14.12.7061)

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17

"BB85278BE9A24627B9133B324B11AE8AAED9B52B" = Windows Driver Package - NVIDIA (nv) Display (09/23/2012 6.14.13.0681)

"CDE5ADE5BBAD3E7B3EDC2254E9B4AA5699C49243" = Windows Driver Package - NVIDIA (nv) Display (10/07/2011 6.14.12.8558)

"CLRPassword Tracker" = Password Tracker Deluxe 3.62

"CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0" = Conexant HSF V92 56K RTAD Speakerphone PCI Modem

"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager

"D6FC380758CCD46F9200CAD66C4A7C041CBDC50E" = Windows Driver Package - NVIDIA (nv) Display (07/09/2010 6.14.12.5896)

"dcmsvc_is1" = dcmsvc 1.0

"DEF5BD9CE83771293DCFAEA94AC5FADFD235B2ED" = Windows Driver Package - NVIDIA (nv) Display (03/15/2010 6.14.11.9713)

"Disney Dreams" = Disney Dreams Screen Saver

"Disney Epic Mickey: Prima Official eGuide" = Disney Epic Mickey: Prima Official eGuide

"E9CAC95DEDD5D81AF01EF321643F69919AB4CBB0" = Windows Driver Package - Logitech (LVUVC) Image (01/17/2012 13.31.1044.0)

"ED32DE45B100947E631306FC4BC656D5E8212C18" = Windows Driver Package - NVIDIA (nv) Display (05/20/2011 6.14.12.7533)

"ERUNT_is1" = ERUNT 1.1j

"F4BBA3D2672296BC5BDBB7527330AD1C077B1C8C" = Windows Driver Package - Logitech (lvrs) MEDIA (09/21/2012 13.51.823.0)

"Family Tree Maker 2009" = Family Tree Maker 2009

"Family Tree Maker 2010" = Family Tree Maker 2010

"FC9E8D6BEED299828396FA9693664A5B08161EBA" = Windows Driver Package - NVIDIA (nv) Display (01/07/2011 6.14.12.6658)

"Google Chrome" = Google Chrome

"Google Updater" = Google Updater

"HP Photo & Imaging" = HP Image Zone 4.7

"HP Photo Creations" = HP Photo Creations

"ie8" = Windows Internet Explorer 8

"Info Center_is1" = Info Center 1.0.0.7

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"Logitech Vid" = Logitech Vid HD

"lvdrivers_12.10" = Logitech Webcam Software Driver Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"McAfee Virtual Technician" = McAfee Virtual Technician

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime

"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)

"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MSC" = McAfee SecurityCenter

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"Office14.SingleImage" = Microsoft Office Home and Business 2010

"Paint Shop Pro 6" = Paint Shop Pro 6.02 CD

"Password Safe" = Password Safe

"PC Matic_is1" = PC Matic 1.1.0.44

"PrintMaster Premier 4.00" = PrintMaster Premier 4.00

"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009

"Quicken WillMaker Plus 2011" = Quicken WillMaker Plus 2011

"SyncBack_is1" = SyncBack

"SystemRequirementsLab" = System Requirements Lab

"TeamViewer 8" = TeamViewer 8

"TurboTax 2009" = TurboTax 2009

"TurboTax 2010" = TurboTax 2010

"TurboTax 2011" = TurboTax 2011

"Windows CE Services" = Microsoft ActiveSync 3.7

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.2

"WinZip" = WinZip

"Wireshark" = Wireshark 1.8.3 (32-bit)

"WS_FTP Pro" = Ipswitch WS_FTP Pro

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 12/18/2012 7:56:33 AM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MCAFEE\MCAFEE

SECURITYCENTER.LNK> in the hash map cannot be updated. Context: Application, SystemIndex

Catalog Details: A device attached to the system is not functioning. (0x8007001f)

Error - 12/24/2012 1:41:38 PM | Computer Name = ZTDESKTOP | Source = Microsoft Office 14 | ID = 1000

Description = Faulting application outlook.exe, version 14.0.6126.5003, stamp 505b1685,

faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address

0x00000000.

Error - 12/24/2012 5:14:29 PM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ROMAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES

LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application,

SystemIndex Catalog Details: A device attached to the system is not functioning.

(0x8007001f)

Error - 12/24/2012 5:16:54 PM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ROMAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES

LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application,

SystemIndex Catalog Details: A device attached to the system is not functioning.

(0x8007001f)

Error - 12/24/2012 5:17:41 PM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ROMAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES

LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application,

SystemIndex Catalog Details: A device attached to the system is not functioning.

(0x8007001f)

Error - 12/24/2012 5:17:42 PM | Computer Name = ZTDESKTOP | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\ROMAN\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES

LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application,

SystemIndex Catalog Details: A device attached to the system is not functioning.

(0x8007001f)

[ System Events ]

Error - 12/21/2012 7:41:47 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 12/21/2012 7:41:51 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 12/21/2012 7:41:51 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 15 minutes. NtpClient has no source of accurate

time.

Error - 12/21/2012 7:44:20 AM | Computer Name = ZTDESKTOP | Source = DCOM | ID = 10010

Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register

with DCOM within the required timeout.

Error - 12/21/2012 7:56:51 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 30 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 12/21/2012 7:56:51 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 30 minutes. NtpClient has no source of accurate

time.

Error - 12/21/2012 8:08:26 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452689

Description = Time Provider NtpClient: An error occurred during DNS lookup of the

manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup

again in 15 minutes. The error was: A socket operation was attempted to an unreachable

host. (0x80072751)

Error - 12/21/2012 8:08:26 AM | Computer Name = ZTDESKTOP | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

Error - 12/21/2012 6:30:23 PM | Computer Name = ZTDESKTOP | Source = DCOM | ID = 10010

Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register

with DCOM within the required timeout.

Error - 12/23/2012 6:41:51 PM | Computer Name = ZTDESKTOP | Source = DCOM | ID = 10010

Description = The server {0006F03A-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

< End of report >

Share this post


Link to post
Share on other sites

Have you seen now, lately, or at anytime....ransomware messages of any sort? If so, what was the content of the message?

There will be lots to do here.

If you have any open programs you started, close / exit them.

Step 1

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\System32\-1
    C:\WINDOWS\System32\??
    recycler /alldrives
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google"=-
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [EMPTYFLASH]
    [emptyjava]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 2

  • Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • Double-Click RogueKiller to run RogueKiller.
  • Wait until Prescan finishes.
  • On the RogueKiller console, click the Registry tab.
    Put a check next to all of these and uncheck the rest: (if found)
    [RUN][sUSP PATH] HKCU\[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW)
    [RUN][sUSP PATH] HKUS\.DEFAULT[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW)
    [RUN][sUSP PATH] HKUS\S-1-5-19[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW)
    [RUN][sUSP PATH] HKUS\S-1-5-20[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW)
    [RUN][sUSP PATH] HKUS\S-1-5-21-1687530015-1697978249-4202760790-1004[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW)
    [RUN][sUSP PATH] HKUS\S-1-5-18[...]\Run : Google (rundll32 "C:\Documents and Settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll",CreateIScalerW)
    [services][Rans.Gendarm] HKLM\[...]\ControlSet001\Services\CorelCreatorMessages ("C:\WINDOWS\system32\CorelCreatorMessages.exe")
    [services][Rans.Gendarm] HKLM\[...]\ControlSet003\Services\CorelCreatorMessages ("C:\WINDOWS\system32\CorelCreatorMessages.exe")
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
  • Then click on Delete on the right hand column under Options.
  • When done, logoff & Restart the system.
  • The log will be found as RKreport
    Copy & Paste the contents into next reply.

Step 3

See Grinler's article here

http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

See the section titled Automated Removal Instructions

Follow his instructions to get into Safe Mode with Networking

and do the rest of the steps listed after that (including the tool from from Emsisoft

Report back with the results.

xmas.gif

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

I have never seen ransomeware messages appear. I just saw the result line in one of the earlier logs. I guess this is good news.

Step 1: The log for OTL is below.

Step 2: RogueKiller. The prescan ran fine. There were no entries listed in the Registry tab so there was nothing to check and the delete button remained greyed-out.

Step 3: Emsisoft Emergency Kit was downloaded (45 minutes) in Safe Mode and the deep scan was run (2 hours). It found 5 registry keys (medium risk) and 2 files (high risk) Trojan.Script.199943(B). They were quarantined. The files were default.htm from an old web site that I archived before I took it over created a replacement.

OTL Log:

All processes killed

========== PROCESSES ==========

========== FILES ==========

C:\WINDOWS\tasks\At3.job moved successfully.

C:\WINDOWS\tasks\At4.job moved successfully.

C:\WINDOWS\tasks\At1.job moved successfully.

C:\WINDOWS\tasks\At2.job moved successfully.

C:\WINDOWS\System32\-1 moved successfully.

C:\WINDOWS\System32\en folder moved successfully.

C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\HomeNet\McSvHost folder moved successfully.

C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data\McAfee\MCLOGS\HomeNet folder moved successfully.

C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data\McAfee\MCLOGS folder moved successfully.

C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data\McAfee folder moved successfully.

C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users\Application Data folder moved successfully.

C:\WINDOWS\System32\헠ΰ\Documents and Settings\All Users folder moved successfully.

C:\WINDOWS\System32\헠ΰ\Documents and Settings folder moved successfully.

C:\WINDOWS\System32\헠ΰ folder moved successfully.

C:\RECYCLER\S-1-5-21-1687530015-1697978249-4202760790-1004 folder moved successfully.

C:\RECYCLER\S-1-5-18 folder moved successfully.

C:\RECYCLER folder moved successfully.

E:\RECYCLER\S-1-5-21-3973020173-1465058494-1690550294-1006 folder moved successfully.

E:\RECYCLER\S-1-5-21-1687530015-1697978249-4202760790-1004 folder moved successfully.

E:\RECYCLER\S-1-5-18 folder moved successfully.

E:\RECYCLER folder moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Google not found.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 131072 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 131273 bytes

->Flash cache emptied: 41661 bytes

User: LocalService

->Temp folder emptied: 65536 bytes

->Temporary Internet Files folder emptied: 112166 bytes

->Flash cache emptied: 574 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 112233 bytes

User: Roman

->Temp folder emptied: 1128986 bytes

->Temporary Internet Files folder emptied: 81454072 bytes

->Java cache emptied: 44717215 bytes

->FireFox cache emptied: 195304863 bytes

->Google Chrome cache emptied: 26037862 bytes

->Flash cache emptied: 42328 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 177024 bytes

->Flash cache emptied: 41661 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2176856 bytes

%systemroot%\System32 .tmp files removed: 2984465 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 439 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 338.00 mb

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: LocalService

->Flash cache emptied: 0 bytes

User: NetworkService

User: Roman

->Flash cache emptied: 0 bytes

User: UpdatusUser

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Roman

->Java cache emptied: 0 bytes

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12262012_172140

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Ok, good so far. But there is more to do.

Turn OFF your Mcafee antivirus so that it does not interfere.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Next, Press Windows-key+R key {to get RUN option}

type in

cmd.exe

to get a command-prompt window

Next, you will see a black box window (command prompt)

it should show

c:\Windows\system32>

I suggest you run Windows' System File checker.

there type in

sfc /scannow

and press ENTER key

It will say Beginning system scan. This process will take some time.

Let it run and observe it from time to time.

I need to know what message you see when it is done.

P.s. The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

When all done, re-Enable your Antivirus program.

xmas.gif

Share this post


Link to post
Share on other sites

After turning off McAfee, I ran the sfc /scannow from the command prompt. It opened up a small window with a progress bar. The process ran to completion and the progress bar window closed with no messages. The command prompt window did not display any messages either.

Share this post


Link to post
Share on other sites

Logoff and Restart the system fresh.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on Combo-Fix.exe cf-icon.jpg accept the EULA & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now ?

RE-Enable your AntiVirus and AntiSpyware applications.

Share this post


Link to post
Share on other sites

Ran Combo-Fix as instructed above. Everything seems to have run with about 50 stages. After re-boot, I did receive a window that stated there was an error loading: c:\documents and settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll since I see that it was deleted by Combo-Fix.

ComboFix 12-12-28.02 - Roman 12/28/2012 16:10:37.1.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3197.2336 [GMT -5:00]

Running from: c:\documents and settings\Roman\Desktop\Combo-Fix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{516A7A9D-5659-4DF1-ADCA-3AB2770664F6}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\PostBuild.exe

c:\documents and settings\All Users\Application Data\TEMP\0574215C.TMP

c:\documents and settings\All Users\invokesi.exe

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\Roman\g2ax_expert_downloadhelper_win32_x86.exe

c:\documents and settings\Roman\GoToAssistDownloadHelper.exe

c:\documents and settings\Roman\Local Settings\Application Data\assembly\tmp

c:\documents and settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe

c:\documents and settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll

c:\documents and settings\Roman\SendTo\notepad.exe

c:\documents and settings\Roman\WINDOWS

c:\documents and settings\UpdatusUser\WINDOWS

C:\install.exe

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\gotomon.log

c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))

.

.

2012-12-27 22:30 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys

2012-12-27 22:29 . 2001-08-17 19:56 353184 -c--a-w- c:\windows\system32\dllcache\i740dnt5.dll

2012-12-27 22:28 . 2001-08-17 19:02 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys

2012-12-27 22:27 . 2001-08-17 17:19 63360 -c--a-w- c:\windows\system32\dllcache\ess.sys

2012-12-27 22:26 . 2001-08-17 17:14 952007 -c--a-w- c:\windows\system32\dllcache\diwan.sys

2012-12-27 22:25 . 2001-08-17 18:51 6656 -c--a-w- c:\windows\system32\dllcache\cmdide.sys

2012-12-27 22:23 . 2001-08-18 03:36 15360 -c--a-w- c:\windows\system32\dllcache\brmfbidi.dll

2012-12-27 22:22 . 2001-08-17 17:49 9472 -c--a-w- c:\windows\system32\dllcache\ativmdcd.sys

2012-12-27 22:21 . 2006-02-28 12:00 68608 -c--a-w- c:\windows\system32\dllcache\isatq.dll

2012-12-27 05:00 . 2012-12-27 05:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2012-12-27 04:58 . 2012-12-27 04:58 -------- d-----w- c:\program files\Common Files\Java

2012-12-27 04:57 . 2012-12-27 04:57 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-12-27 04:57 . 2012-12-27 04:57 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-12-27 04:55 . 2012-12-27 04:56 -------- d-----w- c:\program files\Wireshark

2012-12-27 04:49 . 2012-12-27 04:49 -------- d-----w- c:\documents and settings\Roman\Local Settings\Application Data\Secunia PSI

2012-12-27 04:49 . 2012-12-27 04:49 -------- d-----w- c:\program files\Secunia

2012-12-26 22:21 . 2012-12-26 22:21 -------- d-----w- C:\_OTL

2012-12-25 18:17 . 2012-12-25 18:17 -------- d-----w- c:\documents and settings\Roman\Application Data\QuickScan

2012-12-25 18:04 . 2012-12-25 18:04 -------- d-----w- C:\rsit

2012-12-25 18:04 . 2012-12-25 18:04 -------- d-----w- c:\program files\trend micro

2012-12-25 17:59 . 2012-12-25 17:59 -------- d-----w- c:\program files\ERUNT

2012-12-19 13:33 . 2012-12-19 13:33 -------- d-----w- c:\program files\Dropbox

2012-12-19 13:23 . 2012-12-19 13:23 -------- d-----w- c:\program files\iPod

2012-12-19 13:23 . 2012-12-19 13:23 -------- d-----w- c:\program files\iTunes

2012-12-19 13:23 . 2012-12-19 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-15 12:46 . 2012-11-09 11:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2012-12-14 10:46 . 2012-11-01 00:34 544160 ----a-w- c:\documents and settings\Roman\Application Data\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\SmartPrintUpdate.exe

2012-12-14 10:46 . 2012-09-21 20:02 139264 ----a-w- c:\documents and settings\Roman\Application Data\Microsoft\Internet Explorer\Hewlett-Packard\SmartPrint\unzip32.dll

2012-12-07 00:36 . 2012-12-07 00:36 -------- d-----w- c:\program files\Common Files\Skype

2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2012-12-02 16:08 . 2012-12-02 16:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2012-12-02 16:08 . 2012-12-02 16:08 -------- d-----w- c:\program files\QuickTime

2012-12-02 15:07 . 2012-12-02 15:07 -------- d-----w- c:\documents and settings\Roman\Application Data\Hewlett-Packard

2012-12-02 15:03 . 2012-12-02 15:03 -------- d-----w- c:\documents and settings\Roman\Application Data\Visan

2012-12-02 15:01 . 2012-12-08 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations

2012-12-02 15:01 . 2012-12-02 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Visan

2012-12-02 15:01 . 2012-12-02 15:02 -------- d-----w- c:\program files\HP Photo Creations

2012-12-02 14:44 . 2012-12-02 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

2012-12-02 14:36 . 2012-10-17 09:04 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll

2012-12-02 14:36 . 2012-06-18 15:54 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll

2012-12-02 14:36 . 2012-06-18 15:54 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll

2012-12-02 14:36 . 2012-06-18 15:54 529808 ----a-w- c:\windows\system32\hpinksts5912.dll

2012-12-02 14:36 . 2012-06-18 15:54 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll

2012-12-02 14:36 . 2012-06-18 15:54 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll

2012-12-02 14:36 . 2012-06-18 15:21 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-27 04:57 . 2010-05-05 23:30 473072 -c--a-w- c:\windows\system32\deployJava1.dll

2012-12-18 12:54 . 2012-04-02 21:45 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-18 12:54 . 2011-05-20 21:42 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-16 12:23 . 2006-02-28 19:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-11-13 01:25 . 2006-02-28 19:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-09 11:56 . 2012-06-17 12:52 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-11-09 11:53 . 2012-06-17 12:44 167344 ----a-w- c:\windows\system32\mfevtps.exe

2012-11-09 11:53 . 2012-06-17 12:52 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2012-11-09 11:52 . 2012-06-17 12:52 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-11-09 11:52 . 2012-06-17 12:52 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-11-09 11:51 . 2012-02-22 17:29 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-11-09 11:50 . 2012-06-17 12:52 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-11-09 11:50 . 2012-06-17 12:52 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-11-09 11:49 . 2012-06-17 12:52 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-11-09 11:49 . 2012-02-22 17:29 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-11-02 02:02 . 2006-02-28 19:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2006-02-28 19:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2006-02-28 19:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2006-02-28 19:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2006-02-28 19:00 385024 ----a-w- c:\windows\system32\html.iec

2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-02 18:04 . 2006-02-28 19:00 58368 ----a-w- c:\windows\system32\synceng.dll

2012-09-30 00:54 . 2012-11-18 13:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-24 22:01 . 2012-12-24 22:01 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

2012-02-10 15:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]

"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]

"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]

"PDF7 Registry Controller"="c:\program files\Nuance\PDF Professional 7\RegistryController.exe" [2011-09-09 141160]

"PDFProHook"="c:\program files\Nuance\PDF Professional 7\pdfpro7hook.exe" [2011-11-03 1787752]

"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-09-26 24216]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-09-23 15512424]

"NvMediaCenter"="NvMCTray.dll" [2012-09-23 108392]

"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-09-23 1634112]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2012-09-21 466648]

.

c:\documents and settings\Roman\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Roman\Application Data\Dropbox\bin\Dropbox.exe [2012-12-21 28539728]

Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe [2006-2-28 33280]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\Documents and Settings\\Roman\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=

"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=

.

R1 A2DDA;A2 Direct Disk Access Support Driver;c:\documents and settings\Roman\Desktop\Run\a2ddax86.sys [12/27/2012 12:17 AM 17904]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/17/2012 7:52 AM 91168]

R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2/10/2012 10:28 AM 193816]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/17/2012 7:52 AM 167784]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/17/2012 7:52 AM 167784]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/17/2012 7:52 AM 167784]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [6/17/2012 7:52 AM 168880]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/17/2012 7:44 AM 167344]

R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 12:07 PM 35088]

R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [1/21/2012 6:53 AM 86216]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [11/26/2012 9:09 AM 659040]

R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [12/23/2012 5:39 PM 3467768]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [6/17/2012 7:52 AM 60480]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [6/17/2012 7:52 AM 362640]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/15/2012 7:46 AM 84432]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [9/5/2008 8:27 PM 277376]

S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2/10/2012 10:28 AM 240408]

S3 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [6/5/2011 7:12 PM 296808]

S3 gupdate1ca13132833f7e2;Google Update Service (gupdate1ca13132833f7e2);c:\program files\Google\Update\GoogleUpdate.exe [8/1/2009 8:47 PM 133104]

S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [11/14/2012 3:42 AM 146872]

S3 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/15/2012 7:46 AM 84432]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/17/2012 7:52 AM 92192]

S3 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 7\PDFProFiltSrv.exe [9/9/2011 1:13 AM 135016]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]

S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [11/26/2012 9:09 AM 1225312]

S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 12:21 PM 160944]

S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11/9/2009 12:12 PM 25088]

S3 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 4:26 AM 450848]

S4 CorelCreatorMessages;CorelCreatorMessages;"c:\windows\system32\CorelCreatorMessages.exe" --> c:\windows\system32\CorelCreatorMessages.exe [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:54]

.

2012-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]

.

2012-12-28 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-02 07:59]

.

2012-12-28 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\documents and settings\All Users\Application Data\HP Photo Creations\Communicator.exe [2011-11-18 10:11]

.

2012-12-28 c:\windows\Tasks\User_Feed_Synchronization-{BDE7133C-82B2-4BF4-85C5-B5D91B4A4BA3}.job

- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: Open with Nuance PDF Converter 7 - c:\program files\Nuance\PDF Professional 7\cnvres_eng.dll /100

Trusted Zone: intuit.com\ttlc

Trusted Zone: microsoft.com\*.update

Trusted Zone: windowsupdate.com\download

Trusted Zone: xmradio.com\xmro

TCP: DhcpNameServer = 192.168.0.1

DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} - hxxps://www.mydlink.com/8D/activeX//TunnelX.ocx

FF - ProfilePath - c:\documents and settings\Roman\Application Data\Mozilla\Firefox\Profiles\43597dhz.default\

FF - prefs.js: browser.search.selectedEngine - Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-12-02 09:58; quickprint@hp.com; c:\program files\Hewlett-Packard\SmartPrint\QPExtension

FF - user.js: general.useragent.extra.brc - BRI/1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKCU-Run-PCShowServer - c:\documents and settings\Roman\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe

HKCU-Run-Google - c:\documents and settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll

HKU-Default-Run-Google - c:\documents and settings\Roman\Local Settings\Application Data\HP\Google\eqsnx.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-28 16:16

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2120)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\program files\TeamViewer\Version8\tv_w32.dll

c:\documents and settings\Roman\Application Data\Dropbox\bin\DropboxExt.17.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\WS_FTP Pro\nsftpch.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\TeamViewer\Version8\TeamViewer.exe

c:\program files\TeamViewer\Version8\tv_w32.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe

c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\SearchProtocolHost.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2012-12-28 16:21:46 - machine was rebooted

ComboFix-quarantined-files.txt 2012-12-28 21:21

.

Pre-Run: 441,686,290,432 bytes free

Post-Run: 441,737,011,200 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 05783A3BE586A87E7C50581B37E5A94A

Share this post


Link to post
Share on other sites

Browser Testing: I re-booted to get a fresh start and tested IE, Firefox, and Chrome. Directly entered links and bookmarked links were not a problem before and are not now. When searching from Google.com and clicking on a link, the page opened correctly and no longer seems to re-direct to the rouge sites.

My other main applications like Outlook and Quicken seem to work correctly and the overall response on the PC seems to have improved somewhat.

Share this post


Link to post
Share on other sites

Good results, then. Good going.

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u10-windows-i586.exe to install the newest version.
    ( jre-7u10-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Adobe Reader

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Add-or-Remove Programs, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

I see that you are clear of your original issues. You are good to go after the following cleanups.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it Combo-Fix icon_exclaim.gif), put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space after exe and before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Click Start, then click Run.
    In the text box that opens, type or copy/paste
    c:\documents and settings\Roman\Desktop\Combo-Fix.exe /uninstall
    and then click OK.

IF in the case Combofix un-install has an issue, skip that step.

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use on a periodic basis to backup Windows registry.

Delete the following if still present:

RSIT.exe

SecurityCheck.exe

RogueKiller.exe

Use Control Panel's Add-or-Remove Programs, Un-install BitDefender Quickscan if present

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Great!

I uninstalled and replaced both Java and Acrobat Reader with the most current versions per the instructions.

I uninstalled all the tools used during our sessions (except for ERUNT) and will be looking at your recommendations once my PC is verified as running well over then next few days.

Thanks for the help. Your directions were clear and your responses timely. Have a great New Year!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.