View Full Version : having problems (Resolved)
typerextreme
2009-08-29, 19:46
Hijack This log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:14 PM, on 8/29/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\Pixart\Pac207\Monitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Ian\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\msfeedssync.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6720
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6720
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6720
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6720
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:12080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DownloadGuardBHO - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\Users\Ian\AppData\Local\Temp\E_S24DE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.bitdefender.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO EasyVPN Service (EasyVpnAdpt) - Unknown owner - C:\Program Files\COMODO\EasyVPN\Vpnservice.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1ca192a3b7c3607) (gupdate1ca192a3b7c3607) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Unknown owner - C:\Program Files\Stardock\Object Desktop\MyColors\VistaSrv.exe (file missing)
--
End of file - 11395 bytes
Ok my problem is the Security Center Service keeps reporting itself as turned off after a few minutes of being logged on. Also system restore's volume shadow copy service keeps turning off. I have ran MalwareByte's AntiMalware, SuperAntiSpyware, and Asquared Antivirus scans. None of them found anything worse than tracking cookies.
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
There is no obvious sign of infection, let's get a deeper look :)
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )
Please Download GMER to your desktop
Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
typerextreme
2009-08-31, 22:46
My computer is now having trouble in normal mode. It will log on just fine. I can open any program I wish. Shortly thereafter Windows Security Center will display a balloon saying that the Security Center Service is not running, Click here to fix this problem. I ignore the message because I know the service is dead. Not too long after opening a program the program will lock up. Explorer will lock up, and I am unable to do CTRL+ALT+DEL as well as CTRL+SHIFT+ESC to bring up task manager. The only way I can regain use of my computer is to force it to shutdown by holding the power button down for 10 seconds. I have tried 3 times to boot in normal mode. After that I quit trying and just go into Safe Mode with Networking. Everything that can work in Safe Mode with Networking works fine.
Will the tools you linked me to work in Safe Mode with Networking?
Please run this tool instead ( in whichever mode you can get started )
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
typerextreme
2009-08-31, 22:58
One more thing I forgot to mention, I may have trouble running these programs because of my security software, Comodo Internet Security, which uses a default-deny approach on software that isn't in a trusted vendors list. It cannot run in safe mode because some, if not all, of the drivers used by CIS are not loaded in safe mode. The GUI doesn't even show up automatically. I can open it up with the Desktop link, but it complains about the modules not being loaded properly. I do not believe any changes I make in the GUI will stay unless the drivers are loaded. It also has a way of blocking access to certain parts of the system. Mostly the windows folders and the registry. I do not know if the protection extends to safe mode or not.
Don't worry, just try running Combofix
typerextreme
2009-08-31, 23:36
I attached it as log.zip. The forum told me the 48.8kb txt file was exceeding the 48.8kb forum limit....i thought that a little strange.
Also the combofix warned me about ad-watch live! running when ad-aware reported it as off and I right-clicked the ad-aware tray icon and hit exit.
And the command prompt window had a lot of Administrator priveleges needed messages, although I ran the combofix.exe as an administrator.
typerextreme
2009-09-01, 01:56
i got into normal mode again. i ran gmer.exe but it ran for a while and vista said it stopped responding. rsit.exe is going now
typerextreme
2009-09-01, 01:59
rsit log attached
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ian at 2009-08-31 18:53:48
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 42 GB (40%) free of 104 GB
Total RAM: 2038 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:07 PM, on 8/31/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\Pixart\Pac207\Monitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Ian\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\mobsync.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\Desktop\RSIT (1).exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\Trend Micro\HijackThis\Ian.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6720
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:12080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DownloadGuardBHO - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O15 - Trusted Zone: http://www.bitdefender.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO EasyVPN Service (EasyVpnAdpt) - Unknown owner - C:\Program Files\COMODO\EasyVPN\Vpnservice.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1ca192a3b7c3607) (gupdate1ca192a3b7c3607) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Unknown owner - C:\Program Files\Stardock\Object Desktop\MyColors\VistaSrv.exe (file missing)
--
End of file - 10187 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Daily 1).job
C:\Windows\tasks\Ad-Aware Update (Daily 2).job
C:\Windows\tasks\Ad-Aware Update (Daily 3).job
C:\Windows\tasks\Ad-Aware Update (Daily 4).job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2807984788-2127066470-1189229894-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2807984788-2127066470-1189229894-1000UA.job
C:\Windows\tasks\MyDefrag.job
C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
C:\Windows\tasks\User_Feed_Synchronization-{6E80C55A-D6D7-42FC-A2F9-5406E6A6EA35}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20C1A7F0-528E-444F-BAC5-5804A61CCA7F}]
DownloadGuardBHO Class - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll [2009-07-31 44944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-08-18 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-08-09 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{E9FAB13D-4600-49E1-90D1-EE961C859D39} - HopSurf toolbar - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll [2009-07-16 1122496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-26 865840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-12-12 157312]
"PAC207_Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-05-06 442433]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-18 198160]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-08-25 1796368]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-07-03 40072]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Google Update"=C:\User [2009-03-25 2]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7400 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE [2007-02-15 179200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll [2009-02-24 103728]
Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll [2009-02-24 87368]
StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll [2009-02-24 591176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-08-31 18:53:48 ----DC---- C:\rsit
2009-08-31 16:29:16 ----SHDC---- C:\$RECYCLE.BIN
2009-08-31 16:23:08 ----D---- C:\Windows\temp
2009-08-31 16:23:05 ----AC---- C:\ComboFix.txt
2009-08-31 16:09:25 ----A---- C:\Windows\zip.exe
2009-08-31 16:09:25 ----A---- C:\Windows\SWXCACLS.exe
2009-08-31 16:09:25 ----A---- C:\Windows\SWSC.exe
2009-08-31 16:09:25 ----A---- C:\Windows\SWREG.exe
2009-08-31 16:09:25 ----A---- C:\Windows\sed.exe
2009-08-31 16:09:25 ----A---- C:\Windows\PEV.exe
2009-08-31 16:09:25 ----A---- C:\Windows\NIRCMD.exe
2009-08-31 16:09:25 ----A---- C:\Windows\grep.exe
2009-08-31 16:09:11 ----SDC---- C:\ComboFix
2009-08-31 16:08:10 ----D---- C:\Windows\ERDNT
2009-08-31 16:07:38 ----ADC---- C:\Qoobox
2009-08-31 15:31:03 ----A---- C:\Windows\ntbtlog.txt
2009-08-30 12:43:39 ----D---- C:\Windows\pss
2009-08-30 12:42:59 ----DC---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-08-29 21:13:38 ----DC---- C:\ProgramData\Office Genuine Advantage
2009-08-29 13:34:57 ----DC---- C:\Program Files\ERUNT
2009-08-29 12:29:24 ----DC---- C:\Users\Ian\AppData\Roaming\Uniblue
2009-08-26 17:49:19 ----A---- C:\Windows\system32\2009-08-26-22-49-15.045-VirtualBox.exe-5052.log
2009-08-26 17:00:41 ----A---- C:\Windows\system32\2009-08-26-22-00-17.023-VirtualBox.exe-4116.log
2009-08-25 20:19:16 ----D---- C:\Windows\LastGood.Tmp
2009-08-25 20:18:43 ----DC---- C:\Program Files\Sun
2009-08-25 17:35:48 ----DC---- C:\Program Files\Trend Micro
2009-08-25 17:26:19 ----A---- C:\Windows\system32\tzres.dll
2009-08-25 17:22:49 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-25 17:22:47 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-25 16:23:13 ----DC---- C:\Users\Ian\AppData\Roaming\BitDefender
2009-08-25 16:22:38 ----DC---- C:\ProgramData\BitDefender
2009-08-25 16:22:38 ----DC---- C:\Program Files\BitDefender
2009-08-25 16:21:02 ----DC---- C:\Program Files\Common Files\BitDefender
2009-08-24 19:51:19 ----DC---- C:\ProgramData\SUPERAntiSpyware.com
2009-08-24 19:47:53 ----DC---- C:\Users\Ian\AppData\Roaming\SUPERAntiSpyware.com
2009-08-24 19:47:53 ----DC---- C:\Program Files\SUPERAntiSpyware
2009-08-24 17:58:56 ----DC---- C:\Users\Ian\AppData\Roaming\Malwarebytes
2009-08-24 17:58:51 ----DC---- C:\ProgramData\Malwarebytes
2009-08-24 17:58:51 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-23 14:11:45 ----DC---- C:\Users\Ian\AppData\Roaming\Tlhan Ghun
2009-08-23 14:07:53 ----DC---- C:\Users\Ian\AppData\Roaming\full phat
2009-08-23 14:07:48 ----DC---- C:\Program Files\full phat
2009-08-23 11:35:19 ----DC---- C:\Program Files\Common Files\DFX
2009-08-21 23:00:16 ----DC---- C:\Program Files\Planetside Software
2009-08-20 21:05:25 ----DC---- C:\Program Files\RocketDock
2009-08-20 21:02:16 ----DC---- C:\Program Files\UberIcon
2009-08-20 19:55:09 ----DC---- C:\Users\Ian\AppData\Roaming\XBMC
2009-08-20 19:54:30 ----DC---- C:\Program Files\XBMC
2009-08-18 20:55:36 ----A---- C:\Windows\system32\rmoc3260.dll
2009-08-18 20:55:24 ----A---- C:\Windows\system32\pndx5032.dll
2009-08-18 20:55:24 ----A---- C:\Windows\system32\pndx5016.dll
2009-08-18 20:55:20 ----DC---- C:\Program Files\Common Files\xing shared
2009-08-18 20:54:52 ----DC---- C:\Program Files\Real
2009-08-18 20:54:51 ----A---- C:\Windows\system32\pncrt.dll
2009-08-18 20:54:29 ----DC---- C:\Program Files\Common Files\Real
2009-08-18 20:54:26 ----DC---- C:\Users\Ian\AppData\Roaming\Real
2009-08-16 21:49:23 ----D---- C:\Windows\keys
2009-08-16 20:57:57 ----DC---- C:\Program Files\Side Effects Software
2009-08-14 16:36:58 ----A---- C:\Windows\system32\lsdelete.exe
2009-08-13 21:22:50 ----HDC---- C:\ProgramData\{3199D4CF-B5A3-40E3-AC2C-24BAEDA0B858}
2009-08-13 21:21:46 ----HDC---- C:\ProgramData\{3CD946D6-FCB3-456A-9A79-99A164EBBAB1}
2009-08-13 17:07:44 ----A---- C:\Windows\system32\mstscax.dll
2009-08-13 17:07:41 ----A---- C:\Windows\system32\atl.dll
2009-08-13 17:07:37 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-13 17:07:30 ----A---- C:\Windows\system32\avifil32.dll
2009-08-13 17:07:24 ----A---- C:\Windows\system32\kerberos.dll
2009-08-13 17:07:23 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-13 17:07:22 ----A---- C:\Windows\system32\wdigest.dll
2009-08-13 17:07:20 ----A---- C:\Windows\system32\schannel.dll
2009-08-13 17:07:19 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-13 17:07:17 ----A---- C:\Windows\system32\secur32.dll
2009-08-13 17:07:17 ----A---- C:\Windows\system32\lsass.exe
2009-08-13 17:07:03 ----A---- C:\Windows\system32\wmp.dll
2009-08-13 17:07:01 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-13 17:06:59 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-13 17:06:57 ----A---- C:\Windows\system32\spwmp.dll
2009-08-13 17:06:56 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-11 16:11:14 ----DC---- C:\Users\Ian\AppData\Roaming\U3
2009-08-09 14:43:52 ----DC---- C:\ProgramData\Google Updater
2009-08-08 13:03:54 ----DC---- C:\Program Files\MyDefragGUI
2009-08-08 11:50:06 ----DC---- C:\Users\Ian\AppData\Roaming\vlc
2009-08-08 11:48:37 ----DC---- C:\Program Files\VideoLAN
2009-08-06 23:11:33 ----DC---- C:\Program Files\Avira
2009-08-04 19:28:03 ----DC---- C:\Program Files\DVDVideoSoft
2009-08-04 19:28:03 ----DC---- C:\Program Files\Common Files\DVDVideoSoft
2009-08-04 16:17:16 ----A---- C:\Windows\system32\javaws.exe
2009-08-04 16:17:16 ----A---- C:\Windows\system32\javaw.exe
2009-08-04 16:17:16 ----A---- C:\Windows\system32\java.exe
2009-08-04 11:37:48 ----DC---- C:\Program Files\Common Files\Adobe
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAEXEC.exe
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGACheckControl.dll
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAAddin.dll
2009-08-02 12:38:41 ----DC---- C:\Program Files\Intel Corporation
2009-08-02 12:16:32 ----DC---- C:\Program Files\SystemRequirementsLab
======List of files/folders modified in the last 1 months======
2009-08-31 18:36:50 ----D---- C:\Windows\System32
2009-08-31 18:36:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-31 18:36:49 ----D---- C:\Windows\inf
2009-08-31 18:27:36 ----D---- C:\Windows\Tasks
2009-08-31 18:22:26 ----D---- C:\Windows\system32\Tasks
2009-08-31 18:07:49 ----D---- C:\Windows
2009-08-31 17:28:33 ----DC---- C:\Program Files\Mozilla Firefox
2009-08-31 16:18:06 ----AC---- C:\Windows\system.ini
2009-08-31 16:14:52 ----D---- C:\Windows\system32\drivers
2009-08-31 16:14:52 ----D---- C:\Windows\AppPatch
2009-08-31 16:14:51 ----DC---- C:\Program Files\Common Files
2009-08-30 21:39:31 ----DC---- C:\Users\Ian\AppData\Roaming\.purple
2009-08-30 13:50:23 ----D---- C:\Windows\system32\Msdtc
2009-08-30 13:50:20 ----D---- C:\Windows\system32\wbem
2009-08-30 13:41:36 ----D---- C:\Windows\system32\config
2009-08-30 13:41:12 ----D---- C:\Windows\system32\spool
2009-08-30 13:41:12 ----D---- C:\Windows\system32\catroot2
2009-08-30 13:41:12 ----D---- C:\Windows\SMINST
2009-08-30 13:41:11 ----DC---- C:\Users\Ian\AppData\Roaming\Notepad++
2009-08-30 13:41:11 ----DC---- C:\ProgramData\Spybot - Search & Destroy
2009-08-30 13:40:58 ----D---- C:\Windows\registration
2009-08-30 13:35:29 ----D---- C:\System Volume Information
2009-08-30 12:51:37 ----DC---- C:\Users
2009-08-30 12:50:06 ----D---- C:\Windows\Debug
2009-08-30 12:43:40 ----SHD---- C:\Windows\Installer
2009-08-30 12:42:59 ----DC---- C:\Program Files
2009-08-29 21:13:41 ----D---- C:\Windows\Prefetch
2009-08-29 21:13:38 ----HDC---- C:\ProgramData
2009-08-29 18:17:59 ----D---- C:\Windows\system32\LogFiles
2009-08-29 13:41:30 ----D---- C:\Windows\system32\zh-TW
2009-08-29 13:41:30 ----D---- C:\Windows\system32\zh-HK
2009-08-29 13:41:30 ----D---- C:\Windows\system32\tr-TR
2009-08-29 13:41:30 ----D---- C:\Windows\system32\sv-SE
2009-08-29 13:41:30 ----D---- C:\Windows\system32\pt-BR
2009-08-29 13:41:30 ----D---- C:\Windows\system32\nl-NL
2009-08-29 13:41:30 ----D---- C:\Windows\system32\nb-NO
2009-08-29 13:41:30 ----D---- C:\Windows\system32\ko-KR
2009-08-29 13:41:30 ----D---- C:\Windows\system32\it-IT
2009-08-29 13:41:30 ----D---- C:\Windows\system32\he-IL
2009-08-29 13:41:30 ----D---- C:\Windows\system32\fr-FR
2009-08-29 13:41:30 ----D---- C:\Windows\system32\fi-FI
2009-08-29 13:41:30 ----D---- C:\Windows\system32\es-ES
2009-08-29 13:41:30 ----D---- C:\Windows\system32\en-US
2009-08-29 13:41:30 ----D---- C:\Windows\system32\el-GR
2009-08-29 13:41:30 ----D---- C:\Windows\system32\de-DE
2009-08-29 13:41:30 ----D---- C:\Windows\system32\da-DK
2009-08-29 13:41:30 ----D---- C:\Windows\system32\ar-SA
2009-08-25 20:19:20 ----D---- C:\Windows\system32\catroot
2009-08-25 20:19:18 ----DC---- C:\Windows\system32\DRVSTORE
2009-08-25 18:49:29 ----D---- C:\Windows\rescache
2009-08-25 17:29:50 ----D---- C:\Windows\winsxs
2009-08-25 17:24:30 ----DC---- C:\Program Files\Internet Explorer
2009-08-25 15:54:42 ----A---- C:\Windows\system32\guard32.dll
2009-08-25 15:29:54 ----DC---- C:\Program Files\Common Files\aol
2009-08-24 20:00:30 ----A---- C:\Windows\win.ini
2009-08-24 19:58:45 ----A---- C:\Windows\msoffice.ini
2009-08-24 19:45:06 ----DC---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-24 19:35:32 ----DC---- C:\Program Files\Songbird
2009-08-24 19:34:33 ----D---- C:\Windows\system32\CodeIntegrity
2009-08-24 19:34:33 ----D---- C:\Windows\BDOSCAN8
2009-08-24 19:34:32 ----DC---- C:\Users\Ian\AppData\Roaming\Winamp
2009-08-24 19:34:32 ----DC---- C:\Program Files\Winamp
2009-08-24 19:34:22 ----DC---- C:\Program Files\Pidgin
2009-08-24 19:20:30 ----SD---- C:\Windows\Downloaded Program Files
2009-08-23 11:35:58 ----DC---- C:\Program Files\QO Labs
2009-08-22 23:22:24 ----D---- C:\Windows\Minidump
2009-08-21 22:48:09 ----DC---- C:\Users\Ian\AppData\Roaming\gtk-2.0
2009-08-21 22:15:03 ----D---- C:\Program Files\COMODO
2009-08-20 20:35:16 ----DC---- C:\Program Files\Mozilla Thunderbird
2009-08-14 15:25:51 ----D---- C:\Program Files\Windows Media Player
2009-08-13 21:58:40 ----D---- C:\Program Files\Windows Mail
2009-08-13 21:22:48 ----DC---- C:\Program Files\Lavasoft
2009-08-13 21:20:34 ----DC---- C:\ProgramData\Lavasoft
2009-08-13 17:26:00 ----DC---- C:\Users\Ian\AppData\Roaming\Download Manager
2009-08-11 21:39:11 ----DC---- C:\Users\Ian\AppData\Roaming\Mozilla
2009-08-09 14:49:31 ----DC---- C:\Program Files\Google
2009-08-08 13:03:27 ----DC---- C:\Program Files\MyDefrag v4.1.1
2009-08-07 19:25:16 ----DC---- C:\Program Files\Common Files\microsoft shared
2009-08-04 16:47:56 ----D---- C:\Program Files\Microsoft Games
2009-08-04 16:16:55 ----DC---- C:\Program Files\Java
2009-08-03 08:33:32 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-02 10:34:14 ----DC---- C:\Program Files\Spybot - Search & Destroy
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2009-08-25 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-08-25 29520]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2009-08-25 74328]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-05 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-05 74480]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2009-08-05 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2009-08-05 41424]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-08 1161888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-05-25 164864]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-08-05 7408]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-05-06 379904]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-04-26 186680]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 ATP;Comodo EasyVPN Miniport Driver; C:\Windows\system32\DRIVERS\cmdatp.sys [2008-12-10 17424]
S3 aujasnkj;aujasnkj; \??\C:\User [2009-03-25 2]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 catchme;catchme; \??\C:\User [2009-03-25 2]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-05-31 25280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
S3 PAC207;PAC207 CIF USB Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys []
S3 TIEHDUSB;TIEHDUSB; C:\Windows\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys []
S3 WinUSB;WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-04-10 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-08-25 715392]
R2 EasyVpnAdpt;COMODO EasyVPN Service; C:\Program Files\COMODO\EasyVPN\Vpnservice.exe [2009-02-20 44776]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-12-12 5117568]
S2 gupdate1ca192a3b7c3607;Google Update Service (gupdate1ca192a3b7c3607); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-09 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-09 190448]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-13 1149776]
S2 WindowBlinds;Stardock WindowBlinds; C:\Program Files\Stardock\Object Desktop\MyColors\VistaSrv.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-12-12 243840]
S4 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe service []
-----------------EOF-----------------
Note:- Please can you post the logs rather than attaching them, it makes it a lot easier for me.
There is no obvious sign of infection, how are things running now ?
Please can you post the contents of C:\RSIT\Info.txt along with the following.
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
typerextreme
2009-09-02, 00:18
I will try their online scan now. Also, I decided to disable the Defense+ module of Comodo Internet Security and I have been able to stay in Normal Mode of Windows, although last night the security center popup showed up again. Today it hasn't but I turned off the antivirus portion of CIS and it did not come up and say my antivirus was turned off, so I believe Security Center is still dead.
I tried to install Kaspersky's Internet Security 2010 Free trial, but the installer is forcing me to remove COMODO, which I do not want to do unless I have to.
RSIT LOG
------------------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ian at 2009-08-31 18:53:48
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 42 GB (40%) free of 104 GB
Total RAM: 2038 MB (42% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:07 PM, on 8/31/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\Pixart\Pac207\Monitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Ian\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\mobsync.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\Desktop\RSIT (1).exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\Trend Micro\HijackThis\Ian.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aol.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6720
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:12080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DownloadGuardBHO - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: HopSurf toolbar - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Save YouTube Video - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O15 - Trusted Zone: http://www.bitdefender.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO EasyVPN Service (EasyVpnAdpt) - Unknown owner - C:\Program Files\COMODO\EasyVPN\Vpnservice.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate1ca192a3b7c3607) (gupdate1ca192a3b7c3607) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Unknown owner - C:\Program Files\Stardock\Object Desktop\MyColors\VistaSrv.exe (file missing)
--
End of file - 10187 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Daily 1).job
C:\Windows\tasks\Ad-Aware Update (Daily 2).job
C:\Windows\tasks\Ad-Aware Update (Daily 3).job
C:\Windows\tasks\Ad-Aware Update (Daily 4).job
C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2807984788-2127066470-1189229894-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2807984788-2127066470-1189229894-1000UA.job
C:\Windows\tasks\MyDefrag.job
C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
C:\Windows\tasks\User_Feed_Synchronization-{6E80C55A-D6D7-42FC-A2F9-5406E6A6EA35}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20C1A7F0-528E-444F-BAC5-5804A61CCA7F}]
DownloadGuardBHO Class - C:\Program Files\Lavasoft\Download Guard for Internet Explorer\DownloadGuardBHO.dll [2009-07-31 44944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-08-18 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-08-09 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{E9FAB13D-4600-49E1-90D1-EE961C859D39} - HopSurf toolbar - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll [2009-07-16 1122496]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-02-12 174872]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-04-26 865840]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-12-12 157312]
"PAC207_Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2007-12-10 323584]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-05-06 442433]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-18 198160]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-08-25 1796368]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-07-03 40072]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Google Update"=C:\User [2009-03-25 2]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-05 1830128]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX7400 Series]
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE [2007-02-15 179200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll [2009-02-24 103728]
Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll [2009-02-24 87368]
StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll [2009-02-24 591176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-08-31 18:53:48 ----DC---- C:\rsit
2009-08-31 16:29:16 ----SHDC---- C:\$RECYCLE.BIN
2009-08-31 16:23:08 ----D---- C:\Windows\temp
2009-08-31 16:23:05 ----AC---- C:\ComboFix.txt
2009-08-31 16:09:25 ----A---- C:\Windows\zip.exe
2009-08-31 16:09:25 ----A---- C:\Windows\SWXCACLS.exe
2009-08-31 16:09:25 ----A---- C:\Windows\SWSC.exe
2009-08-31 16:09:25 ----A---- C:\Windows\SWREG.exe
2009-08-31 16:09:25 ----A---- C:\Windows\sed.exe
2009-08-31 16:09:25 ----A---- C:\Windows\PEV.exe
2009-08-31 16:09:25 ----A---- C:\Windows\NIRCMD.exe
2009-08-31 16:09:25 ----A---- C:\Windows\grep.exe
2009-08-31 16:09:11 ----SDC---- C:\ComboFix
2009-08-31 16:08:10 ----D---- C:\Windows\ERDNT
2009-08-31 16:07:38 ----ADC---- C:\Qoobox
2009-08-31 15:31:03 ----A---- C:\Windows\ntbtlog.txt
2009-08-30 12:43:39 ----D---- C:\Windows\pss
2009-08-30 12:42:59 ----DC---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-08-29 21:13:38 ----DC---- C:\ProgramData\Office Genuine Advantage
2009-08-29 13:34:57 ----DC---- C:\Program Files\ERUNT
2009-08-29 12:29:24 ----DC---- C:\Users\Ian\AppData\Roaming\Uniblue
2009-08-26 17:49:19 ----A---- C:\Windows\system32\2009-08-26-22-49-15.045-VirtualBox.exe-5052.log
2009-08-26 17:00:41 ----A---- C:\Windows\system32\2009-08-26-22-00-17.023-VirtualBox.exe-4116.log
2009-08-25 20:19:16 ----D---- C:\Windows\LastGood.Tmp
2009-08-25 20:18:43 ----DC---- C:\Program Files\Sun
2009-08-25 17:35:48 ----DC---- C:\Program Files\Trend Micro
2009-08-25 17:26:19 ----A---- C:\Windows\system32\tzres.dll
2009-08-25 17:22:49 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-08-25 17:22:47 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-08-25 16:23:13 ----DC---- C:\Users\Ian\AppData\Roaming\BitDefender
2009-08-25 16:22:38 ----DC---- C:\ProgramData\BitDefender
2009-08-25 16:22:38 ----DC---- C:\Program Files\BitDefender
2009-08-25 16:21:02 ----DC---- C:\Program Files\Common Files\BitDefender
2009-08-24 19:51:19 ----DC---- C:\ProgramData\SUPERAntiSpyware.com
2009-08-24 19:47:53 ----DC---- C:\Users\Ian\AppData\Roaming\SUPERAntiSpyware.com
2009-08-24 19:47:53 ----DC---- C:\Program Files\SUPERAntiSpyware
2009-08-24 17:58:56 ----DC---- C:\Users\Ian\AppData\Roaming\Malwarebytes
2009-08-24 17:58:51 ----DC---- C:\ProgramData\Malwarebytes
2009-08-24 17:58:51 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-23 14:11:45 ----DC---- C:\Users\Ian\AppData\Roaming\Tlhan Ghun
2009-08-23 14:07:53 ----DC---- C:\Users\Ian\AppData\Roaming\full phat
2009-08-23 14:07:48 ----DC---- C:\Program Files\full phat
2009-08-23 11:35:19 ----DC---- C:\Program Files\Common Files\DFX
2009-08-21 23:00:16 ----DC---- C:\Program Files\Planetside Software
2009-08-20 21:05:25 ----DC---- C:\Program Files\RocketDock
2009-08-20 21:02:16 ----DC---- C:\Program Files\UberIcon
2009-08-20 19:55:09 ----DC---- C:\Users\Ian\AppData\Roaming\XBMC
2009-08-20 19:54:30 ----DC---- C:\Program Files\XBMC
2009-08-18 20:55:36 ----A---- C:\Windows\system32\rmoc3260.dll
2009-08-18 20:55:24 ----A---- C:\Windows\system32\pndx5032.dll
2009-08-18 20:55:24 ----A---- C:\Windows\system32\pndx5016.dll
2009-08-18 20:55:20 ----DC---- C:\Program Files\Common Files\xing shared
2009-08-18 20:54:52 ----DC---- C:\Program Files\Real
2009-08-18 20:54:51 ----A---- C:\Windows\system32\pncrt.dll
2009-08-18 20:54:29 ----DC---- C:\Program Files\Common Files\Real
2009-08-18 20:54:26 ----DC---- C:\Users\Ian\AppData\Roaming\Real
2009-08-16 21:49:23 ----D---- C:\Windows\keys
2009-08-16 20:57:57 ----DC---- C:\Program Files\Side Effects Software
2009-08-14 16:36:58 ----A---- C:\Windows\system32\lsdelete.exe
2009-08-13 21:22:50 ----HDC---- C:\ProgramData\{3199D4CF-B5A3-40E3-AC2C-24BAEDA0B858}
2009-08-13 21:21:46 ----HDC---- C:\ProgramData\{3CD946D6-FCB3-456A-9A79-99A164EBBAB1}
2009-08-13 17:07:44 ----A---- C:\Windows\system32\mstscax.dll
2009-08-13 17:07:41 ----A---- C:\Windows\system32\atl.dll
2009-08-13 17:07:37 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-13 17:07:30 ----A---- C:\Windows\system32\avifil32.dll
2009-08-13 17:07:24 ----A---- C:\Windows\system32\kerberos.dll
2009-08-13 17:07:23 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-13 17:07:22 ----A---- C:\Windows\system32\wdigest.dll
2009-08-13 17:07:20 ----A---- C:\Windows\system32\schannel.dll
2009-08-13 17:07:19 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-13 17:07:17 ----A---- C:\Windows\system32\secur32.dll
2009-08-13 17:07:17 ----A---- C:\Windows\system32\lsass.exe
2009-08-13 17:07:03 ----A---- C:\Windows\system32\wmp.dll
2009-08-13 17:07:01 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-13 17:06:59 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-13 17:06:57 ----A---- C:\Windows\system32\spwmp.dll
2009-08-13 17:06:56 ----A---- C:\Windows\system32\wmploc.DLL
2009-08-11 16:11:14 ----DC---- C:\Users\Ian\AppData\Roaming\U3
2009-08-09 14:43:52 ----DC---- C:\ProgramData\Google Updater
2009-08-08 13:03:54 ----DC---- C:\Program Files\MyDefragGUI
2009-08-08 11:50:06 ----DC---- C:\Users\Ian\AppData\Roaming\vlc
2009-08-08 11:48:37 ----DC---- C:\Program Files\VideoLAN
2009-08-06 23:11:33 ----DC---- C:\Program Files\Avira
2009-08-04 19:28:03 ----DC---- C:\Program Files\DVDVideoSoft
2009-08-04 19:28:03 ----DC---- C:\Program Files\Common Files\DVDVideoSoft
2009-08-04 16:17:16 ----A---- C:\Windows\system32\javaws.exe
2009-08-04 16:17:16 ----A---- C:\Windows\system32\javaw.exe
2009-08-04 16:17:16 ----A---- C:\Windows\system32\java.exe
2009-08-04 11:37:48 ----DC---- C:\Program Files\Common Files\Adobe
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAEXEC.exe
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGACheckControl.dll
2009-08-03 15:07:42 ----A---- C:\Windows\system32\OGAAddin.dll
2009-08-02 12:38:41 ----DC---- C:\Program Files\Intel Corporation
2009-08-02 12:16:32 ----DC---- C:\Program Files\SystemRequirementsLab
======List of files/folders modified in the last 1 months======
2009-08-31 18:36:50 ----D---- C:\Windows\System32
2009-08-31 18:36:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-08-31 18:36:49 ----D---- C:\Windows\inf
2009-08-31 18:27:36 ----D---- C:\Windows\Tasks
2009-08-31 18:22:26 ----D---- C:\Windows\system32\Tasks
2009-08-31 18:07:49 ----D---- C:\Windows
2009-08-31 17:28:33 ----DC---- C:\Program Files\Mozilla Firefox
2009-08-31 16:18:06 ----AC---- C:\Windows\system.ini
2009-08-31 16:14:52 ----D---- C:\Windows\system32\drivers
2009-08-31 16:14:52 ----D---- C:\Windows\AppPatch
2009-08-31 16:14:51 ----DC---- C:\Program Files\Common Files
2009-08-30 21:39:31 ----DC---- C:\Users\Ian\AppData\Roaming\.purple
2009-08-30 13:50:23 ----D---- C:\Windows\system32\Msdtc
2009-08-30 13:50:20 ----D---- C:\Windows\system32\wbem
2009-08-30 13:41:36 ----D---- C:\Windows\system32\config
2009-08-30 13:41:12 ----D---- C:\Windows\system32\spool
2009-08-30 13:41:12 ----D---- C:\Windows\system32\catroot2
2009-08-30 13:41:12 ----D---- C:\Windows\SMINST
2009-08-30 13:41:11 ----DC---- C:\Users\Ian\AppData\Roaming\Notepad++
2009-08-30 13:41:11 ----DC---- C:\ProgramData\Spybot - Search & Destroy
2009-08-30 13:40:58 ----D---- C:\Windows\registration
2009-08-30 13:35:29 ----D---- C:\System Volume Information
2009-08-30 12:51:37 ----DC---- C:\Users
2009-08-30 12:50:06 ----D---- C:\Windows\Debug
2009-08-30 12:43:40 ----SHD---- C:\Windows\Installer
2009-08-30 12:42:59 ----DC---- C:\Program Files
2009-08-29 21:13:41 ----D---- C:\Windows\Prefetch
2009-08-29 21:13:38 ----HDC---- C:\ProgramData
2009-08-29 18:17:59 ----D---- C:\Windows\system32\LogFiles
2009-08-29 13:41:30 ----D---- C:\Windows\system32\zh-TW
2009-08-29 13:41:30 ----D---- C:\Windows\system32\zh-HK
2009-08-29 13:41:30 ----D---- C:\Windows\system32\tr-TR
2009-08-29 13:41:30 ----D---- C:\Windows\system32\sv-SE
2009-08-29 13:41:30 ----D---- C:\Windows\system32\pt-BR
2009-08-29 13:41:30 ----D---- C:\Windows\system32\nl-NL
2009-08-29 13:41:30 ----D---- C:\Windows\system32\nb-NO
2009-08-29 13:41:30 ----D---- C:\Windows\system32\ko-KR
2009-08-29 13:41:30 ----D---- C:\Windows\system32\it-IT
2009-08-29 13:41:30 ----D---- C:\Windows\system32\he-IL
2009-08-29 13:41:30 ----D---- C:\Windows\system32\fr-FR
2009-08-29 13:41:30 ----D---- C:\Windows\system32\fi-FI
2009-08-29 13:41:30 ----D---- C:\Windows\system32\es-ES
2009-08-29 13:41:30 ----D---- C:\Windows\system32\en-US
2009-08-29 13:41:30 ----D---- C:\Windows\system32\el-GR
2009-08-29 13:41:30 ----D---- C:\Windows\system32\de-DE
2009-08-29 13:41:30 ----D---- C:\Windows\system32\da-DK
2009-08-29 13:41:30 ----D---- C:\Windows\system32\ar-SA
2009-08-25 20:19:20 ----D---- C:\Windows\system32\catroot
2009-08-25 20:19:18 ----DC---- C:\Windows\system32\DRVSTORE
2009-08-25 18:49:29 ----D---- C:\Windows\rescache
2009-08-25 17:29:50 ----D---- C:\Windows\winsxs
2009-08-25 17:24:30 ----DC---- C:\Program Files\Internet Explorer
2009-08-25 15:54:42 ----A---- C:\Windows\system32\guard32.dll
2009-08-25 15:29:54 ----DC---- C:\Program Files\Common Files\aol
2009-08-24 20:00:30 ----A---- C:\Windows\win.ini
2009-08-24 19:58:45 ----A---- C:\Windows\msoffice.ini
2009-08-24 19:45:06 ----DC---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-24 19:35:32 ----DC---- C:\Program Files\Songbird
2009-08-24 19:34:33 ----D---- C:\Windows\system32\CodeIntegrity
2009-08-24 19:34:33 ----D---- C:\Windows\BDOSCAN8
2009-08-24 19:34:32 ----DC---- C:\Users\Ian\AppData\Roaming\Winamp
2009-08-24 19:34:32 ----DC---- C:\Program Files\Winamp
2009-08-24 19:34:22 ----DC---- C:\Program Files\Pidgin
2009-08-24 19:20:30 ----SD---- C:\Windows\Downloaded Program Files
2009-08-23 11:35:58 ----DC---- C:\Program Files\QO Labs
2009-08-22 23:22:24 ----D---- C:\Windows\Minidump
2009-08-21 22:48:09 ----DC---- C:\Users\Ian\AppData\Roaming\gtk-2.0
2009-08-21 22:15:03 ----D---- C:\Program Files\COMODO
2009-08-20 20:35:16 ----DC---- C:\Program Files\Mozilla Thunderbird
2009-08-14 15:25:51 ----D---- C:\Program Files\Windows Media Player
2009-08-13 21:58:40 ----D---- C:\Program Files\Windows Mail
2009-08-13 21:22:48 ----DC---- C:\Program Files\Lavasoft
2009-08-13 21:20:34 ----DC---- C:\ProgramData\Lavasoft
2009-08-13 17:26:00 ----DC---- C:\Users\Ian\AppData\Roaming\Download Manager
2009-08-11 21:39:11 ----DC---- C:\Users\Ian\AppData\Roaming\Mozilla
2009-08-09 14:49:31 ----DC---- C:\Program Files\Google
2009-08-08 13:03:27 ----DC---- C:\Program Files\MyDefrag v4.1.1
2009-08-07 19:25:16 ----DC---- C:\Program Files\Common Files\microsoft shared
2009-08-04 16:47:56 ----D---- C:\Program Files\Microsoft Games
2009-08-04 16:16:55 ----DC---- C:\Program Files\Java
2009-08-03 08:33:32 ----D---- C:\Program Files\Microsoft Silverlight
2009-08-02 10:34:14 ----DC---- C:\Program Files\Spybot - Search & Destroy
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2009-08-25 128888]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2009-08-25 29520]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2009-08-25 74328]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-05 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-05 74480]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2009-08-05 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2009-08-05 41424]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-08 1161888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-05-25 164864]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2009-06-10 347648]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-03-26 64000]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-08-05 7408]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-05-06 379904]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-04-26 186680]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 ATP;Comodo EasyVPN Miniport Driver; C:\Windows\system32\DRIVERS\cmdatp.sys [2008-12-10 17424]
S3 aujasnkj;aujasnkj; \??\C:\User [2009-03-25 2]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 catchme;catchme; \??\C:\User [2009-03-25 2]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-02-06 55280]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-05-31 25280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 1302492]
S3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-10-09 17408]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
S3 PAC207;PAC207 CIF USB Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys []
S3 TIEHDUSB;TIEHDUSB; C:\Windows\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys []
S3 WinUSB;WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-04-10 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-08-25 715392]
R2 EasyVpnAdpt;COMODO EasyVPN Service; C:\Program Files\COMODO\EasyVPN\Vpnservice.exe [2009-02-20 44776]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-12-12 5117568]
S2 gupdate1ca192a3b7c3607;Google Update Service (gupdate1ca192a3b7c3607); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-09 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-09 190448]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-08-13 1149776]
S2 WindowBlinds;Stardock WindowBlinds; C:\Program Files\Stardock\Object Desktop\MyColors\VistaSrv.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-29 31048]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-12-12 243840]
S4 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe service []
-----------------EOF-----------------
Running Kaspersky online scan now. Will post log when finished.
You posted another log.txt, I need to see Info.txt
C:\RSIT\Info.txt
typerextreme
2009-09-02, 03:53
:oops: sorry.
info.txt logfile of random's system information tool 1.06 2009-08-31 18:54:28
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->"C:\ProgramData\{3CD946D6-FCB3-456A-9A79-99A164EBBAB1}\Ad-Aware Beta.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{3CD946D6-FCB3-456A-9A79-99A164EBBAB1}\Ad-Aware Beta.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Age of Mythology - The Titans Expansion-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Agere Systems HDA Modem-->agrsmdel
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bejeweled 2 Deluxe 1.1-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CIF USB Camera-->C:\Program Files\InstallShield Installation Information\{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}\setup.exe -runfromtemp -l0x0009 -removeonly
COMODO EasyVPN-->MsiExec.exe /I{95FDBD58-0E40-4CCE-9AE2-5F3943F20053}
Comodo HopSurf-->"C:\Program Files\Comodo\HopSurfToolbar\HopSurf.exe"
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
COMODO System Cleaner-->MsiExec.exe /X{E25EB359-C7A3-4E0F-B06C-D6A539AD353E}
DeskScapes (Free)-->"C:\Program Files\Stardock\Object Desktop\DeskScapes\UninstHelper.exe" /autouninstall dksw
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Guard for Internet Explorer-->"C:\ProgramData\{3199D4CF-B5A3-40E3-AC2C-24BAEDA0B858}\Download Guard for Internet Explorer.exe" REMOVE=TRUE MODIFY=FALSE
Download Guard for Internet Explorer-->C:\ProgramData\{3199D4CF-B5A3-40E3-AC2C-24BAEDA0B858}\Download Guard for Internet Explorer.exe
EPSON CX7400 User's Guide-->C:\Program Files\epson\guide\cx7400_e\uninstall.exe
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7400 Series Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Free Studio version 4.2-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Gateway Connect-->MsiExec.exe /I{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}
Gateway Recovery Center Installer-->MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
Geek Squad 24 Hour Computer Support-->MsiExec.exe /I{356C1B0F-7ABD-4B52-ADD1-52681D27DBF6}
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
GTK2-Themes-->C:\Program Files\Common Files\GTK\2.0\gtk2_themes_uninst.exe
Guifications Plugin (remove only)-->C:\Program Files\Pidgin\pidgin-guifications-uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel(R) Processor ID Utility-->MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Power2Go 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
REALTEK USB Wireless LAN Driver-->C:\Program Files\InstallShield Installation Information\{7095FD27-37F0-4750-9DE8-D37DC0043706}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Songbird 1.2.0 (Build 1146)-->"C:\Program Files\Songbird\Songbird-Uninstall.exe"
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stardock Impulse-->"C:\ProgramData\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}\shareware.exe" REMOVE=TRUE MODIFY=FALSE
Stardock Impulse-->C:\ProgramData\{2C0895CF-C7CF-4FF0-B3B8-C0518C9E3418}\shareware.exe
Sun xVM VirtualBox-->MsiExec.exe /I{CD41004C-3C24-45E2-9D66-1ADB3EC678A6}
Super Collapse-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\supercollapse.rguninst" "AddRemove"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Terragen 2 Free Edition-->MsiExec.exe /I{BD8D42DC-02C9-47D0-99A3-7BF92E809D9C}
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: ThreatFire (disabled)
AV: Lavasoft Ad-Watch Live! Anti-Virus
AS: BitDefender Antispyware (disabled)
AS: Spybot - Search and Destroy (disabled)
AS: Lavasoft Ad-Watch Live!
AS: Windows Defender
AS: ThreatFire (disabled)
AS: SUPERAntiSpyware (disabled)
======System event log======
Computer Name: Ian-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Install Requested(Install Requested) state
Record Number: 56450
Source Name: Microsoft-Windows-Servicing
Time Written: 20090527103503.000000-000
Event Type: Warning
User: Ian-PC\Ian
Computer Name: Ian-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Install Requested(Install Requested) state
Record Number: 56362
Source Name: Microsoft-Windows-Servicing
Time Written: 20090527103503.000000-000
Event Type: Warning
User: Ian-PC\Ian
Computer Name: Ian-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Install Requested(Install Requested) state
Record Number: 56360
Source Name: Microsoft-Windows-Servicing
Time Written: 20090527103502.000000-000
Event Type: Warning
User: Ian-PC\Ian
Computer Name: Ian-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Install Requested(Install Requested) state
Record Number: 56356
Source Name: Microsoft-Windows-Servicing
Time Written: 20090527103502.000000-000
Event Type: Warning
User: Ian-PC\Ian
Computer Name: Ian-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948465(Service Pack) into Install Requested(Install Requested) state
Record Number: 56346
Source Name: Microsoft-Windows-Servicing
Time Written: 20090527103450.000000-000
Event Type: Warning
User: Ian-PC\Ian
=====Application event log=====
Computer Name: LH-53VHOC42G44H
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 408
Source Name: WerSvc
Time Written: 20090326030810.000000-000
Event Type: Error
User:
Computer Name: LH-53VHOC42G44H
Event Code: 0
Message: Failed to create nameless user.
Level: ERROR
Thread: CheckUserMessages
System.NullReferenceException: Object reference not set to an instance of an object.
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at SpareCore.SpareServer2.Server2.NamelessAddUser(String SubscriptionCode, String MacAddress, String ProductVersion, Guid& CustomerID)
at SpareCore.Online.TryCreateAnonymousAccount(Guid& userId)
Record Number: 401
Source Name: Spare Backup
Time Written: 20090326030235.000000-000
Event Type: Error
User:
Computer Name: LH-53VHOC42G44H
Event Code: 0
Message: Failure sending stream segment: The remote name could not be resolved: 'online.sparebackup.com'
Level: ERROR
Thread: CheckUserMessages
Record Number: 400
Source Name: Spare Backup
Time Written: 20090326030235.000000-000
Event Type: Error
User:
Computer Name: LH-53VHOC42G44H
Event Code: 0
Message: Failed to create nameless user.
Level: ERROR
Thread: main
System.NullReferenceException: Object reference not set to an instance of an object.
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at SpareCore.SpareServer2.Server2.NamelessAddUser(String SubscriptionCode, String MacAddress, String ProductVersion, Guid& CustomerID)
at SpareCore.Online.TryCreateAnonymousAccount(Guid& userId)
Record Number: 399
Source Name: Spare Backup
Time Written: 20090326030234.000000-000
Event Type: Error
User:
Computer Name: LH-53VHOC42G44H
Event Code: 0
Message: Failure sending stream segment: The remote name could not be resolved: 'online.sparebackup.com'
Level: ERROR
Thread: main
Record Number: 398
Source Name: Spare Backup
Time Written: 20090326030234.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: LH-53VHOC42G44H
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 349
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090326030815.623613-000
Event Type: Audit Success
User:
Computer Name: LH-53VHOC42G44H
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\cdralw2k.sys
Record Number: 348
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090326030616.034013-000
Event Type: Audit Failure
User:
Computer Name: LH-53VHOC42G44H
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume2\Windows\System32\drivers\cdr4_xp.sys
Record Number: 347
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090326030615.924813-000
Event Type: Audit Failure
User:
Computer Name: LH-53VHOC42G44H
Event Code: 4647
Message: User initiated logoff:
Subject:
Security ID: S-1-5-21-2807984788-2127066470-1189229894-500
Account Name: Administrator
Account Domain: LH-53VHOC42G44H
Logon ID: 0x28216
This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 346
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090326030433.448413-000
Event Type: Audit Success
User:
Computer Name: LH-53VHOC42G44H
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-2807984788-2127066470-1189229894-500
Account Name: Administrator
Domain Name: LH-53VHOC42G44H
Logon ID: 0x28216
Record Number: 345
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090326030146.898013-000
Event Type: Audit Success
User:
======Environment variables======
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\TIEDUC~1\TI-83P~1\UTILS;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"VBOX_INSTALL_PATH"=C:\Program Files\Sun\xVM VirtualBox\
-----------------EOF-----------------
typerextreme
2009-09-02, 04:46
:sad: Firefox died while kaspersky online scanner was scanning the first time, I'll leave this on overnight to scan when i go to bed. maybe it won't die the second time.
Have you tried the Kaspersky Scan in IE ?
typerextreme
2009-09-03, 01:01
I tried, but I couldn't get to the forum or Kaspersky's website in IE, kept getting This Page Cannot Be Displayed. And the few times I did get to the scanner, I had a glitch in IE where it would say this page needs an add-on that is disabled, click here to enable the addon, and all the addons i had installed were enabled. So i went to firefox. At this moment it is at 85% scan. I didn't get to start it till 4pm CDT. It has ran for 2 hours.
typerextreme
2009-09-03, 02:23
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, September 2, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 02, 2009 21:04:23
Records in database: 2740619
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
F:\
Scan statistics:
Objects scanned: 189030
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:46:10
No threats found. Scanned area is clean.
Selected area has been scanned.
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START, type RUN into the search box, then click Enter
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
OTCleanup
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt
You can also delete any logs we have produced and any other tools we have downloaded.
There is no malware that would be causing your problem, so if it persists I recommend that you visit one of the tech forums for assistance.
http://www.techsupportforum.com/
http://www.bleepingcomputer.com/forums/
http://forums.whatthetech.com/forums.html
All the forums above have good support for software/OS problems, and I'm sure they will be able to help.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
typerextreme
2009-09-04, 03:24
I appreciate your help, but I still have problems with not being able to log off. I told it the other night to log off from normal mode at 10pm my time, and it was still saying logging off when i got up at 5am the next morning.
Security Center claims windows update is set to never check for updates, when I know I have it set to a certain time for automatic download and install. I have never changed this setting, and even went to check it. Also anytime I plug in the ethernet cable to the computer, I get a message from Windows Defender detecting changes. I copied what Defender said at the bottom of this post. I denied them since I have never got that message until I started having all these problems.
You may archive this thread now, but I would like to know if I am going about this correctly.
I am going to do a complete re-installation of Windows.
I have backed up the files I want to keep to DVDs.
I am going to use this Gateway file (my computer is a gateway computer) (http://support.gateway.com/support/drivers/getFile.asp?id=21280&dscr=GWSCAN%205.12&uid=24365175) to wipe the harddrive with zeros.
Then I am going to use the Windows Vista CD that came with my computer to put Vista back on.
Apply all the updates and security software.
------
WINDOWS DEFENDER MESSAGE
------
Summary:
Application Execution change occurred.
This agent scans software just before it runs. You are alerted if the software has a high potential for harming your computer.
Path:
C:\Windows\system32\mswsock.dll
Detected changes:
lsp:
C:\Windows\System32\winrnr.dll
lsp:
C:\Windows\system32\pnrpnsp.dll
lsp:
C:\Windows\system32\NLAapi.dll
lsp:
C:\Windows\system32\napinsp.dll
lsp:
C:\Windows\system32\mswsock.dll
file:
C:\Windows\System32\winrnr.dll
file:
C:\Windows\system32\pnrpnsp.dll
file:
C:\Windows\system32\NLAapi.dll
file:
C:\Windows\system32\napinsp.dll
file:
C:\Windows\system32\mswsock.dll
Advice:
Permit this detected item only if you trust the program or the software publisher.
Publisher:
Microsoft Corporation
Digitally Signed By:
NOT SIGNED
Product name:
Microsoft® Windows® Operating System
Description:
Microsoft Windows Sockets 2.0 Service Provider
Original name:
mswsock.dll.mui
Creation date:
5/26/2009 9:59 PM
Size:
223232 bytes
Version:
6.0.6002.18005
Type:
dynamic link library (DLL)
Checkpoint:
Winsock Layered Service Provider
Category:
Not Yet Classified
-----
1) Also anytime I plug in the ethernet cable to the computer, I get a message from Windows Defender detecting changes.
2) but I would like to know if I am going about this correctly.
~
I am going to use this to wipe the harddrive with zeros.
1) curious, I've never seen that before ??
2) No need to write zeros, when you reinstall Vista it will give you the option to reformat the drive.
Make sure that you have a copy of any drivers that you may need before reformatting.
typerextreme
2009-09-05, 21:58
It is a specific thing for Gateways.
I had to write zeros because it made a backup of my program files, user folders, and windows folder on my harddrive. I wanted to make sure nothing was left over from the old installation.
typerextreme
2009-09-05, 21:58
You may archive this now. I have reinstalled Vista and all the service packs and windows updates. I have also installed all security software I use.