Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI has taken Control of my PC


  • This topic is locked This topic is locked
24 replies to this topic

#1 jbandtbone

jbandtbone

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 04 October 2012 - 08:56 PM

The topic description keeps repeating over and over on my speakers. My ESET virus tried to warn me, but when I closed the page that had popped up, all hell broke loose. To save space on the page I've attached a picture of what is on my PC sceen. Anyway I can't do any thing on my PC unless I boot up into the Safe mode with networking. I'm posting my DDS.txt. I really need some help with this, Thanks!

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by jbandt at 16:29:48 on 2012-10-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2626 [GMT -4:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = localhost
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - ZoneAlarm Security Engine Registrar
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} -
EB: Copernic Agent Results: {6f480f82-c3a6-4d35-96f7-b297ad49fbe8} - c:\program files\copernic agent\CopernicAgentExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Microsoft Updater] "c:\docume~1\jbandt\locals~1\temp\wgsdgsdgdsgsd.exe"
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: $talisma_url$
Trusted Zone: 1stpeoplesbank.com\www
Trusted Zone: 1stpeoplesbankhb.com\www
Trusted Zone: bankofamerica.com\www
Trusted Zone: bleepingcomputer.com\www
Trusted Zone: excite.com
Trusted Zone: excite.com\registration
Trusted Zone: excite.com\www
Trusted Zone: grc.com\www
Trusted Zone: hsbccreditcard.com\www
Trusted Zone: keithandschnars.com\www
Trusted Zone: live.com\bl145w.blu145.mail
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
Trusted Zone: msn.com\www
Trusted Zone: netflix.com
Trusted Zone: netflix.com\movies
Trusted Zone: onlinecreditcenter6.com\www
Trusted Zone: prescriptionsolutions.com\www
Trusted Zone: sirius.com\www
Trusted Zone: state.fl.us\fdotnfuse.dot
Trusted Zone: techguy.org\www
Trusted Zone: virusvault.co.uk\www
Trusted Zone: wellsfargo.com\online
Trusted Zone: yahoo.com\att.my
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://fdotnfuse.dot.state.fl.us/Citrix/ICAWEB/en/ica32/wficat.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://pbells.broadjump.com/wizlet/iw60/static/controls/WebflowActiveXInstaller_4-0-0.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://dvr.floridanexuspark.com/RemoteWeb.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120083437937
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348267800671
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://doliver.earthcam.net/viewer/AMC.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {8D3314D6-5914-46C1-9F3D-9F14B6A305F1} - hxxp://www.mytpi.com/mytpi05/eval/ectuploader.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://hgtv1.view22.com/view22/app/view22rte.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://livewc01.custhelp.com/7550-b415h-quickenmedical/rnl/java/RntX.cab
DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} - hxxp://fdl.msn.com/public/investor/v13/ticker.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.paslc.org/acgm/f2_acgm.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{23473EEF-A2C0-490E-A49D-93A5EB42419F} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]
S2 ISWKL;ZoneAlarm ForceField ISWKL;\??\c:\program files\checkpoint\zaforcefield\iswkl.sys --> c:\program files\checkpoint\zaforcefield\ISWKL.sys [?]
S2 IswSvc;ZoneAlarm ForceField IswSvc;"c:\program files\checkpoint\zaforcefield\iswsvc.exe" --> c:\program files\checkpoint\zaforcefield\IswSvc.exe [?]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2009-10-28 12184]
S2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-7-11 361472]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2011-11-21 250568]
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2006-3-16 36960]
S3 gupdate1c9c9186781a4fc;Google Update Service (gupdate1c9c9186781a4fc);c:\program files\google\update\GoogleUpdate.exe [2009-4-29 133104]
S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?]
S3 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe --> c:\progra~1\mcafee.com\agent\mctskshd.exe [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe --> c:\progra~1\mcafee.com\agent\mcupdmgr.exe [?]
S3 NDMSHLP;Device Monitor Helper Driver;c:\program files\common files\hhd software\device monitor\NDMSHLP.sys [2005-5-24 7632]
S3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-7-31 80256]
S3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2008-7-31 70016]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-12 14336]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
S3 SerMon;Serial Monitor Filter Driver;c:\program files\hhd software\free serial port monitor\sermon.sys [2005-5-24 18432]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-12 14336]
S4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\mcdetect.exe --> c:\program files\mcafee.com\agent\mcdetect.exe [?]
.
=============== Created Last 30 ================
.
2012-10-03 19:48:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-10-03 19:48:29 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-20 02:54:31 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
.
==================== Find3M ====================
.
2012-09-02 11:17:07 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-02 11:17:07 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
.
============= FINISH: 16:31:05.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 04 October 2012 - 09:01 PM

I forgot the Attach.txt file

Attached Files



#3 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:35 PM

Posted 06 October 2012 - 12:29 PM

Hello Jband,


Please copy/paste the lines in bold below to Notepad:

@Echo on
sc stop Microsoft Updater
sc delete Microsoft Updater
del /f /q c:\documeents and settings\jbandt\locals~1\temp\wgsdgsdgdsgsd.exe
shutdown -r -t 1
del %0

Save as flush.bat to your desktop.
Double-click flush.bat file to run it. Your computer will reboot.

Step 2
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.
  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 3
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 4
Set Windows to show all files and all folders.
On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.
Next, un-check Hide extensions for known file types.
Next un-check Hide protected operating system files.

Step 5
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 6
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 7
Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com

and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.

Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.

Step 8
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.


Step 9
RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender & RogueKiller log.
Use separate replies as needed if logs do not fit into one reply box.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#4 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 06 October 2012 - 09:43 PM

Thank you for replying so fast. I've gone through all the steps one by one. I'll be sending all the logs and .txt file in the following replies.

rkil.txt:
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/06/2012 09:48:07 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\WINDOWS\system32\CTsvcCDA.EXE (PID: 848) [WD-HEUR]
* C:\WINDOWS\system32\MsPMSPSv.exe (PID: 332) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

20 out of 15156 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 10/06/2012 09:48:43 PM
Execution time: 0 hours(s), 0 minute(s), and 35 seconds(s)

rsitlog.txt:
Logfile of random's system information tool 1.09 (written by random/random)
Run by jbandt at 2012-10-06 21:58:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 367 GB (52%) free of 701 GB
Total RAM: 3070 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:58:20 PM, on 10/6/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jbandt\Desktop\RSIT.exe
C:\Program Files\trend micro\jbandt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)
O4 - HKLM\..\Run: [DLCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.1stpeoplesbank.com
O15 - Trusted Zone: http://www.bleepingcomputer.com
O15 - Trusted Zone: http://www.excite.com
O15 - Trusted Zone: http://*.excite.com
O15 - Trusted Zone: http://www.grc.com
O15 - Trusted Zone: http://bl145w.blu145.mail.live.com
O15 - Trusted Zone: http://login.live.com
O15 - Trusted Zone: http://mail.live.com
O15 - Trusted Zone: http://www.msn.com
O15 - Trusted Zone: http://movies.netflix.com
O15 - Trusted Zone: *.netflix.com
O15 - Trusted Zone: http://www.sirius.com
O15 - Trusted Zone: http://www.techguy.org
O15 - Trusted Zone: http://www.virusvault.co.uk
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://fdotnfuse.dot.state.fl.us/Citrix/ICAWEB/en/ica32/wficat.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://pbells.broadjump.com/wizlet/iw60/static/controls/WebflowActiveXInstaller_4-0-0.cab
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} (Remote200 Control) - http://dvr.floridanexuspark.com/RemoteWeb.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120083437937
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348267800671
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://doliver.earthcam.net/viewer/AMC.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8D3314D6-5914-46C1-9F3D-9F14B6A305F1} (eCTUploader Control) - http://www.mytpi.com/mytpi05/eval/ectuploader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv1.view22.com/view22/app/view22rte.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc01.custhelp.com/7550-b415h-quickenmedical/rnl/java/RntX.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.paslc.org/acgm/f2_acgm.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9c9186781a4fc) (gupdate1c9c9186781a4fc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Unknown owner - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 11503 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{3F45EB98-1067-44F6-BEF8-FB04E0C7096F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DLCJCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16 []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 3080264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2009-06-10 136472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2009-06-10 904840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2006-02-09 26112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-02-09 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE [2003-06-18 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2004-03-10 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [2003-09-17 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-11-16 127035]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCJCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcjmon.exe]
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe [2005-08-12 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2004-09-15 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-10-07 1387288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe [2004-06-29 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
KHALMNPR.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe [2005-08-10 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC]
C:\Program Files\PC Tune-Up\PCTuneUp.exe [2009-10-06 2960704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2009-05-29 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center]
C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [2003-07-15 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-07-18 868352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe [2002-07-31 4341760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-05-04 252136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysldtray]
C:\windows\ld08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
C:\WINDOWS\sysguard.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-06-10 1326080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-07-24 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
C:\PROGRA~1\FINEPI~1\QuickDCF.exe [2002-12-20 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lexmark X125 Settings Utility.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MI1933~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jbandt^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
C:\PROGRA~1\COMMON~1\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jbandt^Start Menu^Programs^Startup^Secunia PSI.lnk]
C:\PROGRA~1\Secunia\PSI\psi.exe [2009-06-24 803176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jbandt^Start Menu^Programs^Startup^Webshots.lnk]
C:\PROGRA~1\Webshots\Launcher.exe [2006-01-25 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-09-27 66328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveTrack"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe"="C:\Program Files\Microsoft Games\Links 2003\LinksMMIII.exe:*:Enabled:Links 2003"
"C:\Program Files\MSN Gaming Zone\zclient.exe"="C:\Program Files\MSN Gaming Zone\zclient.exe:*:Enabled:Zone Datafile"
"C:\Program Files\Support.com\bin\tgcmd.exe"="C:\Program Files\Support.com\bin\tgcmd.exe:*:Enabled:BellSouth Bulletin and Job processor"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\HeavyWeather\heavy weather.exe"="C:\HeavyWeather\heavy weather.exe:*:Enabled:heavy weather"
"C:\Program Files\ATT-HSI\McciBrowser.exe"="C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe"="C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Enabled:vsmon"
"C:\Program Files\Common Files\Motive\pcServiceHost.exe"="C:\Program Files\Common Files\Motive\pcServiceHost.exe:*:Enabled:pcServiceHost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave1"=serwvdrv.dll
"wave2"=serwvdrv.dll
"msacm.siren"=sirenacm.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-10-06 21:58:06 ----D---- C:\rsit
2012-10-06 21:52:34 ----D---- C:\Program Files\ERUNT
2012-10-03 13:35:25 ----A---- C:\WINDOWS\system32\d3d9caps.dat
2012-09-19 22:54:31 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERSetup
2012-09-12 06:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$

======List of files/folders modified in the last 1 month======

2012-10-06 21:58:20 ----D---- C:\Program Files\Trend Micro
2012-10-06 21:53:42 ----D---- C:\WINDOWS\ERDNT
2012-10-06 21:52:34 ----RD---- C:\Program Files
2012-10-06 17:48:16 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-06 17:32:38 ----D---- C:\Program Files\Dl_cats
2012-10-06 17:30:50 ----D---- C:\WINDOWS\temp
2012-10-06 17:11:03 ----A---- C:\WINDOWS\ntbtlog.txt
2012-10-06 12:53:35 ----D---- C:\WINDOWS\SYSTEM32
2012-10-06 09:30:08 ----D---- C:\WINDOWS
2012-10-05 16:30:10 ----D---- C:\Program Files\MSN
2012-10-05 16:30:02 ----HD---- C:\WINDOWS\INF
2012-10-05 16:29:38 ----D---- C:\WINDOWS\system32\DRIVERS
2012-10-05 16:29:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-10-04 05:26:39 ----A---- C:\WINDOWS\system.ini
2012-10-03 17:35:46 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-09-27 09:00:44 ----D---- C:\WINDOWS\network diagnostic
2012-09-22 07:24:59 ----D---- C:\Program Files\Internet Explorer
2012-09-21 19:55:09 ----RSHDC---- C:\WINDOWS\system32\DLLCACHE
2012-09-21 19:54:20 ----HD---- C:\WINDOWS\$hf_mig$
2012-09-21 18:52:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-09-21 16:08:29 ----D---- C:\WINDOWS\system32\NtmsData
2012-09-19 22:57:18 ----RSH---- C:\boot.ini
2012-09-19 22:57:18 ----A---- C:\WINDOWS\WIN.INI
2012-09-19 22:55:29 ----D---- C:\Program Files\SUPERAntiSpyware
2012-09-12 06:02:24 ----A---- C:\WINDOWS\imsins.BAK
2012-09-12 05:58:58 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
R0 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
R0 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
R0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-12 13952]
R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-12-01 87488]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2004-06-29 477952]
R0 ohci1394;OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2004-08-02 20576]
R0 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-06-05 132480]
R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2010-06-05 368480]
R0 timounter;Acronis True Image Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2010-06-05 441760]
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2003-03-06 3840]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-04-13 66992]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-04-13 24698]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-07-18 259328]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2003-07-17 146560]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2011-08-04 61936]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-11-08 17217]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-07-18 118409]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-07-18 213120]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-12 12032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R2 LBeepKE;Logitech Beep Suppression Driver; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2011-09-02 12184]
R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2002-06-21 8224]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-11-16 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-11-16 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-11-16 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-11-16 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-11-16 86554]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-11-16 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-11-16 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-11-16 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-11-16 100603]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2010-06-05 44384]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-09 1502208]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-05-29 186112]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2004-07-12 645360]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2004-08-05 366384]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2004-07-12 6096]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2004-07-12 130288]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-07-18 21993]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2004-07-12 145488]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2011-08-09 39824]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2004-08-12 904752]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2004-07-12 148432]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2011-09-02 22040]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2011-09-02 41240]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2011-09-02 39192]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-13 63744]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NmPar;Unusable Parallel Port; C:\WINDOWS\system32\DRIVERS\NmPar.sys [2008-12-24 80256]
R3 nmserial;PCI Serial Port; C:\WINDOWS\system32\DRIVERS\nmserial.sys [2008-12-16 70016]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2004-07-12 178672]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 ISWKL;ZoneAlarm ForceField ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys []
S3 A4S2600;A4S2600; C:\WINDOWS\System32\drivers\A4S2600.sys []
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS); C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-07-31 36960]
S3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2002-07-31 54256]
S3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2002-07-31 740592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [2003-08-28 4272]
S3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2003-11-13 114688]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2004-07-12 585728]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2003-11-12 333600]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2003-11-13 606208]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2006-12-06 47249]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2006-12-06 61067]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2007-04-10 189736]
S3 icsak;icsak; \??\C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys []
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-07-18 22745]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 NDMSHLP;Device Monitor Helper Driver; \??\C:\Program Files\Common Files\HHD Software\Device Monitor\ndmshlp.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 Ser2pl;RadioShack USB to Serial Cable; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2007-09-05 49664]
S3 SerMon;Serial Monitor Filter Driver; \??\C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys []
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 TSP;TSP; \??\C:\WINDOWS\SYSTEM32\ZoneLabs\avsys\KLIF.SYS []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-09 405504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 IAANTMon;IAA Event Monitor; C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe [2004-06-29 73852]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2011-11-21 161664]
R2 pcCMService;pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [2012-07-06 361472]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-07-24 102400]
R3 dlcj_device;dlcj_device; C:\WINDOWS\system32\dlcjcoms.exe [2005-07-12 491520]
S2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE []
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.EXE [1999-12-13 44032]
S2 IswSvc;ZoneAlarm ForceField IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe []
S2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-06-10 431384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 250568]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdate1c9c9186781a4fc;Google Update Service (gupdate1c9c9186781a4fc); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-29 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-09-27 295192]
S3 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe []
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe []
S3 nosGetPlusHelper;getPlus® Helper 3004; C:\WINDOWS\System32\svchost.exe [2009-11-01 14336]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2009-11-01 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-11-01 14336]
S4 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt:
info.txt logfile of random's system information tool 1.09 2012-10-06 21:58:24

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67AEFC4C-69E4-11D7-85F4-00E018013273}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->MsiExec.exe /I{47FA2C44-D148-4DBC-AF60-B91934AA4842}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe -maintain activex
Adobe Shockwave Player 11.6-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
att.net Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\Ymmapi.dll
Avery DesignPro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -uninst
Belarc Advisor 6.1-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E086814-7392-4E0F-ADB8-54A81E47406C} /l1033
BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
CELI USB Serial Converter Drivers-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
Citrix Delivery Clients (SV) - Web Client-->MsiExec.exe /X{05522745-611A-410E-BFD0-48D25B2195C2}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Copernic Agent Basic-->"C:\WINDOWS\CopernicAgentUninstall.exe" /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat"
Creative AudioHQ-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
Creative Diagnostics-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
Creative Graphic Equalizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
Creative MediaSource DVD-Audio Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\setup.exe" -l0x9 /remove
Creative MiniDisc Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
Creative Restore Defaults-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
Creative Speaker Calibrator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
Creative Speaker Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
Creative Surround Mixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
Creative THX Setup Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3549608-69D3-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
Creative WaveStudio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Photo AIO Printer 964-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcjUNST.EXE -NOLICENSE
Dell Support 5.0.0 (766)-->rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
DTS Neo:6 Settings-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72A810B1-EE62-455A-A086-E1C9FEDE7F29}\setup.exe" -l0x9 /remove
Easy CD & DVD Creator 6-->MsiExec.exe /I{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}
EAX Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E478B83CCEA2}
FinePixViewer Ver.4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FormFlow 99 Controls-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\FormFlow\Uninst.isu"
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Earth-->MsiExec.exe /X{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}
HHD Software Free Serial Port Monitor 3.31-->MsiExec.exe /I{3472693C-6EC5-41FA-B5B9-A22B11AEFE72}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe" -l0409 -INTELUNINST
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Java™ 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java™ 7 Update 1-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217001FF}
Lizardtech DjVu Control (autoinstall)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DjVuLite.us.inf,DefaultUninstall,5
Logitech SetPoint 6.32-->C:\Program Files\Common Files\LogiShrd\sp6_Uninstall\setup.exe
MetaFrame Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wficat.inf,DefaultUninstall
Microsoft .NET Framework 1.1 Security Update (KB2656353)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB2656370)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2656370\M2656370Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Links 2003-->"C:\Program Files\Microsoft Games\Links 2003\UNINSTAL.EXE" /runtemp /addremove
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
MicroStaff WINASPI NT-->C:\MWASPINT\uninst.exe
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MosChip Multi-IO Controller-->NmUninst.exe
MSN Gaming Zone-->C:\PROGRA~1\MSNGAM~1\zsetup.exe /Uninstall
MSN Money Investment Toolbox-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
OptiPix Pro-->MsiExec.exe /X{306AC1F8-42D9-4639-B412-ABCB7F01F85A}
PC Tune-Up-->C:\Program Files\PC Tune-Up\Uninstall PC Tune-Up.exe
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
Print to Fax-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
Registry Mechanic 5.2-->"C:\Program Files\Registry Mechanic\unins000.exe"
Revo Uninstaller 1.93-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2647516)-->"C:\WINDOWS\ie8updates\KB2647516-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2675157)-->"C:\WINDOWS\ie8updates\KB2675157-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2699988)-->"C:\WINDOWS\ie8updates\KB2699988-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2722913)-->"C:\WINDOWS\ie8updates\KB2722913-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2744842)-->"C:\WINDOWS\ie8updates\KB2744842-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2491683)-->"C:\WINDOWS\$NtUninstallKB2491683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2621440)-->"C:\WINDOWS\$NtUninstallKB2621440$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2641653)-->"C:\WINDOWS\$NtUninstallKB2641653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2647518)-->"C:\WINDOWS\$NtUninstallKB2647518$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2653956)-->"C:\WINDOWS\$NtUninstallKB2653956$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2655992)-->"C:\WINDOWS\$NtUninstallKB2655992$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2659262)-->"C:\WINDOWS\$NtUninstallKB2659262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2660465)-->"C:\WINDOWS\$NtUninstallKB2660465$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2661637)-->"C:\WINDOWS\$NtUninstallKB2661637$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2676562)-->"C:\WINDOWS\$NtUninstallKB2676562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2685939)-->"C:\WINDOWS\$NtUninstallKB2685939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2686509)-->"C:\WINDOWS\$NtUninstallKB2686509$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2691442)-->"C:\WINDOWS\$NtUninstallKB2691442$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2695962)-->"C:\WINDOWS\$NtUninstallKB2695962$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2698365)-->"C:\WINDOWS\$NtUninstallKB2698365$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2705219)-->"C:\WINDOWS\$NtUninstallKB2705219$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2707511)-->"C:\WINDOWS\$NtUninstallKB2707511$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2709162)-->"C:\WINDOWS\$NtUninstallKB2709162$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2712808)-->"C:\WINDOWS\$NtUninstallKB2712808$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2718523)-->"C:\WINDOWS\$NtUninstallKB2718523$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2719985)-->"C:\WINDOWS\$NtUninstallKB2719985$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2723135)-->"C:\WINDOWS\$NtUninstallKB2723135$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2731847)-->"C:\WINDOWS\$NtUninstallKB2731847$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Audigy 2 ZS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\setup.exe" -l0x9
SoundFont Bank Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for Windows Internet Explorer 8 (KB2598845)-->"C:\WINDOWS\ie8updates\KB2598845-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB2632503)-->"C:\WINDOWS\ie8updates\KB2632503-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB2492386)-->"C:\WINDOWS\$NtUninstallKB2492386$\spuninst\spuninst.exe"
Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"
Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe"
Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"
Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"
Update for Windows XP (KB2718704)-->"C:\WINDOWS\$NtUninstallKB2718704$\spuninst\spuninst.exe"
Update for Windows XP (KB2736233)-->"C:\WINDOWS\$NtUninstallKB2736233$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Weather Display 10.37Q Build 04-->"c:\wdisplay\unins000.exe"
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Webshots Desktop-->C:\PROGRA~1\Webshots\UNWISE.EXE C:\PROGRA~1\Webshots\INSTALL.LOG
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Driver Package - CELI CDM Driver Package (05/19/2006 2.00.00)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\ftdibus_41D0094FD82F5ACEF718F53EE402A5C1DA98AD8F\ftdibus.inf
Windows Driver Package - CELI CDM Driver Package (05/19/2006 2.00.00)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\ftdiport_350623C56B97DFD1EB0CF43C088F965E0305F4FD\ftdiport.inf
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Communications Platform-->MsiExec.exe /I{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Management Framework Core-->"C:\WINDOWS\$968930Uinstall_KB968930$\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Photos Easy Upload Tool 1v7-->C:\WINDOWS\system32\regsvr32 /u /s "C:\WINDOWS\cache\YDropper.dll"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ESET Smart Security 5.0 (disabled)
FW: ESET Personal firewall
FW: AVG Firewall (disabled)

======System event log======

Computer Name: JBANDTBONE
Event Code: 7001
Message: The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 163891
Source Name: Service Control Manager
Time Written: 20120814051955.000000-240
Event Type: error
User:

Computer Name: JBANDTBONE
Event Code: 7001
Message: The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 163890
Source Name: Service Control Manager
Time Written: 20120814051941.000000-240
Event Type: error
User:

Computer Name: JBANDTBONE
Event Code: 7000
Message: The DgiVecp service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 163889
Source Name: Service Control Manager
Time Written: 20120814051941.000000-240
Event Type: error
User:

Computer Name: JBANDTBONE
Event Code: 7001
Message: The ZoneAlarm ForceField IswSvc service depends on the ZoneAlarm ForceField ISWKL service which failed to start because of the following error:
The system cannot find the path specified.


Record Number: 163888
Source Name: Service Control Manager
Time Written: 20120814051941.000000-240
Event Type: error
User:

Computer Name: JBANDTBONE
Event Code: 7000
Message: The ZoneAlarm ForceField ISWKL service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 163887
Source Name: Service Control Manager
Time Written: 20120814051941.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: JBANDTBONE
Event Code: 1517
Message: Windows saved user JBANDTBONE\jbandt registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 34136
Source Name: Userenv
Time Written: 20120627090500.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JBANDTBONE
Event Code: 1517
Message: Windows saved user JBANDTBONE\jbandt registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 34005
Source Name: Userenv
Time Written: 20120617231644.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JBANDTBONE
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 33959
Source Name: ASP.NET 2.0.50727.0
Time Written: 20120613180808.000000-240
Event Type: warning
User:

Computer Name: JBANDTBONE
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 33941
Source Name: ASP.NET 2.0.50727.0
Time Written: 20120613180221.000000-240
Event Type: warning
User:

Computer Name: JBANDTBONE
Event Code: 1517
Message: Windows saved user JBANDTBONE\jbandt registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 33889
Source Name: Userenv
Time Written: 20120611221717.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: JBANDTBONE
Event Code: 576
Message: Special privileges assigned to new logon:

User Name:

Domain:

Logon ID: (0x0,0x3E5)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege

Record Number: 10212
Source Name: Security
Time Written: 20121003132354.000000-240
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: JBANDTBONE
Event Code: 528
Message: Successful Logon:

User Name: LOCAL SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E5)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Record Number: 10211
Source Name: Security
Time Written: 20121003132354.000000-240
Event Type: audit success
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: JBANDTBONE
Event Code: 576
Message: Special privileges assigned to new logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege

Record Number: 10210
Source Name: Security
Time Written: 20121003132354.000000-240
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: JBANDTBONE
Event Code: 528
Message: Successful Logon:

User Name: NETWORK SERVICE

Domain: NT AUTHORITY

Logon ID: (0x0,0x3E4)

Logon Type: 5

Logon Process: Advapi

Authentication Package: Negotiate

Workstation Name:

Logon GUID: -

Record Number: 10209
Source Name: Security
Time Written: 20121003132354.000000-240
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: JBANDTBONE
Event Code: 576
Message: Special privileges assigned to new logon:

User Name:

Domain:

Logon ID: (0x0,0x3E4)

Privileges: SeAuditPrivilege
SeAssignPrimaryTokenPrivilege
SeDebugPrivilege
SeChangeNotifyPrivilege

Record Number: 10208
Source Name: Security
Time Written: 20121003132352.000000-240
Event Type: audit success
User: NT AUTHORITY\NETWORK SERVICE

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=C:\Program Files\AMD APP\bin\x86;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\PROGRA~1\COMMON~1\SONICS~1;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\ATI Technologies\ATI.ACE;C:\PROGRA~1\COMMON~1\AUTODE~1;C:\Program Files\CheckPoint\fde;C:\Program Files\CheckPoint\fde;C:\Program Files\CheckPoint\fde;C:\Program Files\CheckPoint\fde;C:\Program Files\CheckPoint\fde;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0401
"PS5ROOT"=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"tvdumpflags"=8
"AMDAPPSDKROOT"=C:\Program Files\AMD APP\
"PSModulePath"=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

checkup.txt:
Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
ESET Smart Security
McAfee Shredder
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Secunia PSI
Java™ 6 Update 23
Java™ 7 Update 1
Java version out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````



QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Sat Oct 06 22:15:29 2012
Machine ID: 6494CBF4



No infection found.
-------------------



Processes
---------
ATI External Event Utility for WindowsN 1400 C:\WINDOWS\SYSTEM32\ati2evxx.exe
ESET Smart Security 952 C:\Program Files\ESET\ESET Smart Security\egui.exe
ESET Smart Security 892 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
Intel IAANTmon 1056 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
Java™ Platform SE 7 U1 1436 C:\Program Files\Java\jre7\bin\jqs.exe
McciCMService 1648 C:\Program Files\Common Files\Motive\pcCMService.exe
Microsoft® Windows® Operating System 1496 C:\Program Files\Windows Media Player\wmpnscfg.exe
Microsoft® Windows® Operating System 2004 C:\WINDOWS\SYSTEM32\spoolsv.exe
Microsoft® Windows® Operating System 2328 C:\WINDOWS\SYSTEM32\wscntfy.exe
Printer Communication System 1640 C:\WINDOWS\SYSTEM32\dlcjcoms.exe
WD Drive Manager 392 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(verified) Microsoft® Windows® Operating System 484 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3244 C:\WINDOWS\SYSTEM32\alg.exe
(verified) Microsoft® Windows® Operating System 1124 C:\WINDOWS\SYSTEM32\csrss.exe
(verified) Microsoft® Windows® Operating System 1448 C:\WINDOWS\SYSTEM32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 1212 C:\WINDOWS\SYSTEM32\lsass.exe
(verified) Microsoft® Windows® Operating System 1200 C:\WINDOWS\SYSTEM32\services.exe
(verified) Microsoft® Windows® Operating System 992 C:\WINDOWS\SYSTEM32\smss.exe
(verified) Microsoft® Windows® Operating System 1548 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 868 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1028 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1672 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1716 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1812 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1824 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1964 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1332 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1412 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 792 C:\WINDOWS\SYSTEM32\svchost.exe
(verified) Microsoft® Windows® Operating System 1156 C:\WINDOWS\SYSTEM32\winlogon.exe
(verified) Windows® Internet Explorer 1276 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3128 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3700 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process ekrn.exe (892) connected on port 80 (HTTP) --> 107.21.246.178
Process ekrn.exe (892) connected on port 80 (HTTP) --> 173.194.37.121
Process ekrn.exe (892) connected on port 80 (HTTP) --> 173.194.37.99
Process ekrn.exe (892) connected on port 80 (HTTP) --> 173.194.37.121
Process ekrn.exe (892) connected on port 80 (HTTP) --> 66.235.142.20
Process ekrn.exe (892) connected on port 80 (HTTP) --> 74.125.137.147
Process ekrn.exe (892) connected on port 80 (HTTP) --> 72.21.81.253

Process svchost.exe (1548) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
ESET Smart Security C:\Program Files\ESET\ESET Smart Security\egui.exe
Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\ssmypics.scr
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Timer DLL C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll
Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\SYSTEM32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
200 C:\WINDOWS\Downloaded Program Files\VideoViewer.ocx
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Bitdefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
CA Web Scanner C:\WINDOWS\Downloaded Program Files\webscan.dll
cpcScan C:\WINDOWS\Downloaded Program Files\cpcScan.dll
DellSystemLite C:\WINDOWS\Downloaded Program Files\DellSystemLite.ocx
DiskFAU Module C:\WINDOWS\Downloaded Program Files\DiskFAU.dll
eCoaching Technology Video Upload Contr C:\WINDOWS\Downloaded Program Files\eCTUploader_01.ocx
ECOM Loader C:\WINDOWS\Downloaded Program Files\ecmldr32.dll
ECOM Server C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll
ewido anti-spyware C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
getPlus+® C:\WINDOWS\Downloaded Program Files\gp.ocx
getPlusPlus for Adobe 162102 C:\Program Files\NOS\bin\np_gp.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
HMAtchmt Module C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
hrtbeat.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.1\hrtbeat.ocx
hrtbeat.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.2\hrtbeat.ocx
hrtbeat.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.3\hrtbeat.ocx
hrtbeat.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.4\hrtbeat.ocx
hrtbeat.ocx C:\WINDOWS\Downloaded Program Files\CONFLICT.7\hrtbeat.ocx
hrtbeat.ocx C:\WINDOWS\Downloaded Program Files\hrtbeat.ocx
IEAWSDC.DLL C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
InoculateIT C:\WINDOWS\Downloaded Program Files\arclib.dll
InoculateIT C:\WINDOWS\Downloaded Program Files\vete.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
Java™ Platform SE 7 U1 C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
Logitech Device Detection C:\WINDOWS\Downloaded Program Files\LogitechDeviceDetection32.ocx
Messenger C:\Program Files\Messenger\msmsgs.exe
MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
Microsoft® Investor C:\WINDOWS\Downloaded Program Files\ticker13.ocx
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Motive Plugin C:\Program Files\Common Files\Motive\npMotive.dll
MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\CONFLICT.9\PURen-us.dll
MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
MSN Photo Upload Control C:\WINDOWS\Downloaded Program Files\PURen-us.dll
MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
NAVAPI C:\WINDOWS\Downloaded Program Files\navapi32.dll
PC Pitstop C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
PC Pitstop C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll
PhotoCenter Active X control C:\WINDOWS\Downloaded Program Files\Photochannel.dll
Process Scanner C:\WINDOWS\Downloaded Program Files\sabspx.dll
Remote200Web.ocx C:\WINDOWS\Downloaded Program Files\Remote200Web.ocx
RNT Live Collaboration C:\WINDOWS\Downloaded Program Files\RntX.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\naveng32.dll
Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\navex32a.dll
Symantec Security Check C:\WINDOWS\Downloaded Program Files\avsniff.dll
Symantec Security Check C:\WINDOWS\Downloaded Program Files\rufsi.dll
TODO: <Product name> C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll
Unity Player C:\Documents and Settings\jbandt\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
View22 Runtime Engine C:\WINDOWS\Downloaded Program Files\View22RTE.dll
WholeSecurity Confidence Online™ for C:\WINDOWS\Downloaded Program Files\AXXPEE.dll
Windows Live Photo Upload Control C:\WINDOWS\Downloaded Program Files\CONFLICT.9\MsnPUpld.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
zsetup.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.1\zsetup.exe
zsetup.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.2\zsetup.exe
zsetup.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.3\zsetup.exe
zsetup.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.4\zsetup.exe
zsetup.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.5\zsetup.exe
zsetup.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.6\zsetup.exe
zsetup.exe C:\WINDOWS\Downloaded Program Files\CONFLICT.7\zsetup.exe
zsetup.exe C:\WINDOWS\Downloaded Program Files\zsetup.exe
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll


Missing files
-------------
File not found: c:\program files\superantispyware\sasseh.dll
--> HKLM\Software\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\InprocServer32\"(default)"


Scan
----
MD5: 09b4e13d25623d879d35286e2d29ff13 C:\Documents and Settings\jbandt\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
MD5: 84cbd6f6aa7ee399fbdc265b8ea64474 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 9e1448bd5398ab3203c23ca58dae7b9f C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
MD5: ba0ed7aa3c36a8da27ded1d6b3508158 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 280d33db8697fdef8ccf2b9eef9ea5cb C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: a1d2e1b46e79ce3081607fb88de2909b C:\Program Files\Common Files\HHD Software\Device Monitor\ndmshlp.sys
MD5: 910344e2a984010435ae84783b25e5eb C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
MD5: 0ac731a0956af6092f76e8f5159d00c1 c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
MD5: b73b5999d47cd9727264f557626bce3a C:\Program Files\Common Files\Motive\npMotive.dll
MD5: bae04007a679893e975a2b75e9e001e9 C:\Program Files\Common Files\Motive\pcCMService.exe
MD5: e1c0314091475b69311e7fecea7d5b6b C:\Program Files\Dell Photo AIO Printer 964\dlcjcnv4.dll
MD5: ef02ffa40dd3b8b36e892af66dfa2e05 C:\Program Files\Dell Photo AIO Printer 964\dlcjdrs.dll
MD5: c3ed032af1c30f92546a698cc7173605 C:\Program Files\ESET\ESET Smart Security\egui.exe
MD5: a999f363006b3c7e5600d46f339abe3e C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll
MD5: 6da0496a2b907a7003991a2c16583362 C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll
MD5: 67e1e562bc092a2c0ed0e22f3942b34c C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll
MD5: 571924da473f79aa51289022c196d5a6 C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll
MD5: 2dfef88e99d9ade243d39af4c8296103 C:\Program Files\ESET\ESET Smart Security\eguiHips.dll
MD5: eafd199679ff274cf5b7d1212ffb7cfe C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll
MD5: 9b95a0b760c3f9dddc0c51a910de1d4b C:\Program Files\ESET\ESET Smart Security\eguiParental.dll
MD5: 5ee6b7d2a1de24291f82af1941b89f60 C:\Program Files\ESET\ESET Smart Security\eguiScan.dll
MD5: f70f3d6e667aba2287d28296f55d3e47 C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll
MD5: 86ebf2017fa2641e1529f4ae52f29942 C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll
MD5: c7bb95cf9631aa401e4aded1648f6af7 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
MD5: 2e70a8b199aed648b2568bbabc7ca9d0 C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll
MD5: 3629d654b61c49ee199b6c7822d5645d C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll
MD5: 56a494af81a76498e93ed0091f9557e4 C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll
MD5: 3ad81066de62d6d639e6231cddc56261 C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll
MD5: d23bbc0827b1d8730c8c1cfa1d82ccd5 C:\Program Files\ESET\ESET Smart Security\ekrnHips.dll
MD5: 225b0dfb3490fd7860b0c12a8103031a C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll
MD5: 4c99f8dcf76c69f754c2d086d14390f3 C:\Program Files\ESET\ESET Smart Security\ekrnParental.dll
MD5: aa7f66b5d4b20a8bf4d0607ecfa0d274 C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll
MD5: 6348797e6564e03bf59f68c6b814521e C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll
MD5: 8bd055a8eb90193b72f5175fa8506156 C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll
MD5: a63cff7986d4c443b21988b726e9e30a C:\Program Files\ESET\ESET Smart Security\shellExt.dll
MD5: f26102500a90e72fa73e9ab40c1dfb81 C:\Program Files\ESET\ESET Smart Security\updater.dll
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: 5599a43195dde9f74c0574e255785a1c C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
MD5: b98460d74971f0223c2884779c3777f5 C:\Program Files\HHD Software\Free Serial Port Monitor\sermon.sys
MD5: a38bf37fd0795382655f756dd4446fa0 C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
MD5: 028fd0e10b2248c75f07e2fec2562e2e C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 3ca2dfd1ee857cde7dccf4235f52d142 C:\Program Files\Internet Explorer\pdm.dll
MD5: 0a7b01235b1cbfa387b04a91e2f2b7d0 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: bc95b80d8699f3ecccc467bff97fd9a4 C:\Program Files\Internet Explorer\xpshims.dll
MD5: 92e16f5d034e7864da308ba6309a98b7 C:\Program Files\Java\jre7\bin\jqs.exe
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files\Java\jre7\bin\MSVCR100.dll
MD5: b79d24796bfc2432c88f762d40c9d9be C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 9013599b12923a45c029c34e8d2211ac c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
MD5: 9865516d33bc66fddac9db4087d4b6aa C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
MD5: b3d48feb1bb6d341e9747f6e165d248d C:\Program Files\NOS\bin\np_gp.dll
MD5: e424b8d2cd6e3772d21d1a5edca3e097 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\Shellex.dll
MD5: e9000819976ed91686f34a6c727b45ab C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
MD5: a1a36682df22777834e1c37f3c79aec2 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
MD5: 7eaed08ccca4ddde61a388c82598cfa9 C:\Program Files\Windows Media Player\wmpnscfg.exe
MD5: e9a73e376b26d5243f7a418a0c548929 C:\Program Files\Windows Media Player\wmpnssci.dll
MD5: 42d08a04bea63d24545c543583bc5d7a C:\Program Files\Yahoo!\Common\Ymmapi.dll
MD5: 9bd4dcb5412921864a7aacdedfbd1923 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
MD5: 2bc9e43f55de8c30fc817ed56d0ee907 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
MD5: 594b9d8194e3f4ecbf0325bd10bbeb05 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
MD5: 07c02c892e8e1a72d6bf35004f0e9c5e C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 16e68f1db0e37c13a5fb5f9611a38edc C:\WINDOWS\DNSAPI.dll
MD5: 24e4c0c73803467e1ddda85401099a9c C:\WINDOWS\Downloaded Program Files\arclib.dll
MD5: 343ecc0a8471f75ccba7f9b72e07c056 C:\WINDOWS\Downloaded Program Files\avsniff.dll
MD5: 89fc32904cee56bcffe963e6c22ffb46 C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll
MD5: 9c2410960d8425bb70161787ff2fd8a1 C:\WINDOWS\Downloaded Program Files\AXXPEE.dll
MD5: 4bb1d03dfdfbbc51a7ec5d65d269ef42 C:\WINDOWS\Downloaded Program Files\CONFLICT.1\hrtbeat.ocx
MD5: 8ea28fd993edc7e7a373b7e79234facd C:\WINDOWS\Downloaded Program Files\CONFLICT.1\zsetup.exe
MD5: 4bb1d03dfdfbbc51a7ec5d65d269ef42 C:\WINDOWS\Downloaded Program Files\CONFLICT.2\hrtbeat.ocx
MD5: 8ea28fd993edc7e7a373b7e79234facd C:\WINDOWS\Downloaded Program Files\CONFLICT.2\zsetup.exe
MD5: 4bb1d03dfdfbbc51a7ec5d65d269ef42 C:\WINDOWS\Downloaded Program Files\CONFLICT.3\hrtbeat.ocx
MD5: 8ea28fd993edc7e7a373b7e79234facd C:\WINDOWS\Downloaded Program Files\CONFLICT.3\zsetup.exe
MD5: 4bb1d03dfdfbbc51a7ec5d65d269ef42 C:\WINDOWS\Downloaded Program Files\CONFLICT.4\hrtbeat.ocx
MD5: 8ea28fd993edc7e7a373b7e79234facd C:\WINDOWS\Downloaded Program Files\CONFLICT.4\zsetup.exe
MD5: 8ea28fd993edc7e7a373b7e79234facd C:\WINDOWS\Downloaded Program Files\CONFLICT.5\zsetup.exe
MD5: 8ea28fd993edc7e7a373b7e79234facd C:\WINDOWS\Downloaded Program Files\CONFLICT.6\zsetup.exe
MD5: 4bb1d03dfdfbbc51a7ec5d65d269ef42 C:\WINDOWS\Downloaded Program Files\CONFLICT.7\hrtbeat.ocx
MD5: 8ea28fd993edc7e7a373b7e79234facd C:\WINDOWS\Downloaded Program Files\CONFLICT.7\zsetup.exe
MD5: 03f57e8a00774d831926dac89b21bb2d C:\WINDOWS\Downloaded Program Files\CONFLICT.9\PURen-us.dll
MD5: 20c3403d5bc63883d8e2f3eddc340aff C:\WINDOWS\Downloaded Program Files\cpcScan.dll
MD5: 492016673352550a7d4d10b9b1424771 C:\WINDOWS\Downloaded Program Files\DellSystemLite.ocx
MD5: 5689c59c70ec84831fffdad1daa8da3a C:\WINDOWS\Downloaded Program Files\DiskFAU.dll
MD5: 03ca4a509e1b0e59005a731f54eb9481 C:\WINDOWS\Downloaded Program Files\ecmldr32.dll
MD5: 4ac19e1411e041acf72fdde28f0fb4f5 C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll
MD5: f669bb0c5bd19485b73792499f6f2b34 C:\WINDOWS\Downloaded Program Files\eCTUploader_01.ocx
MD5: b284992540e0fa2b76dea56f93d49a16 C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll
MD5: 973bed9e093595295fe2d5e81fefb35c C:\WINDOWS\Downloaded Program Files\gp.ocx
MD5: 08e21249e03578574c8461c9e09c46a8 C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
MD5: 4bb1d03dfdfbbc51a7ec5d65d269ef42 C:\WINDOWS\Downloaded Program Files\hrtbeat.ocx
MD5: 9c46617bc4104e57391cb79a8f8c3912 C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
MD5: 5002991ada7920b35e46e7ea80c134fe C:\WINDOWS\Downloaded Program Files\isusweb.dll
MD5: fc901291cf0fb98dad8cc2961f3db50e C:\WINDOWS\Downloaded Program Files\LogitechDeviceDetection32.ocx
MD5: d2fb109c3f0daaaa4a73e5921656db3e C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
MD5: ca74a39806ecd04fd412eabcb70473c9 C:\WINDOWS\Downloaded Program Files\navapi32.dll
MD5: 1dd3f8abc79f4def3a4d1cab87220d84 C:\WINDOWS\Downloaded Program Files\naveng32.dll
MD5: b27b9b59aa7e3a129c1c5a12033d7e2d C:\WINDOWS\Downloaded Program Files\navex32a.dll
MD5: e00edfd12db5bd254869a9982b7d869e C:\WINDOWS\Downloaded Program Files\PCPitstop.dll
MD5: cd063f6780842f1584e2873e23bb9ad0 C:\WINDOWS\Downloaded Program Files\pcpitstop2.dll
MD5: 1af873d82d3d6e4ea80026c82ab8e5c6 C:\WINDOWS\Downloaded Program Files\Photochannel.dll
MD5: f06a42348dafd569a82df4a61f57b8e4 C:\WINDOWS\Downloaded Program Files\PURen-us.dll
MD5: 56940b50ab0e5923822f47b0e4463885 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 14ab6f1e7182327aa41d6a627a73ba68 C:\WINDOWS\Downloaded Program Files\Remote200Web.ocx
MD5: 8876464e526f1f1742d52656fbdf69c7 C:\WINDOWS\Downloaded Program Files\RntX.dll
MD5: cd3b77503b06d3b38122f30fb64bd4a6 C:\WINDOWS\Downloaded Program Files\rufsi.dll
MD5: b2ba62258e77d34b4ea0a30ed408bbb9 C:\WINDOWS\Downloaded Program Files\sabspx.dll
MD5: 3d9371e944259d20e828a08acbe9ef62 C:\WINDOWS\Downloaded Program Files\ticker13.ocx
MD5: 7832ffa39a5dfd116057d9f9e619456c C:\WINDOWS\Downloaded Program Files\vete.dll
MD5: 8ffdb527a2790036765f952dfb69a6f2 C:\WINDOWS\Downloaded Program Files\VideoViewer.ocx
MD5: a04532dd3a7857601dface493b96d79f C:\WINDOWS\Downloaded Program Files\View22RTE.dll
MD5: 83272041a03a9d4381faab718ab1bef7 C:\WINDOWS\Downloaded Program Files\webscan.dll
MD5: 9ea94132e01979f0867243de7d151a26 C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
MD5: 8ea28fd993edc7e7a373b7e79234facd C:\WINDOWS\Downloaded Program Files\zsetup.exe
MD5: 2a3748adca7fdb61b58dc9cb3d329e60 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
MD5: 1c88cf5977c016a37bfac1178daa7822 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: f98b0b2789436e072d7ed979c4e44d07 C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: faf62c918802e1e2068075abd58a0af0 C:\WINDOWS\system32\Ati2edxx.dll
MD5: 40f02b8460ac817ea0cea2e0cab4c2ed C:\WINDOWS\SYSTEM32\ati2evxx.exe
MD5: cfd4e51402da9838b5a04ae680af54a0 c:\windows\system32\browser.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: 638549431887f59905f28a38f82d31e8 C:\WINDOWS\system32\COMMONFX.DLL
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: 64416c6e07606720c1ece6dd374bdffd C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: 6191a973461852a09d643609e1d5f7c6 C:\WINDOWS\system32\CT20XUT.DLL
MD5: 519eabe1cdd2342fff6648b0189558b5 C:\WINDOWS\system32\CTAUDFX.DLL
MD5: 6a57f82009563aee8826f117e1d3c72c C:\WINDOWS\system32\CTEAPSFX.DLL
MD5: c8ac1ffaeadd655193d7b1811a572d8d C:\WINDOWS\system32\CTEDSPFX.DLL
MD5: 44495d9daf675257d00b25b041ee6667 C:\WINDOWS\system32\CTEDSPIO.DLL
MD5: 8e90b1762cb42e2fc76dac9210c83c66 C:\WINDOWS\system32\CTEDSPSY.DLL
MD5: d3fbd9983325435b06795f29cb57ed3d C:\WINDOWS\system32\CTERFXFX.DLL
MD5: 2c48e9d8ca703964463f27ae341115b7 C:\WINDOWS\system32\CTEXFIFX.DLL
MD5: f7657c598e7c29c6683c1e4a8dd68884 C:\WINDOWS\system32\CTHWIUT.DLL
MD5: 9a559c11882a134d1efda87346d51bd0 C:\WINDOWS\system32\CTSBLFX.DLL
MD5: 3c8b6609712f4ff78e521f6dcfc4032b C:\WINDOWS\system32\CTsvcCDA.EXE
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 75b30b9ea32fe7d8bbc332d3b944ad46 C:\WINDOWS\system32\dla\tfsnboio.sys
MD5: b811a431b14694d88eb5befaa55b4501 C:\WINDOWS\system32\dla\tfsncofs.sys
MD5: f5e2cf2144f1fe51dadd6e9063d311eb C:\WINDOWS\system32\dla\tfsndrct.sys
MD5: e32b32045b6b914fd4caae8be6ca7e8a C:\WINDOWS\system32\dla\tfsndres.sys
MD5: 43034b10a94d1c6f13a1a0e848f51226 C:\WINDOWS\system32\dla\tfsnifs.sys
MD5: f5ee0faafde37326ea35acbfa5defd3d C:\WINDOWS\system32\dla\tfsnopio.sys
MD5: 597348eb65b3e19709e9a45ca2b30b61 C:\WINDOWS\system32\dla\tfsnpool.sys
MD5: 767affd52432a0f7e7d39f6ff64401f4 C:\WINDOWS\system32\dla\tfsnudf.sys
MD5: 2806b2fd00263ccd90cc0638c6139eb0 C:\WINDOWS\system32\dla\tfsnudfa.sys
MD5: c54afc665e2f21ff8368b1a74c4e8a71 C:\WINDOWS\system32\dlcjcfg.dll
MD5: 977650f458451a4def48c9c095b49573 C:\WINDOWS\system32\dlcjcomc.dll
MD5: 3a5f8eb57f6d42ef87d0026ffeecb087 C:\WINDOWS\SYSTEM32\dlcjcoms.exe
MD5: 1df9468dbfb9a90f2e5f6b4151f9467a C:\WINDOWS\system32\dlcjlmpm.DLL
MD5: 80059a179f917cc23271c4bb61db05bb C:\WINDOWS\system32\dlcjpplc.dll
MD5: 7339879d5ae9df9131b19793d7c08caa C:\WINDOWS\system32\dlcjprox.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: f69189eb97b118b690acca93760ad738 c:\windows\system32\dot3gpclnt.dll
MD5: ea39da293c8bbaa0f89419ba64734cc7 c:\windows\system32\dot3msm.dll
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: a1ea42f5d92b8af153fade3f3d10a428 C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
MD5: f09651f0f4c2adb92dae12bed672fa80 C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
MD5: 04980fc44329263f318d45325a525f06 C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
MD5: a7dd7088e2c987dbcb3f4d6d56f723bd C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: 4826fcf97c47b361a2e2f68cd487a19e C:\WINDOWS\system32\DRIVERS\b57xp32.sys
MD5: 5d7be7b19e827125e016325334e58ff1 C:\WINDOWS\System32\Drivers\BANTExt.sys
MD5: 1e41b8a10b9d78240c8bfacc269db155 C:\WINDOWS\System32\drivers\ctac32k.sys
MD5: 9bf1aa0eac9c7d33ce4d8a152e151f60 C:\WINDOWS\system32\drivers\ctaud2k.sys
MD5: 29f78d59b053cb8778f8426e4e24099c C:\WINDOWS\System32\drivers\ctdvda2k.sys
MD5: c52548b920482db03af8b49babd9fc48 C:\WINDOWS\system32\drivers\ctoss2k.sys
MD5: a6f4c70da545230d001915d8eb08d881 C:\WINDOWS\System32\drivers\ctprxy2k.sys
MD5: b39e55c1c5e28e016ee3848f2e34c205 C:\WINDOWS\System32\drivers\ctsfm2k.sys
MD5: e814854e6b246ccf498874839ab64d77 C:\WINDOWS\system32\drivers\drvmcdb.sys
MD5: ee83a4ebae70bc93cf14879d062f548b C:\WINDOWS\system32\drivers\drvnddm.sys
MD5: 9309c5c9831203436e64cf2ae605c5d7 C:\WINDOWS\system32\DRIVERS\eamon.sys
MD5: deff87f04ab5f6dd5edf2b80853bbe10 C:\WINDOWS\system32\DRIVERS\ehdrv.sys
MD5: 5d70013d7e6602ec0a482f2985558c2d C:\WINDOWS\System32\drivers\emupia2k.sys
MD5: 5ba193ca0ae31209aaa39939ce6736b2 C:\WINDOWS\system32\DRIVERS\epfw.sys
MD5: 75d3bcd3e0eded0ab0f96d9a10ff01c9 C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
MD5: dc64f26f35e32c9472bbf8acd84060d3 C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
MD5: b283f1bc1ff852bd232449a4b3e3ce63 C:\WINDOWS\system32\drivers\ftdibus.sys
MD5: 678a73f56ddf84a08c31123c386e9967 C:\WINDOWS\system32\drivers\ftser2k.sys
MD5: 7ec50a84b89dae3458cb0308739b80de C:\WINDOWS\System32\drivers\ha10kx2k.sys
MD5: 02a6bad64177c56d8b86b198b38db361 C:\WINDOWS\System32\drivers\hap16v2k.sys
MD5: a595b88ad16d8b5693ddf08113caf30e C:\WINDOWS\system32\drivers\hap17v2k.sys
MD5: d7731536e183b4397402ca6f9e1d52f7 C:\WINDOWS\system32\DRIVERS\iaStor.sys
MD5: 7509c548400f4c9e0211e3f6e66abbe6 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
MD5: 9584ffdd41d37f2c239681d0dac2513e C:\WINDOWS\system32\DRIVERS\IntelC52.sys
MD5: cf0b937710cec6ef39416edecd803cbb C:\WINDOWS\system32\DRIVERS\IntelC53.sys
MD5: 3ce13abc9f612e08f6b23eecc63780e4 C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
MD5: be2dc24d403643a2d1d98f33c7087b38 C:\WINDOWS\System32\Drivers\LBeepKE.sys
MD5: 01cc7fb6e790ef044b411377f3a1ff41 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
MD5: a2e7eae8898d7b4b8c302b8f4e836bb5 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
MD5: a7da20ab18a1bdae28b0f349e57da0d1 C:\WINDOWS\system32\DRIVERS\mf.sys
MD5: 59b8b11ff70728eec60e72131c58b716 C:\WINDOWS\system32\DRIVERS\mohfilt.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: 241c985de3ab9f73568fe3b181dc70f4 C:\WINDOWS\system32\DRIVERS\NmPar.sys
MD5: 6489dd8e27d70bee2897681b46b76bd1 C:\WINDOWS\system32\DRIVERS\nmserial.sys
MD5: 53d5f1278d9edb21689bbbcecc09108d C:\WINDOWS\system32\DRIVERS\omci.sys
MD5: fefc8ebc170615068c3305dbee2667dd C:\WINDOWS\system32\drivers\PfModNT.sys
MD5: 365622e1f0b6d5f9871d76e89bf0501a C:\WINDOWS\system32\DRIVERS\psi_mf.sys
MD5: 30cbae0a34359f1cd19d1576245149ed C:\WINDOWS\System32\Drivers\PxHelp20.sys
MD5: 2d7ebbee1addaa91704db206205073d3 C:\WINDOWS\system32\DRIVERS\ser2pl.sys
MD5: 1f16931c722c69e4a7866244796c66a0 C:\WINDOWS\system32\DRIVERS\sermouse.sys
MD5: 68fc62a72bd6d8e9dfe3718440be94a0 C:\WINDOWS\system32\DRIVERS\snapman.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: d7968049be0adbb6a57cee3960320911 C:\WINDOWS\system32\drivers\sscdbhk5.sys
MD5: c3ffd65abfb6441e7606cf74f1155273 C:\WINDOWS\system32\drivers\ssrtln.sys
MD5: 3b7b6779eb231f731bba8f9fe67aadfc C:\WINDOWS\system32\DRIVERS\tdrpman.sys
MD5: b0b3122bff3910e0ba97014045467778 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
MD5: 13bfe330880ac0ce8672d00aa5aff738 C:\WINDOWS\system32\DRIVERS\timntr.sys
MD5: 0bcb0ebc1b08fa384ec68f253c7253ef C:\WINDOWS\System32\eapphost.dll
MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll
MD5: 8e091559ee14792d81b47ba26501ff42 C:\WINDOWS\system32\fxsperf.dll
MD5: d573deb87cb2df4e5116d2a4e284eab4 C:\WINDOWS\system32\ieframe.dll
MD5: ff5dc0e7b0fb876523751bc39b0ffc9f C:\WINDOWS\system32\iepeers.dll
MD5: 0579cc3b95edd1ce664a35e016f3dd58 C:\WINDOWS\system32\iertutil.dll
MD5: ffc01a72d1c25ccb39f61b202ce60819 C:\WINDOWS\system32\IMAGEHLP.dll
MD5: 1e6c47b63cd2f812de0f4a9f610fabb4 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 3879d931fbb110292a16c8a3a11d7ed4 c:\windows\system32\l2gpstore.dll
MD5: 6358c181bf021970a897c1fab0ecf5d2 C:\WINDOWS\system32\loadperf.dll
MD5: 5677dfe438ec1f009273fc84feed6b10 C:\WINDOWS\system32\localspl.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: c7d41058eeb57f425fbd1585f9de71c4 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_4_402_265.ocx
MD5: b2b64af436faccfa854dd397027c5360 C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: f6f2bfc17069eb335acceef7595f9302 C:\WINDOWS\system32\MFC42u.DLL
MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime
MD5: 3d811bf538d6f359735d757c94f484b6 C:\WINDOWS\system32\msdbg2.dll
MD5: 92e1a82ca4b048d1d970cbea1a097f6e C:\WINDOWS\system32\MSDTCPRX.dll
MD5: 39c6377f5cfff489f3f04f442d076442 C:\WINDOWS\system32\msdtcuiu.DLL
MD5: df3c3ca94cbc9de07ac3eb49440a8d45 C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: 668056d5c3c11ab7d266819a96b964e8 C:\WINDOWS\system32\MsPMSPSv.exe
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: acfee2392503dd5e457363a0510b8bcb C:\WINDOWS\system32\msxml3.dll
MD5: a0ae7f043497c9971e9d7fe291099d40 C:\WINDOWS\system32\msxml6.dll
MD5: cac752bf84db4666ed3ce0948e6ea937 C:\WINDOWS\system32\NETAPI32.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\oleacc.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: dbe2b62353660ecca0d75ea307a717e9 C:\WINDOWS\system32\Perfctrs.dll
MD5: 913af88b0291d7d3a0fdc92f5e1cc7d7 C:\WINDOWS\system32\perfnet.dll
MD5: 7efd2114ead1ac72342610d7192bfb32 C:\WINDOWS\system32\perfts.dll
MD5: b2cf9f1f606dec23f70a40b01df3c396 C:\WINDOWS\system32\printui.dll
MD5: b0b0d7905ac71bc278f17f455e182611 C:\WINDOWS\System32\rasctrs.dll
MD5: 15f358c5e19c441014d559aae6c8a2e5 C:\WINDOWS\system32\relog_ap.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: f9dd799e07ed5028db2f1ffea72c9357 C:\WINDOWS\System32\rsvpperf.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: 0f64207b49390c8063c36ae7cbf9c2db C:\WINDOWS\System32\SCHANNEL.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: 6843d54bc4a40cc8c5741af750233d10 C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: c54afc665e2f21ff8368b1a74c4e8a71 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcjCFG.dll
MD5: 2ea42f68feb7543185117fde13467506 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcjDR5C.DLL
MD5: 73bed78eb36aca9f093f8579aa1f39ff C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcjflib.dll
MD5: 2e74c0b4f6be2e78d4b993230311f220 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcjHPEC.DLL
MD5: b45fa6bc65899fd9c5bb73e28a4f81b8 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcjPRPR.DLL
MD5: c1f0bd86e7d9c8ef17bec6e677a38929 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll
MD5: c81dace6cac3dbdc6cd6be6d908aa09b C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcjtsfw.dll
MD5: 5852f52f13fce6192aea32a0b057380b C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dlcjUI5C.DLL
MD5: 0a5702cdf88c3ba16e54ac6714432c44 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dlcjPP5C.dll
MD5: 7f6ea9d43cf1953f3a675ea29b55f016 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxPrint2000.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\SYSTEM32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 5e453cb99df0838226defc05f3484cdf C:\WINDOWS\system32\ssmypics.scr
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll
MD5: 6951b89b4f591aa694048a6cd0e5224a C:\WINDOWS\system32\tapiperf.dll
MD5: 9371862d37e8f0af21e4dea95e867c39 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 9d39d9e07c180127252e176ec2b41487 C:\WINDOWS\system32\UTILDLL.dll
MD5: 75ee1625ad8b52c5faa1ccb1b82fb750 C:\WINDOWS\system32\wbem\wmiaprpl.dll
MD5: 627b55fad15c6b03b44198afbeebab1a C:\WINDOWS\system32\WgaLogon.dll
MD5: c123ed509dd563e0020db4ca68d3b43b C:\WINDOWS\system32\WIAFBDRV.DLL
MD5: 291778dfebaa278b451d457b03c10ac1 C:\WINDOWS\system32\win32spl.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\system32\WINHTTP.dll
MD5: ff1c14bca1a797ce45dd359fa2c9eda8 C:\WINDOWS\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\system32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll
MD5: 95f5c420e9bdd4c3569602911420a774 C:\WINDOWS\system32\WINTRUST.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\SYSTEM32\wscntfy.exe
MD5: fc3ec24fce372c89423e015a2ac1a31e C:\WINDOWS\system32\wuaueng.dll
MD5: bdc0c99e472176c8c2c853a68adc5073 C:\WINDOWS\system32\wups2.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80U.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 80776884e7a05d6da5040926f82b0273 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 1.22 KB recvd
Scanned 742 files and modules - 110 seconds

==============================================================================


RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : jbandt [Admin rights]
Mode : Scan -- Date : 10/06/2012 22:20:50

Bad processes : 2
[SUSP PATH][DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\WINDOWS\DNSAPI.dll -> UNLOADED
[SUSP PATH][DLL] explorer.exe -- C:\WINDOWS\explorer.exe : C:\WINDOWS\DNSAPI.dll -> UNLOADED

Registry Entries : 4
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [LOADED]

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


MBR Check:

+++++ PhysicalDrive0: WDC WD7501AALS-00E3A0 +++++
--- User ---
[MBR] f81f2b0dbe27e391ceae86992d3be2c4
[BSP] 80988eb7bf761f43dce2f64e0538fb5a : Standard MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 298 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 610470 | Size: 700553 Mo
2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 1435343490 | Size: 14551 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




Thanks again.

#5 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:35 PM

Posted 07 October 2012 - 01:49 PM

See Grinler's article here
http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware

See the section titled Automated Removal Instructions
Follow his instructions to get into Safe Mode with Networking
and do the rest of the steps listed after that (including the tool from from Emsisoft

Report back with the results.

Please do NOT use this system for any websurfing or any online transactions or online games.

Note: you have ESET security suite, but the system shows leftovers of AVG & ZoneAlarm !!! we will need cleanups later.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#6 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 08 October 2012 - 04:32 PM

Here is the results of the Emsisoft scan:
Emsisoft Emergency Kit - Version 2.0
Last update: 10/7/2012 9:02:41 PM

Scan settings:

Scan type: Deep Scan
Objects: Rootkits, Memory, Traces, C:\, F:\, G:\
Scan archives: On
ADS Scan: On

Scan start: 10/7/2012 9:09:22 PM

c:\windows\downloaded program files\rntx.dll detected: Trace.File.bridge!E1
c:\windows\downloaded program files\rntx.inf detected: Trace.File.bridge!E1
Key: hkey_classes_root\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225} detected: Trace.Registry.coolsavings!E1
Key: hkey_classes_root\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225} detected: Trace.Registry.coolsavings!E1
Key: hkey_local_machine\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/cpnmgr.dll detected: Trace.Registry.coolsavings!E1
Value: hkey_current_user\software\viewpoint\content debugger --> viewpoint manager detected: Trace.Registry.viewpoint media toolbar!E1
Value: hkey_current_user\software\viewpoint\content debugger --> viewpoint manager installer detected: Trace.Registry.viewpoint media toolbar!E1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP854\A2746786.exe detected: Win32.SuspectCrc!E2
C:\Documents and Settings\jbandt\Local Settings\temp\jar_cache6895027936102306689.tmp -> reload-a.class detected: Trojan-Downloader.Java.OpenStream!E2
C:\Documents and Settings\jbandt\Local Settings\temp\jar_cache6895027936102306689.tmp -> reload-b.class detected: Trojan-Downloader.Java.OpenStream!E2
C:\Documents and Settings\jbandt\Local Settings\temp\PUMSKE -> reload-a.class detected: Trojan-Downloader.Java.OpenStream!E2
C:\Documents and Settings\jbandt\Local Settings\temp\PUMSKE -> reload-b.class detected: Trojan-Downloader.Java.OpenStream!E2

Scanned 598564
Found 12

Scan end: 10/8/2012 6:12:06 AM
Scan time: 9:02:44

I've downloaded a newer version of the Secunia PSI and running a scan as I type this.

#7 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:35 PM

Posted 09 October 2012 - 10:27 AM

Tell me, if you had the Emsisoft tool remove the items above. yes/no ?


Download TFC by OldTimer and SAVE it to your desktop
  • Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Next,
Make a new run with DDS
Copy and Paste contents of the new DDS.txt

And tell me, How is the system now ?
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#8 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 09 October 2012 - 06:52 PM

On your Question of the files. I put them in quarantine like the steps called for. The webpages and other stuff seem to be opening a litter faster, not as much hesitation.

New DDS.txt


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by jbandt at 19:39:05 on 2012-10-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2425 [GMT -4:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Secunia\PSI\sua.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = localhost
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - ZoneAlarm Security Engine Registrar
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} -
EB: Copernic Agent Results: {6f480f82-c3a6-4d35-96f7-b297ad49fbe8} - c:\program files\copernic agent\CopernicAgentExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: $talisma_url$
Trusted Zone: 1stpeoplesbank.com\www
Trusted Zone: 1stpeoplesbankhb.com\www
Trusted Zone: bankofamerica.com\www
Trusted Zone: bleepingcomputer.com\www
Trusted Zone: excite.com
Trusted Zone: excite.com\registration
Trusted Zone: excite.com\www
Trusted Zone: grc.com\www
Trusted Zone: hsbccreditcard.com\www
Trusted Zone: keithandschnars.com\www
Trusted Zone: live.com\bl145w.blu145.mail
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
Trusted Zone: msn.com\www
Trusted Zone: netflix.com
Trusted Zone: netflix.com\movies
Trusted Zone: onlinecreditcenter6.com\www
Trusted Zone: prescriptionsolutions.com\www
Trusted Zone: sirius.com\www
Trusted Zone: state.fl.us\fdotnfuse.dot
Trusted Zone: techguy.org\www
Trusted Zone: virusvault.co.uk\www
Trusted Zone: wellsfargo.com\online
Trusted Zone: yahoo.com\att.my
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://fdotnfuse.dot.state.fl.us/Citrix/ICAWEB/en/ica32/wficat.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://pbells.broadjump.com/wizlet/iw60/static/controls/WebflowActiveXInstaller_4-0-0.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://dvr.floridanexuspark.com/RemoteWeb.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120083437937
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348267800671
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://doliver.earthcam.net/viewer/AMC.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {8D3314D6-5914-46C1-9F3D-9F14B6A305F1} - hxxp://www.mytpi.com/mytpi05/eval/ectuploader.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://hgtv1.view22.com/view22/app/view22rte.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://livewc01.custhelp.com/7550-b415h-quickenmedical/rnl/java/RntX.cab
DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} - hxxp://fdl.msn.com/public/investor/v13/ticker.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.paslc.org/acgm/f2_acgm.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{23473EEF-A2C0-490E-A49D-93A5EB42419F} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2009-10-28 12184]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-7-11 361472]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-9-24 656480]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
R3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-7-31 80256]
R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2008-7-31 70016]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S2 ISWKL;ZoneAlarm ForceField ISWKL;\??\c:\program files\checkpoint\zaforcefield\iswkl.sys --> c:\program files\checkpoint\zaforcefield\ISWKL.sys [?]
S2 IswSvc;ZoneAlarm ForceField IswSvc;"c:\program files\checkpoint\zaforcefield\iswsvc.exe" --> c:\program files\checkpoint\zaforcefield\IswSvc.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2011-11-21 250808]
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2006-3-16 36960]
S3 gupdate1c9c9186781a4fc;Google Update Service (gupdate1c9c9186781a4fc);c:\program files\google\update\GoogleUpdate.exe [2009-4-29 133104]
S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?]
S3 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe --> c:\progra~1\mcafee.com\agent\mctskshd.exe [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe --> c:\progra~1\mcafee.com\agent\mcupdmgr.exe [?]
S3 NDMSHLP;Device Monitor Helper Driver;c:\program files\common files\hhd software\device monitor\NDMSHLP.sys [2005-5-24 7632]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-12 14336]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-9-24 1328736]
S3 SerMon;Serial Monitor Filter Driver;c:\program files\hhd software\free serial port monitor\sermon.sys [2005-5-24 18432]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-12 14336]
S4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\mcdetect.exe --> c:\program files\mcafee.com\agent\mcdetect.exe [?]
.
=============== Created Last 30 ================
.
2012-10-09 00:49:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-09 00:49:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 21:27:47 -------- d-----w- c:\documents and settings\jbandt\local settings\application data\Secunia PSI
2012-10-08 21:27:32 -------- d-----w- c:\program files\Secunia
2012-10-07 02:15:13 -------- d-----w- c:\documents and settings\jbandt\application data\QuickScan
2012-09-20 02:54:31 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
.
==================== Find3M ====================
.
2012-10-09 09:40:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 09:40:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 00:48:26 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-09 00:48:25 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 19:40:33.87 ===============

#9 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:35 PM

Posted 10 October 2012 - 11:34 AM

You have the ESET Smart Security suite, right ?

You need to remove leftover traces of AVG:
AVG 2012 Remover Tool 32-bit
http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x86_2012_2125.exe

AVG 2012 Remover Tool 64-bit
http://download.avg.com/filedir/util/avgrem/avg_remover_stf_x64_2012_2125.exe

Note from AVG: AVG Remover utility removes all parts of AVG installation on your computer, including registry items, installation and user files on your disk, etc. AVG Remover is the last option to be used in case the AVG uninstallation / repair installation process has failed repeatedly. Warning: All AVG user settings will be removed after the uninstallation, as well as the Virus Vault content and other item related to AVG installation and use. During the removal procedure you will be asked to restart your computer. Therefore please make sure to finish your work and to save all important data prior to AVG Remover launch.

You need to remove leftover traces of ZoneAlarm:
Get / download and SAVE the ZA removal tool from here http://download.zonealarm.com/bin/free/support/download/clean.exe

Then double-click the exe to start it.

Once all done, be sure to restart the system fresh.

Advise me after all is done, with the results.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#10 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 10 October 2012 - 03:00 PM

Yes, ESET Smart Security suite is the program that I'm using now. I did the AVG removal, but I had trouble with the ZoneAlarm one. It kept taking me to a product down load page. I couldn't find the clean.exe download link. Sorry. Also do I need to delete the files that I put in the quarantine of Emsisoft tool? PS: I disabled my Eset and manually typed in the address for zonealarm tool. After it ran I did anouther dds scan

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by jbandt at 19:11:45 on 2012-10-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2371 [GMT -4:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files\Secunia\PSI\sua.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = localhost
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - ZoneAlarm Security Engine Registrar
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} -
EB: Copernic Agent Results: {6f480f82-c3a6-4d35-96f7-b297ad49fbe8} - c:\program files\copernic agent\CopernicAgentExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: $talisma_url$
Trusted Zone: 1stpeoplesbank.com\www
Trusted Zone: 1stpeoplesbankhb.com\www
Trusted Zone: bankofamerica.com\www
Trusted Zone: bleepingcomputer.com\www
Trusted Zone: excite.com
Trusted Zone: excite.com\registration
Trusted Zone: excite.com\www
Trusted Zone: grc.com\www
Trusted Zone: hsbccreditcard.com\www
Trusted Zone: keithandschnars.com\www
Trusted Zone: live.com\bl145w.blu145.mail
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
Trusted Zone: msn.com\www
Trusted Zone: netflix.com
Trusted Zone: netflix.com\movies
Trusted Zone: onlinecreditcenter6.com\www
Trusted Zone: prescriptionsolutions.com\www
Trusted Zone: sirius.com\www
Trusted Zone: state.fl.us\fdotnfuse.dot
Trusted Zone: techguy.org\www
Trusted Zone: virusvault.co.uk\www
Trusted Zone: wellsfargo.com\online
Trusted Zone: yahoo.com\att.my
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswax70.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://fdotnfuse.dot.state.fl.us/Citrix/ICAWEB/en/ica32/wficat.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} - hxxps://support.microsoft.com/OAS/ActiveX/odc.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://pbells.broadjump.com/wizlet/iw60/static/controls/WebflowActiveXInstaller_4-0-0.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://dvr.floridanexuspark.com/RemoteWeb.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120083437937
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348267800671
DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://doliver.earthcam.net/viewer/AMC.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www3.ca.com/securityadvisor/virusinfo/webscan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {8D3314D6-5914-46C1-9F3D-9F14B6A305F1} - hxxp://www.mytpi.com/mytpi05/eval/ectuploader.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://hgtv1.view22.com/view22/app/view22rte.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {E7D2588A-7FB5-47DC-8830-832605661009} - hxxps://livewc01.custhelp.com/7550-b415h-quickenmedical/rnl/java/RntX.cab
DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} - hxxp://fdl.msn.com/public/investor/v13/ticker.cab
DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} - hxxp://by107fd.bay107.hotmail.msn.com/activex/HMAtchmt.ocx
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.paslc.org/acgm/f2_acgm.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{23473EEF-A2C0-490E-A49D-93A5EB42419F} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-9-22 974944]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2009-10-28 12184]
R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-7-11 361472]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-9-24 656480]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-7-24 102400]
R3 NmPar;Unusable Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-7-31 80256]
R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2008-7-31 70016]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\sasdifsv.sys --> c:\program files\superantispyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.SYS [?]
S2 !SASCORE;SAS Core Service;"c:\program files\superantispyware\sascore.exe" --> c:\program files\superantispyware\SASCORE.EXE [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2011-11-21 250808]
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [2006-3-16 36960]
S3 gupdate1c9c9186781a4fc;Google Update Service (gupdate1c9c9186781a4fc);c:\program files\google\update\GoogleUpdate.exe [2009-4-29 133104]
S3 icsak;icsak;\??\c:\program files\checkpoint\zaforcefield\ak\icsak.sys --> c:\program files\checkpoint\zaforcefield\ak\icsak.sys [?]
S3 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe --> c:\progra~1\mcafee.com\agent\mctskshd.exe [?]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe --> c:\progra~1\mcafee.com\agent\mcupdmgr.exe [?]
S3 NDMSHLP;Device Monitor Helper Driver;c:\program files\common files\hhd software\device monitor\NDMSHLP.sys [2005-5-24 7632]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-12 14336]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-9-24 1328736]
S3 SerMon;Serial Monitor Filter Driver;c:\program files\hhd software\free serial port monitor\sermon.sys [2005-5-24 18432]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-12 14336]
S4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\mcdetect.exe --> c:\program files\mcafee.com\agent\mcdetect.exe [?]
.
=============== Created Last 30 ================
.
2012-10-09 00:49:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-09 00:49:28 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-08 21:27:47 -------- d-----w- c:\documents and settings\jbandt\local settings\application data\Secunia PSI
2012-10-08 21:27:32 -------- d-----w- c:\program files\Secunia
2012-10-07 02:15:13 -------- d-----w- c:\documents and settings\jbandt\application data\QuickScan
2012-09-20 02:54:31 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
.
==================== Find3M ====================
.
2012-10-09 09:40:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 09:40:05 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 00:48:26 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-09 00:48:25 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 19:12:11.76 ===============

Edited by jbandtbone, 10 October 2012 - 06:12 PM.


#11 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:35 PM

Posted 11 October 2012 - 11:17 AM

Leave alone the quarantine of Emsisoft tool. That is out of the way {eg, is not running}.

Logoff and Restart the system fresh.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

If you have a prior copy of Combofix, delete it now !

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)


Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

Posted Image


Posted Image


* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on Combo-Fix.exe Posted Image accept the EULA & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-------------------------------------------------------

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

Notes:
[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy / Paste the contents of C:\Combofix.txt log and tell me, How is the system now ?

RE-Enable your AntiVirus and AntiSpyware applications.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#12 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 11 October 2012 - 01:16 PM

Progams are opening faster it seems. Here is the Comnbo log

ComboFix 12-10-11.03 - jbandt 10/11/2012 13:39:29.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2563 [GMT -4:00]
Running from: c:\documents and settings\jbandt\Desktop\Combo-Fix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
.
ADS - svchost.exe: deleted 88 bytes in 2 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\jbandt\WINDOWS
c:\program files\INSTALL.LOG
c:\windows\_detmp.2
c:\windows\_detmp.4
c:\windows\Downloaded Program Files\Temp
c:\windows\system32\ClientSyncLoader.htm
c:\windows\system32\ClientSyncLoaderDriver.htm
c:\windows\system32\FE05DA0D.dll
c:\windows\system32\FE05F051.dll
c:\windows\system32\FE05F3D5.dll
c:\windows\system32\ie.ico
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\FUSION.DLL
c:\windows\system32\URTTemp\MSCOREE.DLL
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\MSCORSN.DLL
c:\windows\system32\URTTemp\MSCORWKS.DLL
c:\windows\system32\URTTemp\MSVCR71.DLL
c:\windows\system32\URTTemp\REGTLIB.EXE
.
.
((((((((((((((((((((((((( Files Created from 2012-09-11 to 2012-10-11 )))))))))))))))))))))))))))))))
.
.
2012-10-09 00:49 . 2012-10-09 00:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-09 00:49 . 2012-10-09 00:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-09 00:45 . 2012-10-09 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-10-08 21:27 . 2012-10-08 21:27 -------- d-----w- c:\documents and settings\jbandt\Local Settings\Application Data\Secunia PSI
2012-10-08 21:27 . 2012-10-08 21:27 -------- d-----w- c:\program files\Secunia
2012-10-07 02:15 . 2012-10-07 02:15 -------- d-----w- c:\documents and settings\jbandt\Application Data\QuickScan
2012-10-07 01:58 . 2012-10-07 01:58 -------- d-----w- C:\rsit
2012-10-07 01:52 . 2012-10-07 01:52 -------- d-----w- c:\program files\ERUNT
2012-10-05 20:30 . 2012-10-05 20:30 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-10-05 20:28 . 2012-10-05 20:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-09-20 02:54 . 2012-09-20 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 09:40 . 2011-11-21 15:40 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 09:40 . 2011-07-01 12:53 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 00:48 . 2009-06-24 21:16 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-10-09 00:48 . 2011-02-11 23:01 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2004-08-12 14:09 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-12 13:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-12 13:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-12 13:57 385024 ------w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-12 14:09 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2004-08-12 14:02 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ------w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
backup=c:\windows\pss\Exif Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lexmark X125 Settings Utility.lnk]
backup=c:\windows\pss\Lexmark X125 Settings Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jbandt^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\jbandt\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jbandt^Start Menu^Programs^Startup^Secunia PSI.lnk]
path=c:\documents and settings\jbandt\Start Menu\Programs\Startup\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^jbandt^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\jbandt\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-10 07:57 136472 ------w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-10 08:02 904840 ------w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2006-02-10 00:53 26112 ----a-w- c:\windows\SYSTEM32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2006-02-10 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 05:00 45056 ------w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2004-03-11 01:50 28672 ----a-w- c:\windows\SYSTEM32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 14:43 57344 ------w- c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-11-16 05:05 127035 ------w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLCJCATS]
2005-08-15 17:40 73728 ------w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dlcjtime.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlcjmon.exe]
2005-08-12 20:47 430080 ------w- c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2004-09-15 07:01 86016 ------w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2011-10-07 09:40 1387288 ------w- c:\program files\Logitech\SetPointP\SetPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2004-06-29 15:23 135168 ------w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 11:00 44032 ----a-w- c:\windows\IME\IMKR6_1\imekrmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 11:00 208952 ----a-w- c:\windows\IME\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 02:12 221184 ------w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2005-08-10 14:12 286720 ------w- c:\program files\Dell Photo AIO Printer 964\memcard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRC]
2009-10-06 17:09 2960704 ------w- c:\program files\PC Tune-Up\PCTuneUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-05-29 21:58 479232 ------w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-05 02:32 53248 ------w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-07-15 16:36 319488 ------w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-07-18 21:23 868352 ------w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-01 22:44 65536 ------w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
2002-07-31 18:38 4341760 ------w- c:\program files\Alcatel\SpeedTouch USB\dragdiag.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-10 07:55 1326080 ------w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01 110592 ------w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Drive Manager]
2008-07-24 20:22 450560 ------w- c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Microsoft Games\\Links 2003\\LinksMMIII.exe"=
"c:\\Program Files\\MSN Gaming Zone\\zclient.exe"=
"c:\\Program Files\\Support.com\\bin\\tgcmd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\HeavyWeather\\heavy weather.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1:TCP"= 1:TCP:c:\\HeavyWeather\\heavy weather.exe
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 ehdrv;ehdrv;c:\windows\SYSTEM32\DRIVERS\ehdrv.sys [8/4/2011 10:20 AM 118104]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/22/2011 1:03 PM 974944]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\SYSTEM32\DRIVERS\LBeepKE.sys [10/28/2009 7:59 PM 12184]
R2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [7/11/2012 12:50 PM 361472]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [9/24/2012 8:46 AM 656480]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [7/24/2008 4:22 PM 102400]
R3 NmPar;Unusable Parallel Port;c:\windows\SYSTEM32\DRIVERS\NmPar.sys [7/31/2008 2:34 PM 80256]
R3 nmserial;PCI Serial Port;c:\windows\SYSTEM32\DRIVERS\NmSerial.sys [7/31/2008 2:34 PM 70016]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.SYS --> c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [?]
S2 !SASCORE;SAS Core Service;"c:\program files\SUPERAntiSpyware\SASCORE.EXE" --> c:\program files\SUPERAntiSpyware\SASCORE.EXE [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [11/21/2011 11:40 AM 250808]
S3 alcan5ln;Alcatel SpeedTouch™ USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\SYSTEM32\DRIVERS\alcan5ln.sys [3/16/2006 7:00 PM 36960]
S3 gupdate1c9c9186781a4fc;Google Update Service (gupdate1c9c9186781a4fc);c:\program files\Google\Update\GoogleUpdate.exe [4/29/2009 6:18 PM 133104]
S3 icsak;icsak;\??\c:\program files\CheckPoint\ZAForceField\AK\icsak.sys --> c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [?]
S3 NDMSHLP;Device Monitor Helper Driver;c:\program files\Common Files\HHD Software\Device Monitor\NDMSHLP.sys [5/24/2005 11:23 PM 7632]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/12/2004 10:06 AM 14336]
S3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [12/16/2011 10:19 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [9/24/2012 8:46 AM 1328736]
S3 SerMon;Serial Monitor Filter Driver;c:\program files\HHD Software\Free Serial Port Monitor\sermon.sys [5/24/2005 11:26 PM 18432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-21 09:40]
.
2012-04-15 c:\windows\Tasks\User_Feed_Synchronization-{3F45EB98-1067-44F6-BEF8-FB04E0C7096F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost
Trusted Zone: $talisma_url$
Trusted Zone: 1stpeoplesbank.com\www
Trusted Zone: 1stpeoplesbankhb.com\www
Trusted Zone: bankofamerica.com\www
Trusted Zone: bleepingcomputer.com\www
Trusted Zone: excite.com
Trusted Zone: excite.com\registration
Trusted Zone: excite.com\www
Trusted Zone: grc.com\www
Trusted Zone: hsbccreditcard.com\www
Trusted Zone: keithandschnars.com\www
Trusted Zone: live.com\bl145w.blu145.mail
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
Trusted Zone: msn.com\www
Trusted Zone: netflix.com
Trusted Zone: netflix.com\movies
Trusted Zone: onlinecreditcenter6.com\www
Trusted Zone: prescriptionsolutions.com\www
Trusted Zone: sirius.com\www
Trusted Zone: state.fl.us\fdotnfuse.dot
Trusted Zone: techguy.org\www
Trusted Zone: virusvault.co.uk\www
Trusted Zone: wellsfargo.com\online
Trusted Zone: yahoo.com\att.my
TCP: DhcpNameServer = 192.168.1.254
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://dvr.floridanexuspark.com/RemoteWeb.cab
DPF: {8D3314D6-5914-46C1-9F3D-9F14B6A305F1} - hxxp://www.mytpi.com/mytpi05/eval/ectuploader.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\cli.exe
MSConfigStartUp-DVDLauncher - c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
MSConfigStartUp-Kernel and Hardware Abstraction Layer - KHALMNPR.EXE
MSConfigStartUp-Logitech Utility - Logi_MwX.Exe
MSConfigStartUp-mmtask - c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe
MSConfigStartUp-MMTray - c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
MSConfigStartUp-Performance Center - c:\program files\Ascentive\Performance Center\ApcMain.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-sysldtray - c:\windows\ld08.exe
MSConfigStartUp-system tool - c:\windows\sysguard.exe
MSConfigStartUp-Zone Labs Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
MSConfigStartUp-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-UnityWebPlayer - c:\documents and settings\jbandt\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3930405495-149949848-2829475311-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1156)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'lsass.exe'(1212)
c:\windows\system32\relog_ap.dll
.
Completion time: 2012-10-11 13:56:06
ComboFix-quarantined-files.txt 2012-10-11 17:56
.
Pre-Run: 384,077,189,120 bytes free
Post-Run: 384,094,789,632 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin
.
- - End Of File - - BF11BC4B3C2BA712F77AD539E7112864

#13 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:35 PM

Posted 11 October 2012 - 01:59 PM

We are not yet finished hunting for malwares, so do not go wild on running programs.

Let's see if you can remove any remains of Zone Alarm.

Please download and install Revo Uninstaller Free
Double click Revo Uninstaller to run it.
From the list of programs double click on Zone Labs - Zone Alarm ....if shown. {IF not shown, exit out.}
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#14 jbandtbone

jbandtbone
  • Topic Starter

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 PM

Posted 11 October 2012 - 02:14 PM

Zone alarm Not shown in revo.

#15 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:35 PM

Posted 11 October 2012 - 02:50 PM

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan
Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx
Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

Print out this section or even save it to your pc, for easy offline reference !
This next section is intended to remove the remains of Zone Alarm off your system; which will lessen conflicts with your security suite.

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines:
DDS::
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - ZoneAlarm Security Engine Registrar
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - 

Folder::
c:\program files\checkpoint 
Driver::
IswSvc



Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown:
Posted Image

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Please wait for ComboFix to finish running

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash.
After you have completed the above, please Copy & Paste the contents of the ComboFix.txt report.

Edited by Maurice Naggar, 11 October 2012 - 02:52 PM.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users