Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spooldr.sys?


  • This topic is locked This topic is locked
29 replies to this topic

#16 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 17 January 2013 - 03:06 PM

Nasdaq,

Here is the second of two scans.

OTL Extras logfile created on: 1/17/2013 2:35:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Bruce Moen\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 78.78% Memory free
7.17 Gb Paging File | 6.80 Gb Available in Paging File | 94.79% Paging File free
Paging file location(s): C:\pagefile.sys 4500 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 499.99 Gb Total Space | 358.36 Gb Free Space | 71.67% Space Free | Partition Type: NTFS
Drive E: | 897.26 Gb Total Space | 890.37 Gb Free Space | 99.23% Space Free | Partition Type: NTFS
Drive F: | 152.66 Gb Total Space | 23.34 Gb Free Space | 15.29% Space Free | Partition Type: NTFS

Computer Name: BIOSTAR5 | User Name: Bruce Moen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel PaintShop Pro X4] -- "c:\Program Files\Corel\Corel PaintShop Pro X4\Corel PaintShop Pro.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [UnzipThemAll] -- "C:\Program Files\UnzipThemAll\UnzipThemAll.exe" "%1" (Hervé Thouzard)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"51001:TCP" = 51001:TCP:*:Enabled:Dragon Smart Phone Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
"C:\WINDOWS\system32\nisvcloc.exe" = C:\WINDOWS\system32\nisvcloc.exe:*:Enabled:nisvcloc -- (National Instruments Corp.)
"C:\WINDOWS\system32\lktsrv.exe" = C:\WINDOWS\system32\lktsrv.exe:*:Enabled:lktsrv -- (National Instruments Corporation)
"C:\WINDOWS\system32\CTSVCCDA.EXE" = C:\WINDOWS\system32\CTSVCCDA.EXE:*:Enabled:CTsvcCDA -- (Creative Technology Ltd)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost
"C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\ImageJ\jre\bin\javaw.exe" = C:\Program Files\ImageJ\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\SUPDSvc.exe" = C:\WINDOWS\system32\SUPDSvc.exe:*:Enabled:Samsung UPD Service -- (Samsung Electronics CO., LTD.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator (HP Officejet Pro 8600) -- (Hewlett-Packard Co.)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{00580795-581C-4587-B9F2-37320D7AB37F}" = Corel PaintShop Pro X4
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00580795-581C-4587-B9F2-37320D7AB37F}" = ICA
"{006CAAEF-CA96-4181-AC22-FE56D61432E4}" = PSPPContent
"{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}" = Corel PaintShop Pro X4
"{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}" = IPM_PSP_COM
"{00D13418-7DDF-4D3D-A237-E297B103BB6B}" = Setup
"{00D74A7A-F7AD-4D00-ABD2-0973836292C7}" = PSPPHelp
"{061AE98B-178A-4143-A52A-68ED9279644D}" = NI Legacy DAQmxRF
"{0699C67B-F5B5-4CA3-A3A9-B976406FA4DA}" = NI Service Locator
"{07EC2A8F-AF18-4908-942A-3CD62E9FB4B7}" = NI License Manager
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{087A9C62-E00E-47F7-8D77-4BB9A0774686}" = NI LabVIEW SignalExpress 2.5.1 Datatypes
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BEB28E4-E5EA-40DE-8982-1F13005DC08B}" = SlimDrivers
"{0CD07E20-51B9-4A36-8852-79FD6FC3749A}" = NI SCXI 1.9.0
"{0D433BBC-FCE3-4D6C-94A7-63CECAE787E7}" = NI-DIM 1.8.0f0
"{0FB31DF8-38DF-4C9D-B313-AFAFC3FBA02B}" = NI LVBrokerAux 8.2.1
"{0FF31FDE-3D68-4A76-B9C8-1413F6066F09}" = NI Remote Provider for MAX
"{10229AF5-E440-4879-B543-34381338B692}" = NI-DAQ C and VB6 API
"{11187E08-B111-4711-BE28-7A4D16A5744E}" = NI Calibration Provider for MAX
"{121634B0-2F4A-11D3-ADA3-00C04F52DD53}" = Windows Installer Clean Up
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1538B06D-3F62-4622-B9D2-27B894C3496C}" = NI LVBrokerAux 8.5.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17F4ADCB-387E-43A5-8292-A4A37704D670}" = NI MDF Support
"{180F339F-9B34-411C-BCDC-2442C7459067}" = NI Remote PXI Provider for MAX
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{19CAAE99-2574-47DD-9467-DC54276728FC}" = StampPlot Version 3.75
"{1A444CF1-31CD-42E6-B4B8-0059BB357D79}" = NI PXI Platform Services for Windows 2.3.2
"{1A710265-096B-46CB-8849-53A209D9A8CF}" = NI Certificates Deployment Support
"{1E88F516-C8AA-4D17-9A54-8AB0768F34C1}" = Retrospect Express HD 1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{221861B8-D133-4377-803D-F005EB2B733C}" = NI LVBrokerAux1071
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23AD75E7-B51E-4D3B-8928-229A5BCFE330}" = NI Measurements eXtensions for PAL 1.8.0
"{24C4403D-314E-41F1-A0D7-821657F47770}" = Voxenable
"{26261740-CFA6-4962-BAD2-1A1F9F75B272}" = NI-DAQmx 8.7
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{297FA251-FF30-4F16-978C-4A65EA804EFF}" = NI LabVIEW Real-Time Error Dialog
"{299B4500-C41F-4BA3-AB4A-CC9412E16D67}" = NI LabVIEW Run-Time Engine 8.5
"{2A8235ED-385B-4074-9B82-FABC0A4DE1CD}" = NI-653x Installer 1.8.0
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{2BA09774-34F7-4A06-8C7E-B69E44CB9EB0}" = DriverBoost
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E1DE390-879C-4291-9B68-DA032D2CC98E}" = AudioEdit Deluxe
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3013258E-C03E-4B5C-A251-04BF3E6E52B9}" = NI-MDBG 1.8.0f0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36AA699C-D6B8-44FB-B1A7-F06D5DD2B08A}" = NI STC 1.2.0
"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71
"{37DABC6A-3662-4A68-A1D8-A6E4958F64B6}" = NI Measurement Studio 8.1 Enterprise RunTime for VS2005
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F99A228-0BBD-40B6-8AEB-A6F689688969}" = NI LabWindows/CVI Code Generator
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4175EFAF-1789-4C85-908D-81C620439CE0}" = NI LabVIEW SignalExpress 2.5 Steps
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43D16DA8-BF42-3C62-89D3-3AD47829DC2E}" = Google Talk Plugin
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{48D9B619-826B-428E-97E6-041B46528DBE}" = NI LabVIEW SignalExpress 2.5.1 Licenses
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4DD8D80C-6AC9-4E19-B3CE-E2CEB656AF2A}" = NI IVI Engine
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{4E10E7FC-36CD-4C22-AC20-9E15692E8C2F}" = Virtual Sound Canvas DXi
"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53736430-DBEC-4582-B072-2F1F0A2C4EA6}" = NI LabVIEW Run-Time Engine 7.1.1
"{54266945-8A11-424D-B20F-4F747A714FBA}" = DV TS
"{54CD1DE1-2579-4DA9-8B02-8A242BFA8CCD}" = NI-MXLC 1.1.0f0
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C2AD01A-C3FC-4F0E-899A-30D9B86D9941}" = NI-IVI Provider for MAX
"{5D25ADFC-D6E8-4ECB-977C-3D8B5712793B}" = NI MIO Device Drivers 1.14.1
"{5DBDA3D6-7D16-419C-8434-219011CF652B}" = NI-VISA Runtime 4.2
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{615072D0-30E5-4907-AB08-A9067AD2BB69}" = NI-RPC 3.4.1f0 for Phar Lap ETS
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{65F1EE0F-F9D2-45E1-8E14-2EBFF34E90A0}" = NI LVBrokerAux8.0
"{669B49D6-BCA8-4F7C-9248-CE5677750285}" = HP Officejet Pro 8600 Product Improvement Study
"{671A5B67-1A00-424A-A902-49BC020FB3D1}" = NI VC2005MSMs x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681DD3FE-F5D0-4781-B159-E2422524BF98}" = NI IVI Class Simulation Drivers
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D0AA4DB-5D13-4578-A7E2-A4E1A4846928}" = NI-MRU 2.9.0f0
"{6E605604-E2CE-4331-AA19-5FEF273F3CFD}" = NI LabVIEW Real-Time FIFO for Runtime
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{6FADAF5C-C9AC-49E5-8B14-7021F91EF0B5}" = NI LabVIEW Run-Time Engine 8.0.1
"{70A3C0E1-1953-4A95-9C66-99FDCDD5E357}" = MediaFACE 5.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734BB64A-5A3D-4624-867D-6358B7068496}" = Sound Blaster Live! 24-bit
"{74CB3747-1685-46C1-8F02-FCDA36ADDBA9}" = NI TDMS
"{755ED4DC-D519-4918-8C9E-BAC9765B9696}" = NI LabVIEW SignalExpress 2.5 Core
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789D6E58-8E97-437B-8910-6A309ADAFB4C}" = Diagnostic System for Sound Fields Version 5E
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7C0B9FD1-5181-4446-AD62-299873B5508B}" = NI Uninstaller
"{7D55518D-A30E-46A7-A95C-BB2D7182907B}" = NI-PAL 2.2.0f0
"{7DE3B2CC-B0EA-4607-B407-7E5E7C8BEAB0}" = NI LabVIEW Broker
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{7E92B204-B610-423E-A0EF-21309C5942E0}" = NI Dynamic Signal Acquisition Installer 1.11.1
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A09778-57D9-4DC2-969B-D1C1A6F5CAD2}" = NI Software Provider for MAX
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86543B78-DD7B-4E4B-8268-7BCCC1AA2270}" = NI DAQ Assistant 1.8.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F908CA-B1B4-476B-B8EB-7FC1D32C7A05}" = NI OPC Support
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8E25212F-D6E5-4504-BE07-0F03A603B5E5}" = NI-APAL Error Files 1.2.0f0
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EC977BB-D5CC-4B3F-A9C6-4D3835B65939}" = NI-DAQ Document Set
"{8F92619B-C54D-4EF3-930F-4FD0D9978BF1}" = NI-DAQmx MAX Support 1.10.1
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903292CF-326E-4040-8D0E-3B9E0692837C}" = NI-DAQ INF Files
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{911F2BEE-4919-4BA3-A097-B014070FD738}" = NI Assistant Framework LabVIEW Code Generator 8.0
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92228315-BA53-4061-A404-0F05A72E946B}" = NI Logos XT Support
"{9349F4F2-9559-4B86-830E-2DA899F4230E}" = HearSource Fitting
"{93971826-093B-43E7-BA90-7A507D5E2339}" = NI LabVIEW SignalExpress 2.5
"{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98618CFE-CACD-48C4-85EA-F9197FFEDD0C}" = NI Assistant Framework LabVIEW Code Generator 6.1
"{989FEA7C-966B-4A52-AE2D-41759E8CE598}" = NI LabVIEW SignalExpress 2.5.1 Tools
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{99A125D2-366A-49BE-A144-B6CFB9668A90}" = IVI Shared Component
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C55C629-6C4F-48A9-8840-C897DF6187ED}" = HP Officejet Pro 8600 Basic Device Software
"{9DADF2A0-D9F8-47B0-B56A-DD71405EB7AF}" = NI Fusion Standard Library Installer 1.6.0
"{9E712C7B-9E32-48B9-95BC-26FB11D1708C}" = NI Measurement Studio Common .NET Language Assemblies for the .NET Framework 2.0
"{9EBC9FC7-44EA-47F7-999A-5304C97E9E50}" = Electronome
"{9FBEC876-60EB-4BAC-BF51-E7EF29C1D71A}" = NI Assistant Framework LabVIEW Code Generator 8.2
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{a0bcf90f-b4e4-435c-a48d-8faae10554f9}" = Pixia
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2F6FFFD-7D43-4D41-B9B7-FF5166B6B55C}" = Alcyone Ephemeris 2.4
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA16E04C-C2F5-44DE-B97B-4942FC5C44B4}" = NI-ORB 1.8.0f0
"{AB562530-921D-11DE-A208-005056C00008}" = Paragon Backup & Recovery™ 10.2 Free Edition
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF3C56EF-C317-4496-86D3-A03642A9918A}" = SynthEdit
"{B05599F2-55E3-47D2-9047-AE171F35A90B}" = NI Logos 4.9
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}" = HP Officejet Pro 8600 Help
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer Express
"{BABBF702-F982-4C43-AD3C-F00CB843CE9C}" = NI Portable Configuration
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{BEDACE6E-642A-4C2B-BA4F-F4DC5788D5F8}" = NI-MXDF 1.9.0f0
"{C03A2D71-DB89-4AB4-876C-FB2DAA57BB07}" = NI AFW Channel Configuration Tool
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
"{C532C3FA-4241-4521-9FAC-1FA20BAE36B6}" = NI Variable Engine
"{C5C70081-39C0-4EBF-BC13-EFF5DC231945}" = NI Measurement & Automation Explorer 4.4.1
"{C66C2D4A-DA83-41E4-8263-CC6DBB00AB79}" = NI-DAQmx - LabVIEW shared documentation
"{C70C9D30-6DB4-445F-AAAB-E21FB8783569}" = NI IVI Class Drivers
"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt
"{C9539D9D-1450-46ED-A6A2-ABD6AB862BCE}" = EminiTec
"{CA3B6B06-5FA5-4C1B-87FC-44C050E1B563}" = NI IVI Compliance Package 3.1
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6B88A7-1CDA-11D8-88F7-000B6A046C70}" = Planet's Orbits v1.7
"{CB960533-3F69-4223-9047-96C741E7D868}" = NI Common Digital 1.7.2
"{CD7FE5D3-4678-4C79-B9EA-32D14E9BE583}" = NI IVI Online Help
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF336E59-00D4-4FBB-B83D-464DBBC38657}" = NI-DAQmx Documentation
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D449F4D5-0D2B-497F-9BA9-7E430C100389}" = NI Timing Installer 1.11.1
"{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12
"{D65F0073-A820-4085-B997-A061171595A7}" = oggcodecs
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D88B4D82-11CD-4E56-872F-6E34A643D2DE}" = NI MXS
"{D9529709-28B0-4DA1-8749-8924C11AAFF2}" = NI Registration Wizard
"{D97A3D76-14C0-44EC-9ACC-4DCB8527D98C}" = NI-RPC 3.4.1f0
"{DAADB3BC-F520-4FC6-BB63-2BCB8AE2CF53}" = NI Assistant Framework
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DCC02AC1-1A01-4A72-9B16-0E328803CD91}" = NI MXS 4.4.0f0 for LabVIEW Real-Time
"{DEC25D81-2317-47F6-8B26-D54A939DA1EE}" = NI LabVIEW C Interface
"{E08A64DC-D62E-4F25-8928-4F422D59F64D}" = CircuitMaker 2000 (Standard Edition)
"{E1208658-C2EE-4A34-9FB1-040943DA3084}" = VideoAdvantage USB
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5B1DA8B-D2C2-4E4F-82CF-28C169FD4598}" = NI Assistant Framework LabVIEW Code Generator 7.1
"{E662A98E-8A02-4158-9047-4EBFA4F9F2ED}" = VideoAdvantage USB Driver
"{E6BBBB50-76E9-4F2F-AA8C-3FDDEB978A87}" = NI Assistant Framework LabVIEW Code Generator 8.5
"{E80BEC94-A496-4CE6-89B5-08922D1CCD84}" = BASIC Stamp Editor v2.3.9
"{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}" = Presto! PageManager 7.15.11
"{EB9E7F70-8F2E-412A-A182-FAC85345FDCC}" = NI Assistant Framework LabVIEW Code Generator 7.0
"{EC3D1E9D-5D3B-4800-BC2B-FB40FE7F2435}" = NI-DAQmx support for LabVIEW
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E631BD-3046-43A2-8FE3-8322EB572825}" = NI PXI Platform Services Provider for MAX 2.3.2
"{F28D6E4E-EA52-49F5-B5E8-EDA4F380F83A}" = NI DN 2.0 installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6FB9471-6F9C-49EE-B48F-E61354DC0F9A}" = NI-DAQmx Switch Core 1.14.0
"{F7D0E9F5-6025-49FA-B13C-CFA27E062062}" = NI EULA Depot
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"00BD1CD47675C125126C80095FCC12CFA4D311DB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
"3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"88EB56038379B8B7DCFB4D2448A60F52E064B265" = Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
"A622B79B943ECA1F0AECF1FF5BE13D458F345EBB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
"Ace Utilities_is1" = Ace Utilities
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0.1
"Adobe SVG Viewer" = Adobe SVG Viewer 6.0
"AdsynDX" = AdsynDX
"AdsynDX_is1" = AdsynDX version 1.01
"Alchemy and Bejeweled Pack" = Alchemy and Bejeweled Pack
"AnyDVD" = AnyDVD
"Applian Director2.1" = Applian Director
"Arena 3.0_is1" = Arena 3.0
"Astra Image_is1" = Astra Image 2.5MAX
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"BoardMod_is1" = BoardMod 2.5.5
"Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1
"Canon Utilities RAW Image Converter2" = Canon Utilities RAW Image Converter2
"Cartoonist_is1" = Cartoonist 1.3
"CircuitMaker 2000 Service Pack 1" = CircuitMaker 2000 Service Pack 1
"Cisco Connect" = Cisco Connect
"ClassicFTP" = Classic FTP
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"C-Media Audio Driver" = C-Media WDM Audio Driver
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Defraggler" = Defraggler
"Dream Station" = Dream Station
"Drop" = Drop
"Drop!" = Drop!
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Easy-WebPrint" = Easy-WebPrint
"File Writer output plugin" = File Writer output plugin for WinAMP 2 v1.21b (remove only)
"FilterMeister_is1" = FilterMeister 1.0 Beta 8.7
"Franklin Planner" = Franklin Covey Co. Franklin Planner
"GoldWave v5.67" = GoldWave v5.67
"Harry's Filters 3" = Harry's Filters 3
"HijackThis" = HijackThis 2.0.2
"Hoyle Demo" = Hoyle Demo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ImageJ_is1" = ImageJ 1.45s
"Indeo® Software" = Indeo® Software
"Inkscape" = Inkscape 0.46
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"IrfanView" = IrfanView (remove only)
"IviSharedComponent" = IVI Shared Components
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Windows XP Inside Out eBook" = Microsoft Windows XP Inside Out eBook
"Midicode Synthesizer" = Midicode Synthesizer
"Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 CD Writer_is1" = MP3 CD Writer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Multiquence v2.53" = Multiquence v2.53
"Multiquence v2.55" = Multiquence v2.55
"Music Creator 2" = Music Creator 2
"MWSnap 3" = MWSnap 3
"MXOFX" = USB Storage Adapter FX (MXO)
"NI Uninstaller" = National Instruments Software
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Pandora's Box 1.0" = Microsoft Pandora's Box
"Partition Assistant Home Edition_is1" = Partition Assistant 2.6 Home Edition
"pce" = Perl Code Editor
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"PhotoFreebies 2.02 (Plugin)_is1" = PhotoFreebies 2.02 (Plugin)
"ProcessScanner_is1" = Uniblue ProcessScanner
"QcDrv" = Logitech® Camera Driver
"RealPlayer 12.0" = RealPlayer
"RemoteCapture" = Canon Utilities RemoteCapture 2.2
"Replay Video Capture6.0.6" = Replay Video Capture 6
"Revo Uninstaller" = Revo Uninstaller 1.94
"RGBLab 2005_is1" = RGBLab 2005
"RTEQ_is1" = RTEQ v4.10
"S3" = KM400/KN400 Display Driver and Utilities
"Samsung ML-2510 Series" = Samsung ML-2510 Series
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Sigview_is1" = Sigview v1.9.8.7
"sp6" = Logitech SetPoint 6.32
"SpectraLAB" = SpectraLAB FFT Spectral Analysis System
"Spectrum Lab_is1" = Spectrum Lab V2.78
"Spectrum Laboratory" = Spectrum Laboratory
"SpeedFan" = SpeedFan (remove only)
"ST6UNST #1" = SereneSound
"ST6UNST #2" = CMC2006
"ST6UNST #3" = Web Services Accelerator V2.01
"ST6UNST #4" = Sidereal Clock
"Stamps.com Internet Postage" = Stamps.com Internet Postage
"The Sudoku Challenge-retail" = The Sudoku Challenge
"ToneGen" = NCH Tone Generator Uninstall
"Toonworks Deluxe 1.0" = Toonworks Deluxe 1.0
"Ultimate Mahjongg 5" = Ultimate Mahjongg 5
"UltraMenu" = UltraMenu
"UnzipThemAll_is1" = UnzipThemAll 1.3
"URLSnooper 2_is1" = URL Snooper v2.22.01
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"Voxengo Redunoise VST" = Voxengo Redunoise VST 1.5
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WhoCrashed_is1" = WhoCrashed 4.01
"Winamp" = Winamp
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1 beta4
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CoffeeCup HTML Editor" = CoffeeCup HTML Editor
"InstallShield_{70A3C0E1-1953-4A95-9C66-99FDCDD5E357}" = MediaFACE 5.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/17/2013 3:54:37 PM | Computer Name = BIOSTAR5 | Source = MsiInstaller | ID = 11706
Description = Product: HearSource Fitting

Error - 1/17/2013 3:54:42 PM | Computer Name = BIOSTAR5 | Source = MsiInstaller | ID = 11706
Description = Product: HearSource Fitting

Error - 1/17/2013 3:55:50 PM | Computer Name = BIOSTAR5 | Source = MsiInstaller | ID = 11706
Description = Product: HearSource Fitting

Error - 1/17/2013 3:55:55 PM | Computer Name = BIOSTAR5 | Source = MsiInstaller | ID = 11706
Description = Product: HearSource Fitting

Error - 1/17/2013 3:57:03 PM | Computer Name = BIOSTAR5 | Source = MsiInstaller | ID = 11706
Description = Product: HearSource Fitting

Error - 1/17/2013 3:57:07 PM | Computer Name = BIOSTAR5 | Source = MsiInstaller | ID = 11706
Description = Product: HearSource Fitting

Error - 1/17/2013 3:58:15 PM | Computer Name = BIOSTAR5 | Source = MsiInstaller | ID = 11706
Description = Product: HearSource Fitting

Error - 1/17/2013 3:58:20 PM | Computer Name = BIOSTAR5 | Source = MsiInstaller | ID = 11706
Description = Product: HearSource Fitting

Error - 1/17/2013 3:59:28 PM | Computer Name = BIOSTAR5 | Source = MsiInstaller | ID = 11706
Description = Product: HearSource Fitting

Error - 1/17/2013 3:59:33 PM | Computer Name = BIOSTAR5 | Source = MsiInstaller | ID = 11706
Description = Product: HearSource Fitting

[ System Events ]
Error - 1/17/2013 1:08:11 PM | Computer Name = BIOSTAR5 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 1/17/2013 1:08:11 PM | Computer Name = BIOSTAR5 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 1/17/2013 1:08:20 PM | Computer Name = BIOSTAR5 | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
encountered error '0x80040155'. Verify that the UPnPHost service is running and
that the UPnPHost component of Windows is installed properly.

Error - 1/17/2013 1:08:20 PM | Computer Name = BIOSTAR5 | Source = Service Control Manager | ID = 7023
Description = The Windows Media Player Network Sharing Service service terminated
with the following error: %%1008

Error - 1/17/2013 3:01:23 PM | Computer Name = BIOSTAR5 | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
encountered error '0x80040155'. Verify that the UPnPHost service is running and
that the UPnPHost component of Windows is installed properly.

Error - 1/17/2013 3:01:27 PM | Computer Name = BIOSTAR5 | Source = Service Control Manager | ID = 7022
Description = The Wireless Zero Configuration service hung on starting.

Error - 1/17/2013 3:01:27 PM | Computer Name = BIOSTAR5 | Source = Service Control Manager | ID = 7023
Description = The Windows Media Player Network Sharing Service service terminated
with the following error: %%1008

Error - 1/17/2013 3:01:31 PM | Computer Name = BIOSTAR5 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
uagp35 ViaIde viasraid

Error - 1/17/2013 3:02:42 PM | Computer Name = BIOSTAR5 | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
encountered error '0x80040155'. Verify that the UPnPHost service is running and
that the UPnPHost component of Windows is installed properly.

Error - 1/17/2013 3:02:42 PM | Computer Name = BIOSTAR5 | Source = Service Control Manager | ID = 7023
Description = The Windows Media Player Network Sharing Service service terminated
with the following error: %%1008


< End of report >

BC AdBot (Login to Remove)

 


#17 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 18 January 2013 - 11:23 AM

removed.
nasdaq

Edited by nasdaq, 18 January 2013 - 11:23 AM.


#18 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 18 January 2013 - 11:46 AM

Uninstall ComboFix

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Execute this after.

Download ComboFix from any of the links below but rename it to Daddy.exe before saving it to your desktop. <- Important.

Link 1
Link 2
==================================

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Double click on the renamed ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall
====

#19 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 18 January 2013 - 12:14 PM

nasdaq,

Everything went along without any problems.

Daddymoen


ComboFix 13-01-17.04 - Bruce Moen 01/18/2013 11:58:04.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2357 [GMT -5:00]
Running from: c:\documents and settings\Bruce Moen\Desktop\Daddy.exe.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-12-18 to 2013-01-18 )))))))))))))))))))))))))))))))
.
.
2067-02-24 21:21 . 2003-02-05 10:02 79947 ----a-w- c:\windows\fw20.vxd
2013-01-18 16:33 . 2013-01-18 16:33 -------- d-----w- c:\windows\LastGood
2013-01-16 19:22 . 2009-04-29 04:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-01-16 19:22 . 2009-04-29 04:55 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
2013-01-16 18:08 . 2013-01-16 18:15 -------- d-----w- c:\documents and settings\Bruce Moen\Application Data\SkypeTalking
2013-01-16 11:41 . 2013-01-16 11:41 -------- d-----w- c:\program files\SlimDrivers
2013-01-16 11:04 . 2013-01-16 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2013-01-16 11:04 . 2013-01-16 11:04 -------- d-----w- c:\documents and settings\Bruce Moen\Local Settings\Application Data\PC_Drivers_Headquarters
2013-01-15 20:29 . 2013-01-16 14:50 -------- d-----w- c:\program files\VS Revo Group
2013-01-15 18:40 . 2013-01-16 18:32 -------- d-----w- c:\program files\WhoCrashed
2013-01-15 15:32 . 2013-01-15 15:31 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-15 15:32 . 2013-01-15 15:31 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-15 14:51 . 2013-01-15 14:51 53248 ----a-r- c:\documents and settings\Bruce Moen\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-01-11 16:57 . 2013-01-11 16:57 -------- d-----w- c:\program files\NirSoft
2013-01-09 22:36 . 2013-01-09 22:36 -------- d-----w- c:\documents and settings\Bruce Moen\Local Settings\Application Data\PCHealth
2013-01-09 01:05 . 2001-08-17 18:28 701386 -c--a-w- c:\windows\system32\dllcache\wdhaalba.sys
2013-01-09 01:04 . 2001-08-18 03:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2013-01-09 01:03 . 2001-08-17 17:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2013-01-09 01:02 . 2004-08-04 06:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2013-01-09 01:01 . 2008-04-13 19:44 28032 -c--a-w- c:\windows\system32\dllcache\perm3.sys
2013-01-09 01:00 . 2001-08-18 03:36 59104 -c--a-w- c:\windows\system32\dllcache\n9i128v2.dll
2013-01-09 00:59 . 2001-08-17 18:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2013-01-09 00:58 . 2001-08-18 03:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2013-01-09 00:57 . 2001-08-18 03:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2013-01-09 00:56 . 2001-08-17 17:12 19594 -c--a-w- c:\windows\system32\dllcache\e100isa4.sys
2013-01-09 00:55 . 2001-08-18 03:36 44032 -c--a-w- c:\windows\system32\dllcache\cnusd.dll
2013-01-09 00:54 . 2001-08-17 18:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2013-01-09 00:53 . 2001-08-17 18:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2013-01-09 00:53 . 2002-08-29 03:59 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2013-01-09 00:53 . 2001-08-17 18:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2013-01-09 00:53 . 2001-08-17 17:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2013-01-09 00:53 . 2001-08-17 18:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2013-01-09 00:53 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2013-01-09 00:53 . 2001-08-17 17:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2013-01-09 00:53 . 2001-08-17 19:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2013-01-09 00:53 . 2001-08-17 19:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2013-01-09 00:53 . 2001-08-17 18:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2013-01-08 17:35 . 2013-01-08 17:35 -------- d-----w- c:\documents and settings\Bruce Moen\Application Data\ColorCop
2012-12-31 20:32 . 2012-12-31 20:35 -------- d-----w- c:\program files\MeeSoft
2012-12-19 18:25 . 2012-12-19 18:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-12-19 17:57 . 2012-12-19 18:25 -------- d-----w- C:\Fiji
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-16 12:11 . 2012-10-04 16:03 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-01-15 15:35 . 2012-05-11 19:33 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-15 15:35 . 2011-06-23 19:26 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-15 15:31 . 2010-06-28 07:47 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-15 14:50 . 2010-09-21 20:01 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-12-16 12:23 . 2003-03-31 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2010-03-10 19:46 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:25 . 2003-03-31 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-05-30 14:35 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2002-12-12 06:14 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-10-31 16:45 . 2008-01-04 13:37 40960 ----a-r- c:\documents and settings\Bruce Moen\Application Data\Microsoft\Installer\{19CAAE99-2574-47DD-9467-DC54276728FC}\NewShortcut41_880A24336AA24650A896CF1ADDA98C89.exe
2012-10-31 16:45 . 2008-01-04 13:37 40960 ----a-r- c:\documents and settings\Bruce Moen\Application Data\Microsoft\Installer\{19CAAE99-2574-47DD-9467-DC54276728FC}\NewShortcut3_880A24336AA24650A896CF1ADDA98C89.exe
2012-10-31 16:45 . 2008-01-04 13:37 40960 ----a-r- c:\documents and settings\Bruce Moen\Application Data\Microsoft\Installer\{19CAAE99-2574-47DD-9467-DC54276728FC}\NewShortcut4_880A24336AA24650A896CF1ADDA98C89.exe
2012-10-30 23:51 . 2012-01-26 16:56 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 23:51 . 2012-01-26 16:56 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51 . 2012-01-26 16:56 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 23:51 . 2012-01-26 16:56 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 23:51 . 2012-01-26 16:56 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-10-30 23:51 . 2012-01-26 16:56 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-10-30 23:51 . 2012-01-26 16:56 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 23:51 . 2012-01-26 16:56 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-10-30 23:51 . 2012-01-26 16:56 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 23:50 . 2012-01-26 16:56 227648 ----a-w- c:\windows\system32\aswBoot.exe
2004-12-21 16:33 . 2004-12-21 16:33 446464 ----a-w- c:\program files\Voicer.exe
2004-03-15 21:51 . 2004-03-15 21:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 14:32 . 2006-01-23 14:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 23:03 . 2007-07-24 23:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2013-01-11 16:28 . 2013-01-11 16:28 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-03 19573352]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" [2010-10-27 328992]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-08-29 44032]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 59392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\documents and settings\Bruce Moen\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi10"=midicode32.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
backup=c:\windows\pss\Device Detector 2.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Franklin Covey\Palm Connected Organizer\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Perstray.lnk]
backup=c:\windows\pss\Perstray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^raid_tool.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\VIA\RAID\raid_tool.exe.lnk
backup=c:\windows\pss\raid_tool.exe.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bruce Moen^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Bruce Moen^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-11-29 14:54 133104 ----atw- c:\documents and settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2005-05-04 02:38 64512 ----a-w- c:\windows\system32\P17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 03:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe"
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN23MBR3X405KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
"Google Update"="c:\documents and settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RetroExpress"=c:\progra~1\Dantz\RETROS~1\RetroExpress.exe /h
"niDevMon"=c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
"Sidereal Clock"=c:\program files\sidclock1\RSclock.exe
"EvtMgr6"=c:\program files\Logitech\SetPointP\SetPoint.exe /launchGaming
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe"
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe"
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"ISUSPM"=c:\documents and settings\All Users\Application Data\FLEXnet\Connect\11\\isuspm.exe -scheduler
"nwiz"=nwiz.exe /installquiet
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\nisvcloc.exe"=
"c:\\WINDOWS\\system32\\lktsrv.exe"=
"c:\\WINDOWS\\system32\\CTSVCCDA.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Documents and Settings\\Bruce Moen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Bruce Moen\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\ImageJ\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\SUPDSvc.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51001:TCP"= 51001:TCP:Dragon Smart Phone Server
.
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [8/11/2010 8:32 AM 40560]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/21/2009 2:14 PM 64160]
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [7/10/2007 6:08 PM 15448]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/26/2012 11:56 AM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/26/2012 11:56 AM 361032]
R1 hwinterface32B01;hwinterface32B01;c:\windows\system32\drivers\hwinterface32B01.sys [11/2/2009 3:38 PM 4930]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/26/2012 11:56 AM 21256]
R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [7/18/2012 9:07 PM 310232]
R2 gupdate1c98e3fdec49ea2;Google Update Service (gupdate1c98e3fdec49ea2);c:\program files\Google\Update\GoogleUpdate.exe [2/13/2009 8:02 PM 133104]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [9/21/2010 1:54 PM 12184]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/27/2012 12:48 PM 398184]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 9:21 AM 12696]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [9/18/2007 6:24 AM 11552]
R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [7/19/2007 10:56 AM 11360]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 5:39 PM 431456]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/10/2010 2:46 PM 21104]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [12/14/2007 11:41 AM 11360]
R3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2/22/2008 10:25 AM 11336]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [12/14/2007 2:06 PM 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [12/18/2007 5:14 PM 11360]
S0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [8/18/2004 9:20 AM 76416]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/10/2010 2:46 PM 682344]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/13/2010 3:06 PM 1691480]
S3 ampa;ampa;c:\windows\system32\ampa.sys [12/2/2010 3:08 PM 10936]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [12/20/2007 8:37 AM 20056]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [10/8/2007 1:10 PM 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [10/8/2007 1:10 PM 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [10/8/2007 1:10 PM 22360]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [12/26/2007 10:53 AM 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2/22/2008 10:25 AM 11336]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [12/18/2007 5:20 PM 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2/15/2008 2:37 PM 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2/22/2008 10:25 AM 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [12/26/2007 10:18 AM 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [1/11/2008 3:08 PM 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [4/4/2007 7:06 AM 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [4/4/2007 7:06 AM 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [12/18/2007 5:14 PM 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [12/27/2007 8:45 AM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [12/12/2007 10:23 PM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [12/12/2007 10:22 PM 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [11/26/2007 4:22 PM 20768]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [1/7/2008 11:38 PM 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [1/7/2008 11:21 PM 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [12/20/2007 2:54 PM 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [1/7/2008 11:38 PM 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2/22/2008 10:25 AM 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [1/7/2008 11:35 PM 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2/14/2008 7:58 PM 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [1/2/2008 12:14 PM 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2/19/2008 10:56 PM 11360]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2/22/2008 10:25 AM 11368]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [7/19/2007 10:48 AM 11384]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [7/19/2007 10:56 AM 11360]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2/22/2008 10:25 AM 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2/22/2008 10:25 AM 11336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [5/21/2008 6:57 PM 34576]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [10/13/2010 2:50 AM 36928]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [9/13/2010 3:16 PM 132464]
S3 StkMini;VideoAdvantage USB;c:\windows\system32\drivers\StkMini.sys [3/25/2005 9:39 AM 600617]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [10/4/2012 11:03 AM 13024]
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 15:35]
.
2013-01-16 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]
.
2013-01-17 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]
.
2013-01-17 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]
.
2013-01-16 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]
.
2013-01-17 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-03 23:50]
.
2013-01-07 c:\windows\Tasks\classicftpShakeIcon.job
- c:\program files\NCH Software\ClassicFTP\classicftp.exe [2011-06-06 17:49]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 01:02]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 01:02]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2049760794-839522115-1004Core.job
- c:\documents and settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 14:54]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-2049760794-839522115-1004UA.job
- c:\documents and settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-29 14:54]
.
2013-01-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-746137067-2049760794-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2013-01-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-746137067-2049760794-839522115-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = sas.r4.attbi.com:8000
uInternet Settings,ProxyOverride = *.r4.attbi.com;<local>
Trusted Zone: internet
Trusted Zone: lingo.com\www
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 216.181.31.11 216.181.30.11 65.32.5.111
TCP: Interfaces\{BE72B7F1-9B0E-4278-BC0A-8113151D3E18}: NameServer = 65.32.5.111,65.32.5.112
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
------- File Associations -------
.
.reg=regedit
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-18 12:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\avast! sandbox
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-2049760794-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-746137067-2049760794-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEC3C133-8181-6605-8DB3-DDB9D5D7596D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabgcpmekffiogpbhn"=hex:6a,61,6b,6d,6b,6b,6d,62,6a,65,61,6c,6f,6b,6d,64,64,65,
70,6b,00,00
"hahfkfegihmcioeg"=hex:69,61,67,6e,65,6b,69,6f,69,6f,68,6c,63,68,70,70,68,6a,
00,00
.
[HKEY_USERS\S-1-5-21-746137067-2049760794-839522115-1004\Software\Zepter Software\RegLib*4c5ea22c\CloneDVD2/2]
"1"=dword:44a2eef7
"2"=dword:45548fd7
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DEC3C133-8181-6605-8DB3-DDB9D5D7596D}\InProcServer32*]
"jadgboiklbfokebjgjhc"=hex:6a,61,6b,6d,6b,6b,6d,62,6a,65,61,6c,6f,6b,6d,64,64,
65,70,6b,00,00
"iadglngdijooknajgf"=hex:69,61,67,6e,65,6b,69,6f,69,6f,68,6c,63,68,70,70,68,6a,
00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(960)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'explorer.exe'(5812)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-01-18 12:10:53
ComboFix-quarantined-files.txt 2013-01-18 17:10
.
Pre-Run: 388,062,613,504 bytes free
Post-Run: 388,293,783,552 bytes free
.
- - End Of File - - D61F2430A7666CF2C367F8D8CEA7F3E9

#20 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 18 January 2013 - 01:40 PM

The last ComboFix log is clean.

Any remaining issues?

#21 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 18 January 2013 - 03:18 PM

Thanks Nasdaq. I'll check for remaining issues and let you know what I findout.

Daddymoen

#22 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 19 January 2013 - 08:22 AM

Nasdaq,

The issues left appear to be ones in which I need to reinstall some software. Since there are no more virus or trojan problems I think I am at the point where I can safely do that. I'll tackle the reinstalls and if it somthing comes up in the next few days I will let you know.

Thank you for your patience and all the help. I think we are done for now. I assume I should now uninstall ComboFix?

Daddymoen


#23 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 19 January 2013 - 08:26 AM

Uninstall ComboFix this way.

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Remove the other tools we used.

Good luck.

#24 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 21 January 2013 - 05:26 PM

nasdaq,

I ran the ComboFix uninstall command but the script added to install the file in the Hearing Source software continues to run. How do I find it and kill it?

Daddymoen

#25 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 22 January 2013 - 08:19 AM

I ran the ComboFix uninstall command but the script added to install the file in the Hearing Source software continues to run. How do I find it and kill it?


I do not know what Hearing Source Software is. Can you explain?

After a restart has the ComboFix files been removed?

#26 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 22 January 2013 - 10:30 AM

nasdaq,

Yes, ComboFix was uninstalled and gone after the next boot.

The Hear Source software is used to program my hearing aids, I have the installation CD and reinstalling is not a problem. The script added earlier was from your post that said:

______________________
c:\program files\HearSource\HearSource Fitting .exe
c:\program files\HearSource\Backup\HearSource Fitting .exe

Both files have been corropted.
If ComboFix finds the good copies they will be replaced.
If not you will have to reinstall the application.
Are they part of this software?
http://www.hearsource.com/product_freestyle_hearing_aid.html
===

Open notepad and copy/paste the text in the quote box below into it:

RENV::
c:\program files\HearSource\HearSource Fitting .exe
c:\program files\HearSource\Backup\HearSource Fitting .exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"qsmwzhwnjpttddgsewaeTaskMgr"=-

ClearJavaCache::

Save this as CFScript.txt on your desktop.
-----------------------------------------------------------------------------

This is the script that is still running. It wants to add another copy of the HearSource Fitting .exe file to the Hear Source directory. repeatedly. The first few times it ran (before ComboFix was removed) I put the HearSouce installation CD in my CD/DVD drive so the script could find the file. But that resulted in multiple copies of the .exe file being added to the directory. Each new file had the form HearSource Fitting (n).exe where "n" is number, the newest file copy having the highest consecutive number, starting with "1".

This script now runs whenever I run a program and it wants to add another copy of the .exe file to the directory.

Daddymoen

#27 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 22 January 2013 - 10:37 AM

I remember not but was looking only at the second page for this program.

Lets keep it simple for now run this tool and post the log for my review.


Please download and install the latest version of HijackThis v2.0.4:

CLICK HERE[/color] to download the HijackThis Installer:
  • Save HijackThis.msi to your desktop.
  • Double-click on HijackThis.msie to run the program.
  • On Vista or Windows 7 right click on the file and select run as Administrator.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis. Or C:\Programs files (x86)\... on a 64 bit operating system.
  • Accept the license agreement by clicking the "I Accept" button.
  • Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
  • Click "Save log" to save the log file and then the log will open in Notepad.
  • Click on "Edit -> Select All" then click on "Edit -> Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste the log in your next reply.
  • If your system denies write access to Host files, run HijackThis as an Administrator.
  • Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Delete the older version once you have successfully downloaded and installed the latest version via the Add/Remove Programs list.

#28 Daddymoen

Daddymoen
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 22 January 2013 - 01:21 PM

nasdaq,

Here's the HijackThis Log
___________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:17:44 PM, on 1/22/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Documents and Settings\Bruce Moen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r4.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r4.attbi.com;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking12\Ereg.ini"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,7/McUpdatePortal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093618483609
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE72B7F1-9B0E-4278-BC0A-8113151D3E18}: NameServer = 65.32.5.111,65.32.5.112
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe
O23 - Service: Google Update Service (gupdate1c98e3fdec49ea2) (gupdate1c98e3fdec49ea2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Samsung UPD Service - Samsung Electronics CO., LTD. - C:\WINDOWS\system32\SUPDSvc.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

--
End of file - 11249 bytes

#29 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 22 January 2013 - 02:47 PM

No processes found to be removed.

After a restart of the computer.

If you problem persists, please Download a fresh Copy of ComboFix and post the log for my review.

#30 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:28 PM

Posted 28 January 2013 - 09:24 AM

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users