View Full Version : Possible infection, browser redirect
typerextreme
2010-06-21, 05:39
I believe I have a possible infection. A site that I regularly visit, http://lockerz.com has today redirected me to some Zynga gamebar thing. But a friend in a completely different state went to the same link and got the actual site.
I ran DDS but immediately upon allowing it to continue (Vista UAC) my antivirus detected a trojan in C:\Users\OWNER\AppData\Local\Temp\1CE3.tmp\evP.exe . It detected it as TrojWare.Win32.Agent.~JJG@91800696 .
I never got any logs. The black box appeared and stayed for a little while. some semicolons appeared in the box and then it disappeared. I waited for 10 minutes and no logs appeared.
My Antivirus/Firewall/System Monitor is COMODO Internet Security Premium 4.1.150349.920 with virus database 5167.
I backed up my registry with ERUNT.
I have run various registry cleaners/optimizers in the past on this computer.
They were, WinUtilities Pro 9.7, IOBIT Advanced System Care 3, Ashampoo WinOptimizer 6.
Panda Cloud Antivirus FREE is also running in the background of my computer.
I can post a hijack log from IOBIT Security 360's HijackScan component if needed.
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
I have run various registry cleaners/optimizers in the past on this computer. Not a good idea, remove the wrong entries ( and they sometimes do ) and you can wind up with an unbootable system, remove unneeded entries and you will see no difference in system performance. Unless your a windows expert I would stay clear of any registry cleaners.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
typerextreme
2010-06-26, 07:31
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288).
Read it, followed it, and my antivirus software decided DDS was a virus. Or something at least that didn't run till immediately when that was running. I quarantined it, would you like to look at it?
Not a good idea, remove the wrong entries ( and they sometimes do ) and you can wind up with an unbootable system, remove unneeded entries and you will see no difference in system performance. Unless your a windows expert I would stay clear of any registry cleaners.
I don't let it remove anything unless it's from a program I know I uninstalled already and no other programs use the particular registry entry.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
Pardon me for being suspicious, but this is the only computer I have and I at least want to keep it halfway working. I've honestly never heard of this program. Can you give me any more information about it BEFORE I use it?
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
-- I REMOVED THE IMAGE FROM THIS POST TO KEEP IT SHORTER --
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
Alright, here's the thing, I already have Malwarebytes installed on this computer. It is fairly up-to-date. I mean I had ran it not too terribly long before this happened and all it found was a couple of tracking cookies. Do I need to just update it and run the quick scan or uninstall it using a program I have called Cleanse Uninstaller Pro? Then reinstall it, update it, run the quick scan?
Oh and one more thing, for whatever reason the site is working fine for me the day after I posted this. It MAY have been a false alarm, however a particular program I have on my computer had one item running that I did not recognize as being with ANY program on my computer.
Good Morning,
As far as any of your questions, keep in mind this forum is for removing malware and viruses, we dont infect you , we remove them. We would not have you run any programs that we knew where not safe. The programs that we will or may run are ones that we have been using for years.
ATF Cleaner was written a few years ago by one of the best malware removal guys on the forums , logs in as ATRIBUNE, all that program does is deletes temp files and such, sometimes, but not always malware hides in the temp files folder, even if it does not, removing tons of temp files will most times speed up your system.
Update Malwarebytes and run it removing what it finds, post the log, it may give a clue to other malware present
Then run this program, make sure you have an internet connection when you run it, then post both logs
Random System Information Tool
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
typerextreme
2010-06-27, 01:10
ATF cleaner freed 299.9 MB of files.
MBAM
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4245
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928
6/26/2010 5:07:26 PM
mbam-log-2010-06-26 (17-07-26).txt
Scan type: Quick scan
Objects scanned: 130265
Time elapsed: 12 minute(s), 39 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
RSIT - Log.txt
Logfile of random's system information tool 1.07 (written by random/random)
Run by Ian at 2010-06-26 16:46:29
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 8 GB (18%) free of 41 GB
Total RAM: 2038 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:47:15 PM, on 6/26/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\WinUtilities\ToolMemoryOptimizer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\USBCrypt\USBCrypt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Launchy\Launchy.exe
C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BatteryAlarm.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Process Lasso\ProcessLasso.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\PidginPortable\App\Pidgin\pidgin-portable.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Ian\Music\Amazon MP3\RSIT.exe
C:\Program Files\trend micro\Ian.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [USBCrypt] C:\Program Files\USBCrypt\USBCrypt.exe /start-monitor /auto
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\Users\Ian\AppData\Local\Temp\E_S133B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: BatteryAlarm.exe
O4 - Startup: ccleaner.bat
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ian\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ian\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO EasyVPN VNC Service (CrdphService) - COMODO - C:\Program Files\COMODO\EasyVPN\crdphService.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: COMODO EasyVPN Service (EasyVpnAdpt) - Unknown owner - C:\Program Files\COMODO\EasyVPN\Vpnservice.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: JHFTX - Unknown owner - C:\Users\Ian\AppData\Local\Temp\JHFTX.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ccfaa5a9\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Comodo BackUp Service (SynchronizationService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: WinAbility Encryption Driver - WinAbility® Software Corporation - C:\Program Files\WinAbility Encryption Driver.10.2.0.1180\WED32.EXE
O23 - Service: XFIDMW - Unknown owner - C:\Users\Ian\AppData\Local\Temp\XFIDMW.exe (file missing)
--
End of file - 13886 bytes
======Scheduled tasks folder======
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\CBU taskID 63251679346 8.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1417349509-3224121729-3067038343-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1417349509-3224121729-3067038343-1000UA.job
C:\Windows\tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job
C:\Windows\tasks\WinUtilities_Disk_Cleaner_D81CDF27E9284401.job
C:\Windows\tasks\WinUtilities_History_Cleaner_D81CDF27E9284403.job
C:\Windows\tasks\WinUtilities_Registry_Cleaner_D81CDF27E9284402.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-06-13 341600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-05-26 448384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-06-07 380800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files\Free Download Manager\iefdm2.dll [2010-03-10 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll [2010-05-07 603920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-31 26400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll [2010-05-07 603920]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2010-01-07 158448]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-05-06 442433]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-06-03 2039240]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
"ProcessLassoManagementConsole"=C:\Program Files\Process Lasso\processlasso.exe [2010-05-18 414736]
"ProcessGovernor"=C:\Program Files\Process Lasso\processgovernor.exe [2010-05-18 252944]
"USBCrypt"=C:\Program Files\USBCrypt\USBCrypt.exe [2010-03-02 483240]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-02 1144104]
"PMBVolumeWatcher"=C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [2010-03-24 599328]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2010-05-06 1280344]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-06-13 202256]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-05-18 1311312]
"PSUNMain"=C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe [2010-05-14 406848]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
"EPSON Stylus CX7400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE [2007-02-15 179200]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2009-11-15 33120]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe
C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
BatteryAlarm.exe
ccleaner.bat
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
Logitech . Product Registration.lnk - C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [2009-12-03 273200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~1\COMMON~1\Stardock\mcpcore.dll [2008-03-28 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll [2009-12-19 177512]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll [2009-11-02 103728]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"SoftwareSASGeneration"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"NoResolveTrack"=
"NoViewContextMenu"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=
"StartMenuLogoff"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{393cc877-0de0-11df-af73-00e0b8e1a32c}]
shell\Auto\command - H:\launcher.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b1e6b82-0d5a-11df-814d-00e0b8e1a32c}]
shell\AutoRun\command - G:\StartPortableApps.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b1e6bb0-0d5a-11df-814d-00e0b8e1a32c}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\USBCrypt.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b906592d-168e-11df-b5c3-00e0b8e1a32c}]
shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee8c3046-78a7-11df-88af-08002700f817}]
shell\Auto\command - H:\launcher.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\launcher.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-06-26 16:46:32 ----DC---- C:\Program Files\trend micro
2010-06-26 16:46:29 ----DC---- C:\rsit
2010-06-26 12:15:28 ----AC---- C:\Windows\system32\tmp_docprotector.ini
2010-06-25 12:18:05 ----DC---- C:\Program Files\Astroburn Pro
2010-06-25 11:26:34 ----DC---- C:\Users\Ian\AppData\Roaming\Astroburn Pro
2010-06-25 11:26:34 ----DC---- C:\ProgramData\Astroburn Pro
2010-06-24 20:26:17 ----DC---- C:\Users\Ian\AppData\Roaming\Windows Live Writer
2010-06-24 20:21:22 ----DC---- C:\Windows\en
2010-06-24 19:42:32 ----DC---- C:\Program Files\Windows Installer Clean Up
2010-06-24 19:38:28 ----DC---- C:\72ed32bc88a65ea98cbac1
2010-06-24 19:29:32 ----DC---- C:\Windows\PCHEALTH
2010-06-24 17:03:17 ----DC---- C:\Config.Msi
2010-06-24 17:00:50 ----DC---- C:\Program Files\MSN Toolbar
2010-06-24 16:59:56 ----DC---- C:\Program Files\Bing Bar Installer
2010-06-24 16:40:38 ----AC---- C:\Windows\system32\webservices.dll
2010-06-23 16:10:48 ----DC---- C:\Windows\system32\WindowsPowerShell
2010-06-23 15:44:05 ----AC---- C:\Windows\system32\winrsmgr.dll
2010-06-23 15:43:40 ----AC---- C:\Windows\system32\wsmprovhost.exe
2010-06-23 15:43:40 ----AC---- C:\Windows\system32\winrshost.exe
2010-06-23 15:43:40 ----AC---- C:\Windows\system32\winrs.exe
2010-06-23 15:43:39 ----AC---- C:\Windows\system32\wsmplpxy.dll
2010-06-23 15:43:39 ----AC---- C:\Windows\system32\winrssrv.dll
2010-06-23 15:43:35 ----AC---- C:\Windows\system32\WsmRes.dll
2010-06-23 15:43:35 ----AC---- C:\Windows\system32\wevtfwd.dll
2010-06-23 15:43:35 ----AC---- C:\Windows\system32\wecutil.exe
2010-06-23 15:43:35 ----AC---- C:\Windows\system32\wecsvc.dll
2010-06-23 15:43:35 ----AC---- C:\Windows\system32\wecapi.dll
2010-06-23 15:43:34 ----AC---- C:\Windows\system32\pwrshplugin.dll
2010-06-23 15:43:26 ----AC---- C:\Windows\system32\winrm.vbs
2010-06-23 15:43:23 ----AC---- C:\Windows\system32\WsmAuto.dll
2010-06-23 15:43:22 ----AC---- C:\Windows\system32\WsmWmiPl.dll
2010-06-23 15:43:22 ----AC---- C:\Windows\system32\WsmSvc.dll
2010-06-23 15:43:22 ----AC---- C:\Windows\system32\WSManMigrationPlugin.dll
2010-06-23 15:43:22 ----AC---- C:\Windows\system32\WSManHTTPConfig.exe
2010-06-23 15:43:22 ----AC---- C:\Windows\system32\winrscmd.dll
2010-06-23 15:37:14 ----DC---- C:\Program Files\Microsoft.NET
2010-06-23 15:33:16 ----AC---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-23 15:33:16 ----AC---- C:\Windows\system32\PresentationHost.exe
2010-06-23 15:33:16 ----AC---- C:\Windows\system32\netfxperf.dll
2010-06-23 15:33:16 ----AC---- C:\Windows\system32\mscoree.dll
2010-06-23 15:33:16 ----AC---- C:\Windows\system32\dfshim.dll
2010-06-23 10:35:50 ----AC---- C:\Windows\system32\Apphlpdm.dll
2010-06-23 10:35:49 ----AC---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-21 21:21:00 ----AC---- C:\Windows\uninst.exe
2010-06-21 21:20:39 ----AC---- C:\Windows\RAUNINST.EXE
2010-06-21 21:20:10 ----DC---- C:\WESTWOOD
2010-06-21 21:10:19 ----DC---- C:\Program Files\MagicDisc
2010-06-21 21:06:38 ----DC---- C:\Program Files\Elaborate Bytes
2010-06-21 20:46:01 ----DC---- C:\ProgramData\DAEMON Tools Pro
2010-06-21 12:47:15 ----DC---- C:\Users\Ian\AppData\Roaming\QuickScan
2010-06-20 21:20:52 ----DC---- C:\Program Files\ERUNT
2010-06-19 20:21:56 ----DC---- C:\Program Files\QS
2010-06-17 10:49:38 ----DC---- C:\Users\Ian\AppData\Roaming\DAEMON Tools Pro
2010-06-15 20:42:40 ----DC---- C:\ProgramData\Panda Security
2010-06-15 13:17:41 ----DC---- C:\ProgramData\Logishrd
2010-06-15 13:17:38 ----DC---- C:\Program Files\Logitech
2010-06-15 12:57:18 ----DC---- C:\Users\Ian\AppData\Roaming\Logishrd
2010-06-14 21:24:21 ----DC---- C:\Program Files\SpeedFan
2010-06-13 22:17:48 ----DC---- C:\Program Files\Common Files\xing shared
2010-06-12 11:38:06 ----DC---- C:\Program Files\PCHand
2010-06-11 11:31:45 ----DC---- C:\Users\Ian\AppData\Roaming\Free Download Manager
2010-06-11 11:31:30 ----DC---- C:\ProgramData\FreeDownloadManager.ORG
2010-06-11 11:31:28 ----DC---- C:\Program Files\Free Download Manager
2010-06-11 10:47:48 ----DC---- C:\Program Files\Speccy
2010-06-10 00:45:08 ----DC---- C:\Users\Ian\AppData\Roaming\TeamViewer
2010-06-10 00:42:50 ----DC---- C:\Program Files\TeamViewer
2010-06-09 22:01:49 ----DC---- C:\Program Files\Tunatic
2010-06-09 16:02:15 ----DC---- C:\Program Files\Age of Mythology® Moder's Tools
2010-06-09 02:43:03 ----AC---- C:\Windows\system32\atmfd.dll
2010-06-09 02:43:00 ----AC---- C:\Windows\system32\atmlib.dll
2010-06-09 02:42:57 ----AC---- C:\Windows\system32\asycfilt.dll
2010-06-09 02:42:50 ----AC---- C:\Windows\system32\mshtml.dll
2010-06-09 02:42:49 ----AC---- C:\Windows\system32\ieframe.dll
2010-06-09 02:42:47 ----AC---- C:\Windows\system32\urlmon.dll
2010-06-09 02:42:47 ----AC---- C:\Windows\system32\iertutil.dll
2010-06-09 02:42:46 ----AC---- C:\Windows\system32\wininet.dll
2010-06-09 02:42:45 ----AC---- C:\Windows\system32\occache.dll
2010-06-09 02:42:45 ----AC---- C:\Windows\system32\msfeeds.dll
2010-06-09 02:42:44 ----AC---- C:\Windows\system32\mstime.dll
2010-06-09 02:42:44 ----AC---- C:\Windows\system32\iedkcs32.dll
2010-06-09 02:42:41 ----AC---- C:\Windows\system32\ieui.dll
2010-06-09 02:42:39 ----AC---- C:\Windows\system32\ieUnatt.exe
2010-06-09 02:42:39 ----AC---- C:\Windows\system32\iepeers.dll
2010-06-09 02:42:38 ----AC---- C:\Windows\system32\msfeedsbs.dll
2010-06-09 02:42:38 ----AC---- C:\Windows\system32\iesysprep.dll
2010-06-09 02:42:37 ----AC---- C:\Windows\system32\jsproxy.dll
2010-06-09 02:42:37 ----AC---- C:\Windows\system32\ie4uinit.exe
2010-06-09 02:42:36 ----AC---- C:\Windows\system32\msfeedssync.exe
2010-06-09 02:42:36 ----AC---- C:\Windows\system32\iesetup.dll
2010-06-09 02:42:35 ----AC---- C:\Windows\system32\iernonce.dll
2010-06-08 18:09:09 ----DC---- C:\Users\Ian\AppData\Roaming\Sony Corporation
2010-06-08 17:16:33 ----DC---- C:\Program Files\Sony
2010-06-08 17:16:24 ----DC---- C:\ProgramData\Sony Corporation
2010-06-07 19:10:52 ----DC---- C:\Program Files\WinUtilities
2010-06-07 17:33:38 ----AC---- C:\Windows\system32\sirenacm.dll
2010-06-07 17:31:07 ----DC---- C:\Nexon
2010-06-07 17:27:33 ----DC---- C:\ProgramData\NexonUS
2010-06-07 15:26:28 ----DC---- C:\Program Files\Pando Networks
2010-06-07 11:17:53 ----DC---- C:\Program Files\FreeOTFE
2010-06-07 00:25:42 ----DC---- C:\Users\Ian\AppData\Roaming\Apowersoft
2010-06-07 00:25:29 ----DC---- C:\Program Files\Apowersoft
2010-06-06 13:18:25 ----DC---- C:\Users\Ian\AppData\Roaming\TeraCopy
2010-06-06 13:18:12 ----SHDC---- C:\Windows\system32\%APPDATA%
2010-06-05 23:06:09 ----DC---- C:\ProgramData\WindowsSearch
2010-06-05 23:01:17 ----DC---- C:\Program Files\TeraCopy
2010-06-05 19:16:34 ----DC---- C:\Users\Ian\AppData\Roaming\Opera
2010-06-05 19:15:38 ----DC---- C:\Program Files\Opera
2010-06-05 17:01:39 ----DC---- C:\Users\Ian\AppData\Roaming\Songbird2
2010-06-05 16:59:34 ----DC---- C:\Program Files\Songbird
2010-06-04 23:31:15 ----DC---- C:\Windows\Sun
2010-06-04 23:30:31 ----DC---- C:\Program Files\Secunia
2010-06-03 19:14:03 ----DC---- C:\Windows\Skulls and Roses
2010-06-03 09:21:42 ----DC---- C:\Program Files\USBCrypt
2010-06-03 09:21:33 ----DC---- C:\Program Files\WinAbility Encryption Driver.10.2.0.1180
2010-06-03 09:21:23 ----DC---- C:\PROGRAMS
2010-06-02 17:27:26 ----DC---- C:\Users\Ian\AppData\Roaming\vlc
2010-06-02 14:12:55 ----DC---- C:\ProgramData\IObit
2010-06-02 14:08:10 ----DC---- C:\Users\Ian\AppData\Roaming\IObit
2010-06-02 14:08:10 ----DC---- C:\Program Files\IObit
2010-06-01 22:29:34 ----DC---- C:\Users\Ian\AppData\Roaming\FrostWire
2010-06-01 12:30:06 ----DC---- C:\Users\Ian\AppData\Roaming\YCanPDF
2010-06-01 12:27:55 ----DC---- C:\Program Files\pdfOCR
2010-06-01 08:47:27 ----DC---- C:\Windows\Minidump
2010-05-31 21:13:15 ----DC---- C:\Users\Ian\AppData\Roaming\DAEMON Tools Lite
2010-05-30 22:41:13 ----AC---- C:\Windows\system32\2010-05-31-03-41-13.033-VBoxSVC.exe-5464.log
2010-05-30 22:25:39 ----AC---- C:\Windows\system32\pwNative.exe
2010-05-30 22:17:42 ----DC---- C:\Program Files\EASEUS
2010-05-30 10:49:11 ----DC---- C:\Program Files\Common Files\DivX Shared
2010-05-30 10:13:13 ----DC---- C:\Windows\RisingSun
2010-05-30 09:53:32 ----DC---- C:\Windows\Alien se wall pack 2
2010-05-30 09:33:27 ----HDC---- C:\ProgramData\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2010-05-28 21:09:21 ----AC---- C:\Windows\system32\bandvwm.dll
2010-05-28 21:06:08 ----AC---- C:\Windows\system32\wbsys.dll
2010-05-28 21:06:07 ----AC---- C:\Windows\system32\wbload.dll
2010-05-28 21:03:26 ----AC---- C:\Windows\system32\msxml3a.dll
2010-05-28 21:02:31 ----AC---- C:\Windows\system32\atl71.dll
2010-05-28 21:02:30 ----DC---- C:\Program Files\Common Files\Stardock
2010-05-28 20:54:50 ----HDC---- C:\ProgramData\{76C80417-0C74-4A18-B59E-593FCE06C2ED}
2010-05-28 08:32:34 ----DC---- C:\Program Files\Zards software
2010-05-27 11:28:20 ----AC---- C:\Windows\system32\DfSdkBt.exe
2010-05-27 07:43:37 ----DC---- C:\Program Files\Ashampoo
======List of files/folders modified in the last 1 months======
2010-06-26 16:46:46 ----DC---- C:\Windows\Temp
2010-06-26 16:46:32 ----DC---- C:\Program Files
2010-06-26 16:34:38 ----DC---- C:\Windows\system32\drivers
2010-06-26 16:23:17 ----DC---- C:\Windows\Prefetch
2010-06-26 12:15:28 ----DC---- C:\Windows\System32
2010-06-25 11:49:07 ----ADC---- C:\Windows
2010-06-25 11:26:34 ----HDC---- C:\ProgramData
2010-06-25 10:12:15 ----SHD---- C:\System Volume Information
2010-06-24 23:52:15 ----DC---- C:\Windows\Microsoft.NET
2010-06-24 23:46:13 ----RSDC---- C:\Windows\assembly
2010-06-24 20:21:38 ----SHDC---- C:\Windows\Installer
2010-06-24 20:14:23 ----DC---- C:\Windows\system32\catroot2
2010-06-24 20:02:09 ----DC---- C:\Program Files\Windows Live
2010-06-24 19:40:53 ----DC---- C:\Program Files\MSECache
2010-06-24 19:34:16 ----DC---- C:\Windows\system32\DRVSTORE
2010-06-24 19:29:59 ----SDC---- C:\ProgramData\Microsoft
2010-06-24 19:29:39 ----D---- C:\Windows\winsxs
2010-06-24 19:29:34 ----DC---- C:\Program Files\Common Files\microsoft shared
2010-06-24 18:14:52 ----D---- C:\Windows\rescache
2010-06-24 17:26:08 ----RSDC---- C:\Windows\Fonts
2010-06-24 16:42:21 ----DC---- C:\Windows\system32\en-US
2010-06-24 16:41:55 ----DC---- C:\Windows\system32\catroot
2010-06-24 11:41:14 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2010-06-24 11:41:13 ----DC---- C:\Windows\inf
2010-06-23 16:10:54 ----DC---- C:\Windows\AppPatch
2010-06-23 16:10:53 ----DC---- C:\Windows\PolicyDefinitions
2010-06-23 16:10:42 ----DC---- C:\Windows\ehome
2010-06-21 21:09:46 ----DC---- C:\Windows\system32\Tasks
2010-06-21 10:07:12 ----DC---- C:\Windows\system
2010-06-20 19:34:27 ----DC---- C:\Windows\system32\wbem
2010-06-20 19:34:26 ----DC---- C:\Program Files\Common Files
2010-06-20 19:24:52 ----DC---- C:\Users\Ian\AppData\Roaming\TP
2010-06-18 15:31:31 ----DC---- C:\Users\Ian\AppData\Roaming\gtk-2.0
2010-06-18 14:18:57 ----DC---- C:\Users\Ian\AppData\Roaming\TrueCrypt
2010-06-16 20:59:52 ----DC---- C:\Users\Ian\AppData\Roaming\XBMC
2010-06-16 17:34:55 ----DC---- C:\Windows\system32\config
2010-06-16 17:32:13 ----DC---- C:\Program Files\MyDefrag v4.2.9
2010-06-15 20:42:40 ----DC---- C:\Program Files\Panda Security
2010-06-15 13:19:36 ----DC---- C:\Program Files\Common Files\Logishrd
2010-06-15 13:05:05 ----HDC---- C:\Program Files\InstallShield Installation Information
2010-06-15 12:57:19 ----DC---- C:\Users\Ian\AppData\Roaming\Logitech
2010-06-15 12:13:02 ----DC---- C:\Program Files\Microsoft Games
2010-06-15 11:09:27 ----DC---- C:\ProgramData\Spybot - Search & Destroy
2010-06-15 11:08:10 ----DC---- C:\Windows\Debug
2010-06-14 21:34:03 ----DC---- C:\Program Files\BatteryBar
2010-06-13 22:20:28 ----DC---- C:\Users\Ian\AppData\Roaming\Real
2010-06-13 22:20:12 ----DC---- C:\ProgramData\Real
2010-06-13 22:18:57 ----DC---- C:\Program Files\Common Files\Real
2010-06-13 22:18:53 ----AC---- C:\Windows\system32\rmoc3260.dll
2010-06-13 22:18:11 ----AC---- C:\Windows\system32\pndx5032.dll
2010-06-13 22:18:11 ----AC---- C:\Windows\system32\pndx5016.dll
2010-06-13 22:18:03 ----DC---- C:\Program Files\Real
2010-06-13 22:16:43 ----AC---- C:\Windows\system32\pncrt.dll
2010-06-13 16:54:44 ----DC---- C:\Windows\Tasks
2010-06-12 16:17:22 ----DC---- C:\Program Files\Aston2
2010-06-09 03:25:41 ----DC---- C:\Program Files\Windows Mail
2010-06-09 03:25:40 ----DC---- C:\Program Files\Internet Explorer
2010-06-09 03:25:38 ----DC---- C:\Windows\system32\migration
2010-06-06 13:54:37 ----DC---- C:\Program Files\Microsoft Silverlight
2010-06-06 13:47:33 ----AC---- C:\Windows\win.ini
2010-06-06 13:16:55 ----DC---- C:\ProgramData\DivX
2010-06-06 13:16:48 ----DC---- C:\Program Files\DivX
2010-06-03 14:06:44 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-03 13:09:49 ----AC---- C:\Windows\system32\guard32.dll
2010-06-03 12:20:45 ----DC---- C:\Users\Ian\AppData\Roaming\Launchy
2010-06-02 17:22:17 ----DC---- C:\Program Files\VideoLAN
2010-06-01 23:13:49 ----SHDC---- C:\Boot
2010-06-01 23:13:49 ----DC---- C:\Program Files\Mozilla Firefox
2010-05-30 10:50:00 ----DC---- C:\Program Files\Common Files\PX Storage Engine
2010-05-30 10:38:54 ----DC---- C:\Windows\system32\SPReview
2010-05-30 10:38:54 ----DC---- C:\Windows\system32\spool
2010-05-30 10:38:53 ----HDC---- C:\Windows\system32\GroupPolicy
2010-05-30 10:38:53 ----DC---- C:\Windows\system32\OEM
2010-05-30 10:38:53 ----DC---- C:\Windows\system32\Msdtc
2010-05-30 10:38:53 ----DC---- C:\Windows\system32\EventProviders
2010-05-30 10:38:46 ----DC---- C:\Users\Ian\AppData\Roaming\Winamp
2010-05-30 10:38:46 ----DC---- C:\Users\Ian\AppData\Roaming\ProcessLasso
2010-05-30 10:38:46 ----DC---- C:\Users\Ian\AppData\Roaming\Notepad++
2010-05-30 10:38:45 ----DC---- C:\Program Files\SystemRequirementsLab
2010-05-30 10:38:45 ----DC---- C:\Program Files\Process Lasso
2010-05-30 10:38:32 ----DC---- C:\Windows\registration
2010-05-30 10:38:21 ----DC---- C:\Windows\system32\Speech
2010-05-30 10:38:21 ----DC---- C:\Windows\system32\RemInst
2010-05-30 10:38:21 ----DC---- C:\Windows\system32\licensing
2010-05-30 09:33:20 ----DC---- C:\Program Files\Stardock
2010-05-28 21:15:48 ----DC---- C:\Users\Ian\AppData\Roaming\Stardock
2010-05-28 21:15:44 ----DC---- C:\ProgramData\Stardock
2010-05-28 14:37:34 ----AC---- C:\Windows\system32\mrt.exe
2010-05-27 11:15:37 ----DC---- C:\Users\Ian\AppData\Roaming\uTorrent
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2010-06-03 16744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-06-09 224240]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-06-03 30112]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 FreeOTFE;FreeOTFE; \??\C:\Windows\System32\FreeOTFE.sys [2010-02-07 31856]
R1 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc; \??\C:\Windows\System32\FreeOTFECypherAES_ltc.sys [2010-02-07 47216]
R1 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish; \??\C:\Windows\System32\FreeOTFECypherBlowfish.sys [2010-02-07 25200]
R1 FreeOTFECypherCAST5;FreeOTFECypherCAST5; \??\C:\Windows\System32\FreeOTFECypherCAST5.sys [2010-02-07 31088]
R1 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman; \??\C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys [2010-02-07 29808]
R1 FreeOTFECypherDES;FreeOTFECypherDES; \??\C:\Windows\System32\FreeOTFECypherDES.sys [2010-02-07 56816]
R1 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman; \??\C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys [2010-02-07 26480]
R1 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc; \??\C:\Windows\System32\FreeOTFECypherRC6_ltc.sys [2010-02-07 26096]
R1 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman; \??\C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys [2010-02-07 29168]
R1 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc; \??\C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys [2010-02-07 31856]
R1 FreeOTFEHashMD;FreeOTFEHashMD; \??\C:\Windows\System32\FreeOTFEHashMD.sys [2010-02-07 16880]
R1 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD; \??\C:\Windows\System32\FreeOTFEHashRIPEMD.sys [2010-02-07 32624]
R1 FreeOTFEHashSHA;FreeOTFEHashSHA; \??\C:\Windows\System32\FreeOTFEHashSHA.sys [2010-02-07 26224]
R1 FreeOTFEHashTiger;FreeOTFEHashTiger; \??\C:\Windows\System32\FreeOTFEHashTiger.sys [2010-02-07 22128]
R1 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool; \??\C:\Windows\System32\FreeOTFEHashWhirlpool.sys [2010-02-07 30704]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-06-03 75944]
R1 PSINKNC;PSINKNC; C:\Windows\system32\DRIVERS\psinknc.sys [2010-05-04 125960]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2010-01-30 223440]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2010-03-25 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2010-03-25 41680]
R2 PSINAflt;PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
R2 PSINFile;PSINFile; C:\Windows\system32\DRIVERS\PSINFile.sys [2010-04-30 99336]
R2 PSINProc;PSINProc; C:\Windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]
R2 PSINProt;PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [2010-05-12 111176]
R2 WED1180;WED1180; \??\C:\Program Files\WinAbility Encryption Driver.10.2.0.1180\WEDx86.sys [2010-03-02 126640]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2010-02-08 1163328]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2010-05-09 15664]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-03-18 38864]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-03-18 37328]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-03-22 262176]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 350720]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 47616]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-05-06 379904]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-10-14 32000]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2010-03-25 110608]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S1 vflt;Shrew Soft Lightweight Filter; C:\Windows\system32\DRIVERS\vfilter.sys []
S3 ATP;Comodo EasyVPN Miniport Driver; C:\Windows\system32\DRIVERS\cmdatp.sys [2010-03-26 17816]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 EnumProcessesDriver;EnumProcessesDriver; C:\Windows\System32\drivers\EnumProcessesDriver.sys [2009-12-07 17664]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-06-07 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 PAC207;PAC207 CIF USB Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-04-11 47360]
S3 PORTMON;PORTMON; \??\H:\PortableApps\SysinternalsSuite\PORTMSYS.SYS []
S3 pppop;PPPoP WAN Adapter; C:\Windows\system32\DRIVERS\pppop.sys []
S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-04-09 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-04-09 11104]
S3 TIEHDUSB;TIEHDUSB; C:\Windows\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2010-03-25 31824]
S3 vnet;Shrew Soft Virtual Adapter; C:\Windows\system32\DRIVERS\virtualnet.sys []
S3 WinUSB;WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-04-10 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2010-02-08 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-06-03 1778480]
R2 CrdphService;COMODO EasyVPN VNC Service; C:\Program Files\COMODO\EasyVPN\crdphService.exe [2010-03-29 491768]
R2 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
R2 EasyVpnAdpt;COMODO EasyVPN Service; C:\Program Files\COMODO\EasyVPN\Vpnservice.exe [2010-03-29 45304]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-05-06 312152]
R2 NanoServiceMain;Panda Cloud Antivirus Service; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
R2 nlsX86cc;NLS Service; C:\Windows\system32\NLSSRV32.EXE [2009-12-16 65856]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ccfaa5a9\STacSV.exe [2008-05-06 221239]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 SynchronizationService.exe;Comodo BackUp Service; C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe [2010-01-07 942328]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
R2 WinAbility Encryption Driver;WinAbility Encryption Driver; C:\Program Files\WinAbility Encryption Driver.10.2.0.1180\WED32.EXE [2010-03-02 161704]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-05-26 1730944]
R2 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2010-01-07 5950704]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-06-07 1424232]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 74680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 JHFTX;JHFTX; C:\Users\Ian\AppData\Local\Temp\JHFTX.exe []
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 293456]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 XFIDMW;XFIDMW; C:\Users\Ian\AppData\Local\Temp\XFIDMW.exe []
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Windows\system32\ZuneWlanCfgSvc.exe [2010-01-07 447216]
S4 wlcrasvc;Windows Live Devices remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-06-04 49504]
-----------------EOF-----------------
typerextreme
2010-06-27, 01:11
RSIT - Info.txt
info.txt logfile of random's system information tool 1.06 2010-06-26 16:47:35
======Uninstall list======
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 9.13 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Age of Empires III Trial-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\Intel 32\IDriver.exe /M{25B25C84-6132-4662-972B-4E4DC1B00C98}
Age of Mythology - The Titans Expansion-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Age of Mythology® Moder's Tools (Remove only)-->C:\Program Files\Age of Mythology® Moder's Tools\Uninstall.exe
Amazon MP3 Downloader 1.0.10-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AoMEUnInstall-->"C:\Program Files\Microsoft Games\Age of Mythology\unins001.exe"
AoMEUnInstall-->d:\aom\unins000.exe
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo WinOptimizer 6.60-->"C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\unins000.exe"
Astroburn Pro-->C:\Program Files\Astroburn Pro\uninst.exe
AudioBurst FX for Winamp-->C:\Program Files\QO Labs\AudioBurst\uninstall.exe
Battery Alarm-->MsiExec.exe /I{B7A43DA2-F2FD-44C2-A044-D24C3751C1BD}
BatteryBar (remove only)-->"C:\Program Files\BatteryBar\Uninstall.exe"
Bing Bar Platform-->MsiExec.exe /I{07766F89-EFAA-4635-86B7-636B89EA2C0D}
Bing Bar-->C:\Program Files\Bing Bar Installer\InstallManager.exe /UNINSTALL
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CIF USB Camera-->C:\Program Files\InstallShield Installation Information\{066A1255-1299-4EBA-B9B3-FA7FB14F92E4}\setup.exe -runfromtemp -l0x0009 -removeonly
Cleanse Uninstaller Pro 6.5 -->C:\Program Files\Zards software\Cleanse Uninstaller Pro\uninst.exe
COMODO BackUp-->MsiExec.exe /X{9C8C8E51-4A2A-476D-9B0C-C7EF3440F8F0}
COMODO EasyVPN-->MsiExec.exe /I{16622757-3724-4DA8-A5CC-3CE75636E8B9}
COMODO Internet Security-->MsiExec.exe /I{CC6B1BB4-4E06-4A5B-A166-B371B551324B}
COMODO livePCsupport-->MsiExec.exe /X{A31A5DFC-3439-48FC-99BB-5174168AE471}
Comodo TrustConnect™ v.1.7.1-->"C:\Program Files\Comodo\TrustConnect\unins000.exe"
D3DX10-->MsiExec.exe /X{52CDDA92-56B6-4BA5-BD8D-E13B186008CB}
DesignPro 5-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}
DeskScapes 3-->"C:\Program Files\Stardock\Object Desktop\DeskScapes3\UninstHelper.exe" /autouninstall deskscapes3
DivX Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7400 Series Scanner Driver Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}\Setup.exe" -l0x9
eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
erLT-->MsiExec.exe /I{A498D9EB-927B-459B-85D6-DD6EF8C2C564}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fences Pro-->"C:\Program Files\Stardock\Fences\UninstHelper.exe" /autouninstall fencespro
Free Download Manager 3.4 BETA-->"C:\Program Files\Free Download Manager\unins000.exe"
Free Studio version 4.6-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
FreeOTFE-->"C:\Program Files\FreeOTFE\uninstall.exe"
Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"
GIMP 2.6.8-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
HD Tune 2.55-->"C:\Program Files\HD Tune\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x9 -remove -removeonly
Impulse-->"C:\ProgramData\{76C80417-0C74-4A18-B59E-593FCE06C2ED}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\ProgramData\{76C80417-0C74-4A18-B59E-593FCE06C2ED}\Impulse_setup.exe
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
IObit Security 360-->"C:\Program Files\IObit\IObit Security 360\unins000.exe"
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Junk Mail filter update-->MsiExec.exe /I{11EFF057-8ED2-4321-A19D-D673DECB36CC}
Launchy 2.5-->"C:\Program Files\Launchy\unins000.exe"
Logitech SetPoint 6.1-->C:\Program Files\Common Files\LogiShrd\SP6_Uninstall\setup.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{2C4F4D53-78D6-41FB-A4D7-105C537464EB}
Messenger Companion-->MsiExec.exe /I{007EA334-6071-41BF-B8C7-4C4E37E49DA7}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Default Manager-->MsiExec.exe /X{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}
Microsoft PowerPoint Viewer-->MsiExec.exe /X{95140000-00AF-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
MKV Converter Studio V2.0.1-->"C:\Program Files\Apowersoft\MKV Converter Studio\unins000.exe"
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{035C76D2-7D8E-484D-8CA3-686C0B474A2B}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MyDefrag v4.2.9-->"C:\Program Files\MyDefrag v4.2.9\unins000.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
Opera 10.60-->MsiExec.exe /X{550B1A38-1A72-433A-8915-0568CCE81D74}
Paint.NET v3.5.5-->MsiExec.exe /X{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}
Panda Cloud Antivirus-->"C:\Program Files\Panda Security\Panda Cloud Antivirus\Setup.exe" /X{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}
Panda Cloud Antivirus-->MsiExec.exe /X{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}
PCHand Media Converter Pro 1.0.0.1-->"C:\Program Files\PCHand\Media Converter Pro\unins000.exe"
PDF OCR 4.0-->"c:\program files\pdfOCR\unins000.exe"
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PMB Updater-->MsiExec.exe /X{2E87C89F-293F-41A8-BB59-2A14CEAE15C7}
PMB-->MsiExec.exe /X{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}
Process Lasso-->"C:\Program Files\Process Lasso\uninstall.exe"
Python 2.6 pycairo-1.4.12-->"C:\Python26\Removepycairo.exe" -u "C:\Python26\pycairo-wininst.log"
Python 2.6 pygobject-2.14.2-->"C:\Python26\Removepygobject.exe" -u "C:\Python26\pygobject-wininst.log"
Python 2.6 pygtk-2.16.0-->"C:\Python26\Removepygtk.exe" -u "C:\Python26\pygtk-wininst.log"
Python 2.6.4-->MsiExec.exe /I{E7394A0F-3F80-45B1-87FC-ABCD51893246}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek Ethernet Controller Driver For Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Recuva-->"C:\Program Files\Recuva\uninst.exe"
Red Alert Windows 95-->C:\Windows\RAUNINST.EXE C:\Windows\UNINST.EXE -fC:\WESTWOOD\REDALERT\DeIsL1.isu
Revo Uninstaller 1.85-->C:\Program Files\Revo Uninstaller\uninst.exe
Secunia PSI-->"C:\Program Files\Secunia\PSI\uninstall.exe"
Segoe UI-->MsiExec.exe /I{DA25B88F-FEBE-48F2-9203-0FC682A4E92B}
Smart Defrag-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Songbird 1.7.2 (Build 1667)-->"C:\Program Files\Songbird\Songbird-Uninstall.exe"
Speccy-->"C:\Program Files\Speccy\uninst.exe"
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sun VirtualBox-->MsiExec.exe /I{948B09C2-16EF-41DC-8E24-5C90B9D8360F}
System Requirements Lab for Intel-->MsiExec.exe /I{F7FC9307-374E-4017-8E9D-DE1154780480}
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
TeraCopy 2.12-->"C:\Program Files\TeraCopy\unins000.exe"
Terragen 2 Free Edition-->MsiExec.exe /I{BD8D42DC-02C9-47D0-99A3-7BF92E809D9C}
Terragen 2 Free Edition-->MsiExec.exe /I{CCCC1B61-1E92-4388-9AFC-5C883071833D}
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Tunatic-->"C:\Windows\lsb_un20.exe" /C=UC /N=Tunatic
TweakVista-->"C:\Program Files\Stardock\Object Desktop\TweakVista\UninstHelper.exe" /autouninstall tv
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
UnInstallLOME303-->"C:\Program Files\Microsoft Games\Age of Mythology\unins004.exe"
UnInstallLOMEMain-->"C:\Program Files\Microsoft Games\Age of Mythology\unins002.exe"
UnInstallLOMESoundtrack-->"C:\Program Files\Microsoft Games\Age of Mythology\unins003.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
USBCrypt 10.2.0-->MsiExec.exe /X{DC736505-8638-4536-9B71-1FE8EF3C1742}
USBCrypt-->"C:\Program Files\USBCrypt\Setup.exe" /U
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual C++ Runtime-->MsiExec.exe /I{A7B44FB6-5631-4A4A-9DAD-82F7E3C767B9}
VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Weather Watcher-->"C:\Program Files\Weather Watcher\unins000.exe"
Westwood Online-->C:\WESTWOOD\WWONLINE\UNINSTWC.EXE C:\Windows\UNINST.EXE -fC:\WESTWOOD\WWONLINE\DeIsL1.isu
WinAbility Encryption Driver 10.2.0-->MsiExec.exe /X{8E1B355F-4122-4877-9A29-900E659FDDFD}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Communications Platform-->MsiExec.exe /I{FA5D1C9E-154D-49B1-8CF0-DF5FAB6171EA}
Windows Live Essentials Beta-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials Beta-->MsiExec.exe /I{EACF374B-9D4C-4A07-8EB3-706BD8DAA650}
Windows Live Family Safety-->MsiExec.exe /I{327C84FA-3DD9-4371-8C09-99E1D5B7FA24}
Windows Live Family Safety-->MsiExec.exe /X{A5DA9FAD-C016-4B49-8A04-4F2B2BF04A7B}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{CCF6B621-7C92-4A45-9A87-F7968D87925A}
Windows Live Installer-->MsiExec.exe /I{46BAF2A0-3789-4E49-B000-4BB64426D1BF}
Windows Live Mail-->MsiExec.exe /I{2607FE6B-1D61-46E5-A544-54666B0EF908}
Windows Live Mail-->MsiExec.exe /I{C2687C43-507E-4D4B-A30A-3C836C756226}
Windows Live Messenger Companion Core-->MsiExec.exe /I{9D0467C4-F69C-4E9D-8765-7774D8971F5C}
Windows Live Messenger-->MsiExec.exe /X{2578D94A-A88A-4643-9DAA-F0A5E981EB04}
Windows Live Messenger-->MsiExec.exe /X{8E74FC72-018A-4EC5-86AA-D8021309D484}
Windows Live MIME IFilter-->MsiExec.exe /I{488A6828-2E74-4517-9E9E-CD50664B0EBE}
Windows Live Movie Maker-->MsiExec.exe /X{46C106C9-3856-4A6A-AAC8-7070FBA02D2F}
Windows Live Movie Maker-->MsiExec.exe /X{D943C8AC-9E03-4C2D-B54C-A28ABE931665}
Windows Live Photo Common Beta-->MsiExec.exe /X{D4790ACB-4BB4-4FE6-9F64-1D4486C8E40C}
Windows Live Photo Common-->MsiExec.exe /X{61E7F654-7D99-4C69-94D8-DF53E297AF9B}
Windows Live Photo Gallery Beta-->MsiExec.exe /X{7EFA8362-CE86-46E7-BEB9-B2DB4F0D0EE6}
Windows Live Photo Gallery-->MsiExec.exe /X{91803386-4FBD-4C38-9644-26B0F9464031}
Windows Live PIMT Platform-->MsiExec.exe /I{B5BD2B33-FDB8-4DE5-87B3-2810CAF4A6E4}
Windows Live Remote Client Resources-->MsiExec.exe /I{1A25F3EF-7C66-4B3E-9507-D015C88C41B1}
Windows Live Remote Client-->MsiExec.exe /I{98C73E3D-0486-4DD8-938B-EC9B1AF35B9C}
Windows Live Remote Service Resources-->MsiExec.exe /I{617BD5B7-53EF-4D1E-81B5-3CD995CC0058}
Windows Live Remote Service-->MsiExec.exe /I{321AC187-D400-41B4-BDEB-F3E80FFCE20F}
Windows Live SOXE Definitions-->MsiExec.exe /I{74B0BEB0-2EB3-448F-B8E9-40983BC902E1}
Windows Live SOXE-->MsiExec.exe /I{EFBE9DAB-9C80-4911-847B-2A2C25E8F9CB}
Windows Live Sync ActiveX Control for Remote Connections-->MsiExec.exe /I{D65F8E34-C050-4E6C-86DB-D2B9075749A0}
Windows Live Sync Beta-->MsiExec.exe /I{4EC66844-AE87-47DC-B02D-E36C75EAF22C}
Windows Live Sync Beta-->MsiExec.exe /I{7A8E7F22-3628-4846-A578-516BDCB2CEAA}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6B0AE911-A3F4-4D55-9CA7-C76DC2BCEA86}
Windows Live UX Platform-->MsiExec.exe /I{6592C2B8-949A-4C88-BCB9-0990A218B215}
Windows Live Writer Resources-->MsiExec.exe /X{E24DFAA7-9495-4F7D-BB9E-211C2D0A76E5}
Windows Live Writer-->MsiExec.exe /X{224935E4-2014-4B22-95DC-2CCF5428B4BF}
Windows Live Writer-->MsiExec.exe /X{83BC206C-98A5-4CF3-B884-2B58CD4AB951}
Windows Live Writer-->MsiExec.exe /X{EE338AB8-4E85-4C04-AC07-1357A266DD35}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinUtilities 9.7 Professional Edition-->"C:\Program Files\WinUtilities\unins000.exe"
x-Pict Story for Memory Card-->"C:\Program Files\InstallShield Installation Information\{B401315E-0228-43A6-B1BB-7C1D1514D444}\setup.exe" -runfromtemp -l0x0409 -removeonly
x-Pict Story for Memory Card-->MsiExec.exe /X{B401315E-0228-43A6-B1BB-7C1D1514D444}
Zune Language Pack (DE)-->MsiExec.exe /X{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune Language Pack (IT)-->MsiExec.exe /X{40EC6323-497B-44DA-8A88-74578622D9B3}
Zune-->C:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{888FFC82-688D-46AB-A776-B417885432B6}
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AS: Spybot - Search and Destroy (disabled) (outdated)
AS: Windows Defender
======System event log======
Computer Name: Ian-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB976098(Update) into Install Requested(Install Requested) state
Record Number: 17762
Source Name: Microsoft-Windows-Servicing
Time Written: 20100130155939.000000-000
Event Type: Warning
User: Ian-PC\Ian
Computer Name: Ian-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB976098(Update) into Install Requested(Install Requested) state
Record Number: 17725
Source Name: Microsoft-Windows-Servicing
Time Written: 20100130155939.000000-000
Event Type: Warning
User: Ian-PC\Ian
Computer Name: Ian-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB976098(Update) into Install Requested(Install Requested) state
Record Number: 17723
Source Name: Microsoft-Windows-Servicing
Time Written: 20100130155939.000000-000
Event Type: Warning
User: Ian-PC\Ian
Computer Name: Ian-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB976098(Update) into Install Requested(Install Requested) state
Record Number: 17721
Source Name: Microsoft-Windows-Servicing
Time Written: 20100130155939.000000-000
Event Type: Warning
User: Ian-PC\Ian
Computer Name: Ian-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB976098(Update) into Install Requested(Install Requested) state
Record Number: 17719
Source Name: Microsoft-Windows-Servicing
Time Written: 20100130155939.000000-000
Event Type: Warning
User: Ian-PC\Ian
=====Application event log=====
Computer Name: Ian-PC
Event Code: 6004
Message: The winlogon notification subscriber <TrustedInstaller> failed a critical notification event.
Record Number: 137
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100130040828.000000-000
Event Type: Warning
User:
Computer Name: Ian-PC
Event Code: 6004
Message: The winlogon notification subscriber <TrustedInstaller> failed a critical notification event.
Record Number: 122
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100130040257.000000-000
Event Type: Warning
User:
Computer Name: Ian-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1417349509-3224121729-3067038343-1000:
Process 492 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-1417349509-3224121729-3067038343-1000
Record Number: 78
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100130031950.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Ian-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.
Record Number: 25
Source Name: Microsoft-Windows-Search
Time Written: 20100130025154.000000-000
Event Type: Warning
User:
Computer Name: 26L2233B2-11
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 13
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20100130104656.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: 26L2233B2-11
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: 26L2233B2-11$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x1dc
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100130104549.069399-000
Event Type: Audit Success
User:
Computer Name: 26L2233B2-11
Event Code: 4902
Message: The Per-user audit policy table was created.
Number of Elements: 0
Policy ID: 0x4d84c
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100130104543.921366-000
Event Type: Audit Success
User:
Computer Name: 26L2233B2-11
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 0
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100130104542.564158-000
Event Type: Audit Success
User:
Computer Name: 26L2233B2-11
Event Code: 4608
Message: Windows is starting up.
This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100130104542.564158-000
Event Type: Audit Success
User:
Computer Name: 26L2233B2-11
Event Code: 4647
Message: User initiated logoff:
Subject:
Security ID: S-1-5-21-2152478756-3922319563-605102323-500
Account Name: Administrator
Account Domain: 26L2233B2-11
Logon ID: 0x8496a
This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20061102130954.400000-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"VBOX_INSTALL_PATH"=C:\Program Files\Sun\VirtualBox\
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"DEVMGR_SHOW_DETAILS"=1
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
-----------------EOF-----------------
Hi,
C:\Program Files\uTorrent<--File sharing will actually get you into trouble, its out policy if we see it installed to have the user uninstall it. Your downloading that file from an unknown source and not all but most contain malware of some kind, its like playing Russian Roulette malwarewise.
http://www.spywareinfoforum.com/index.php?showtopic=126267
Read this about IObit Security 360, you may want to think about uninstalling it and if so I can link you to some free programs that are more than adequate
O23 - Service: JHFTX - Unknown owner - C:\Users\Ian\AppData\Local\Temp\JHFTX.exe (file missing)
O23 - Service: XFIDMW - Unknown owner - C:\Users\Ian\AppData\Local\Temp\XFIDMW.exe (file missing)
You have these two services running, is this something you installed and know about ?
typerextreme
2010-06-27, 21:11
Hi,
C:\Program Files\uTorrent<--File sharing will actually get you into trouble, its out policy if we see it installed to have the user uninstall it. Your downloading that file from an unknown source and not all but most contain malware of some kind, its like playing Russian Roulette malwarewise.
Uninstalled.
http://www.spywareinfoforum.com/index.php?showtopic=126267
Read this about IObit Security 360, you may want to think about uninstalling it and if so I can link you to some free programs that are more than adequate
I read about that too, and that info is from november of 2009 as well i had read at some point in time (i have no linkback) that they fixed the problem.
O23 - Service: JHFTX - Unknown owner - C:\Users\Ian\AppData\Local\Temp\JHFTX.exe (file missing)
O23 - Service: XFIDMW - Unknown owner - C:\Users\Ian\AppData\Local\Temp\XFIDMW.exe (file missing)
You have these two services running, is this something you installed and know about ?
Nope, never heard of them.
Lets do this, any service running from a temp directory has to be bogus
Open notepad and then copy and paste the bolded lines below into Notepad.
Go to File > save as and name the file fixes.bat.
Change the Save as type to all files and save it to your desktop.
@echo off
sc stop JHFTX
sc delete JHFTX
sc stop XFIDMW
sc delete XFIDMW
Double-click on fixes.bat file to execute it.
Reboot and post a new RSIT log.
typerextreme
2010-06-27, 21:52
I ran it twice. First time I just ran it like you said. Second time I ran it through command prompt and told it to log everything to a text file. This is the report.
[SC] OpenService FAILED 5:
Access is denied.
[SC] OpenService FAILED 5:
Access is denied.
[SC] OpenService FAILED 5:
Access is denied.
[SC] OpenService FAILED 5:
Access is denied.
------EOF-----
I'm running Vista in case this helps any.
typerextreme
2010-06-27, 21:53
I have not rebooted because said fix didn't work. Also I have not ran RSIT again.
Right click on it and select RUN AS ADMINISTRATOR
typerextreme
2010-06-27, 23:17
Logfile of random's system information tool 1.07 (written by random/random)
Run by Ian at 2010-06-27 15:13:43
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 7 GB (17%) free of 41 GB
Total RAM: 2038 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:14:10 PM, on 6/27/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\WinUtilities\ToolMemoryOptimizer.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\USBCrypt\USBCrypt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Launchy\Launchy.exe
C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BatteryAlarm.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Java\jre6\bin\javaws.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Ian\AppData\Local\Google\Chrome\Application\chrome.exe
D:\Ian\Music\Amazon MP3\RSIT.exe
C:\Program Files\trend micro\Ian.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [USBCrypt] C:\Program Files\USBCrypt\USBCrypt.exe /start-monitor /auto
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\Users\Ian\AppData\Local\Temp\E_S133B.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: BatteryAlarm.exe
O4 - Startup: ccleaner.bat
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ian\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ian\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://systemrequirementslab.com.s3.amazonaws.com/iduu/bin/srldetect_intel.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO EasyVPN VNC Service (CrdphService) - COMODO - C:\Program Files\COMODO\EasyVPN\crdphService.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: COMODO EasyVPN Service (EasyVpnAdpt) - Unknown owner - C:\Program Files\COMODO\EasyVPN\Vpnservice.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ccfaa5a9\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Comodo BackUp Service (SynchronizationService.exe) - Unknown owner - C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: WinAbility Encryption Driver - WinAbility® Software Corporation - C:\Program Files\WinAbility Encryption Driver.10.2.0.1180\WED32.EXE
--
End of file - 13281 bytes
======Scheduled tasks folder======
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\CBU taskID 63251679346 8.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1417349509-3224121729-3067038343-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1417349509-3224121729-3067038343-1000UA.job
C:\Windows\tasks\MemOptimizer-02BB2F56CB964deb8996194DE7EB5275.job
C:\Windows\tasks\WinUtilities_Disk_Cleaner_D81CDF27E9284401.job
C:\Windows\tasks\WinUtilities_History_Cleaner_D81CDF27E9284403.job
C:\Windows\tasks\WinUtilities_Registry_Cleaner_D81CDF27E9284402.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-06-13 341600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-05-26 448384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-06-07 380800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
Free Download Manager - C:\Program Files\Free Download Manager\iefdm2.dll [2010-03-10 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar BHO - C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll [2010-05-07 603920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-31 26400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - @C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll,-100 - C:\Program Files\MSN Toolbar\Platform\6.0.2156.0\npwinext.dll [2010-05-07 603920]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"Zune Launcher"=C:\Program Files\Zune\ZuneLauncher.exe [2010-01-07 158448]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-05-06 442433]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-06-03 2039240]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]
"ProcessLassoManagementConsole"=C:\Program Files\Process Lasso\processlasso.exe [2010-05-18 414736]
"ProcessGovernor"=C:\Program Files\Process Lasso\processgovernor.exe [2010-05-18 252944]
"USBCrypt"=C:\Program Files\USBCrypt\USBCrypt.exe [2010-03-02 483240]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-02 1144104]
"PMBVolumeWatcher"=C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [2010-03-24 599328]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2010-05-06 1280344]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-06-13 202256]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-05-18 1311312]
"PSUNMain"=C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe [2010-05-14 406848]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"Microsoft Default Manager"=C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
"EPSON Stylus CX7400 Series"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE [2007-02-15 179200]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [2009-11-15 33120]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe
C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
BatteryAlarm.exe
ccleaner.bat
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
Logitech . Product Registration.lnk - C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\Windows\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll [2009-12-03 273200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\PROGRA~1\COMMON~1\Stardock\mcpcore.dll [2008-03-28 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll [2009-12-19 177512]
Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\Program Files\Stardock\Object Desktop\DeskScapes3\deskscapes.dll [2009-11-02 103728]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"SoftwareSASGeneration"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"NoResolveTrack"=
"NoViewContextMenu"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=
"StartMenuLogoff"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{393cc877-0de0-11df-af73-00e0b8e1a32c}]
shell\Auto\command - H:\launcher.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\launcher.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b1e6b82-0d5a-11df-814d-00e0b8e1a32c}]
shell\AutoRun\command - G:\StartPortableApps.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b1e6bb0-0d5a-11df-814d-00e0b8e1a32c}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\USBCrypt.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b906592d-168e-11df-b5c3-00e0b8e1a32c}]
shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee8c3046-78a7-11df-88af-08002700f817}]
shell\Auto\command - H:\launcher.exe
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\launcher.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-06-26 22:33:53 ----DC---- C:\Program Files\iPod
2010-06-26 22:33:40 ----DC---- C:\Program Files\iTunes
2010-06-26 22:21:30 ----DC---- C:\Program Files\Bonjour
2010-06-26 22:17:14 ----DC---- C:\Program Files\Safari
2010-06-26 16:46:32 ----DC---- C:\Program Files\trend micro
2010-06-26 16:46:29 ----DC---- C:\rsit
2010-06-26 12:15:28 ----AC---- C:\Windows\system32\tmp_docprotector.ini
2010-06-25 12:18:05 ----DC---- C:\Program Files\Astroburn Pro
2010-06-25 11:26:34 ----DC---- C:\Users\Ian\AppData\Roaming\Astroburn Pro
2010-06-25 11:26:34 ----DC---- C:\ProgramData\Astroburn Pro
2010-06-24 20:26:17 ----DC---- C:\Users\Ian\AppData\Roaming\Windows Live Writer
2010-06-24 20:21:22 ----DC---- C:\Windows\en
2010-06-24 19:42:32 ----DC---- C:\Program Files\Windows Installer Clean Up
2010-06-24 19:38:28 ----DC---- C:\72ed32bc88a65ea98cbac1
2010-06-24 19:29:32 ----DC---- C:\Windows\PCHEALTH
2010-06-24 17:03:17 ----DC---- C:\Config.Msi
2010-06-24 17:00:50 ----DC---- C:\Program Files\MSN Toolbar
2010-06-24 16:59:56 ----DC---- C:\Program Files\Bing Bar Installer
2010-06-24 16:40:38 ----AC---- C:\Windows\system32\webservices.dll
2010-06-23 16:10:48 ----DC---- C:\Windows\system32\WindowsPowerShell
2010-06-23 15:44:05 ----AC---- C:\Windows\system32\winrsmgr.dll
2010-06-23 15:43:40 ----AC---- C:\Windows\system32\wsmprovhost.exe
2010-06-23 15:43:40 ----AC---- C:\Windows\system32\winrshost.exe
2010-06-23 15:43:40 ----AC---- C:\Windows\system32\winrs.exe
2010-06-23 15:43:39 ----AC---- C:\Windows\system32\wsmplpxy.dll
2010-06-23 15:43:39 ----AC---- C:\Windows\system32\winrssrv.dll
2010-06-23 15:43:35 ----AC---- C:\Windows\system32\WsmRes.dll
2010-06-23 15:43:35 ----AC---- C:\Windows\system32\wevtfwd.dll
2010-06-23 15:43:35 ----AC---- C:\Windows\system32\wecutil.exe
2010-06-23 15:43:35 ----AC---- C:\Windows\system32\wecsvc.dll
2010-06-23 15:43:35 ----AC---- C:\Windows\system32\wecapi.dll
2010-06-23 15:43:34 ----AC---- C:\Windows\system32\pwrshplugin.dll
2010-06-23 15:43:26 ----AC---- C:\Windows\system32\winrm.vbs
2010-06-23 15:43:23 ----AC---- C:\Windows\system32\WsmAuto.dll
2010-06-23 15:43:22 ----AC---- C:\Windows\system32\WsmWmiPl.dll
2010-06-23 15:43:22 ----AC---- C:\Windows\system32\WsmSvc.dll
2010-06-23 15:43:22 ----AC---- C:\Windows\system32\WSManMigrationPlugin.dll
2010-06-23 15:43:22 ----AC---- C:\Windows\system32\WSManHTTPConfig.exe
2010-06-23 15:43:22 ----AC---- C:\Windows\system32\winrscmd.dll
2010-06-23 15:37:14 ----DC---- C:\Program Files\Microsoft.NET
2010-06-23 15:33:16 ----AC---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-23 15:33:16 ----AC---- C:\Windows\system32\PresentationHost.exe
2010-06-23 15:33:16 ----AC---- C:\Windows\system32\netfxperf.dll
2010-06-23 15:33:16 ----AC---- C:\Windows\system32\mscoree.dll
2010-06-23 15:33:16 ----AC---- C:\Windows\system32\dfshim.dll
2010-06-23 10:35:50 ----AC---- C:\Windows\system32\Apphlpdm.dll
2010-06-23 10:35:49 ----AC---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-06-21 21:21:00 ----AC---- C:\Windows\uninst.exe
2010-06-21 21:20:39 ----AC---- C:\Windows\RAUNINST.EXE
2010-06-21 21:20:10 ----DC---- C:\WESTWOOD
2010-06-21 21:10:19 ----DC---- C:\Program Files\MagicDisc
2010-06-21 21:06:38 ----DC---- C:\Program Files\Elaborate Bytes
2010-06-21 20:46:01 ----DC---- C:\ProgramData\DAEMON Tools Pro
2010-06-21 12:47:15 ----DC---- C:\Users\Ian\AppData\Roaming\QuickScan
2010-06-20 21:20:52 ----DC---- C:\Program Files\ERUNT
2010-06-19 20:21:56 ----DC---- C:\Program Files\QS
2010-06-17 10:49:38 ----DC---- C:\Users\Ian\AppData\Roaming\DAEMON Tools Pro
2010-06-15 20:42:40 ----DC---- C:\ProgramData\Panda Security
2010-06-15 13:17:41 ----DC---- C:\ProgramData\Logishrd
2010-06-15 13:17:38 ----DC---- C:\Program Files\Logitech
2010-06-15 12:57:18 ----DC---- C:\Users\Ian\AppData\Roaming\Logishrd
2010-06-14 21:24:21 ----DC---- C:\Program Files\SpeedFan
2010-06-13 22:17:48 ----DC---- C:\Program Files\Common Files\xing shared
2010-06-12 11:38:06 ----DC---- C:\Program Files\PCHand
2010-06-11 11:31:45 ----DC---- C:\Users\Ian\AppData\Roaming\Free Download Manager
2010-06-11 11:31:30 ----DC---- C:\ProgramData\FreeDownloadManager.ORG
2010-06-11 11:31:28 ----DC---- C:\Program Files\Free Download Manager
2010-06-11 10:47:48 ----DC---- C:\Program Files\Speccy
2010-06-10 00:45:08 ----DC---- C:\Users\Ian\AppData\Roaming\TeamViewer
2010-06-10 00:42:50 ----DC---- C:\Program Files\TeamViewer
2010-06-09 22:01:49 ----DC---- C:\Program Files\Tunatic
2010-06-09 16:02:15 ----DC---- C:\Program Files\Age of Mythology® Moder's Tools
2010-06-09 02:43:03 ----AC---- C:\Windows\system32\atmfd.dll
2010-06-09 02:43:00 ----AC---- C:\Windows\system32\atmlib.dll
2010-06-09 02:42:57 ----AC---- C:\Windows\system32\asycfilt.dll
2010-06-09 02:42:50 ----AC---- C:\Windows\system32\mshtml.dll
2010-06-09 02:42:49 ----AC---- C:\Windows\system32\ieframe.dll
2010-06-09 02:42:47 ----AC---- C:\Windows\system32\urlmon.dll
2010-06-09 02:42:47 ----AC---- C:\Windows\system32\iertutil.dll
2010-06-09 02:42:46 ----AC---- C:\Windows\system32\wininet.dll
2010-06-09 02:42:45 ----AC---- C:\Windows\system32\occache.dll
2010-06-09 02:42:45 ----AC---- C:\Windows\system32\msfeeds.dll
2010-06-09 02:42:44 ----AC---- C:\Windows\system32\mstime.dll
2010-06-09 02:42:44 ----AC---- C:\Windows\system32\iedkcs32.dll
2010-06-09 02:42:41 ----AC---- C:\Windows\system32\ieui.dll
2010-06-09 02:42:39 ----AC---- C:\Windows\system32\ieUnatt.exe
2010-06-09 02:42:39 ----AC---- C:\Windows\system32\iepeers.dll
2010-06-09 02:42:38 ----AC---- C:\Windows\system32\msfeedsbs.dll
2010-06-09 02:42:38 ----AC---- C:\Windows\system32\iesysprep.dll
2010-06-09 02:42:37 ----AC---- C:\Windows\system32\jsproxy.dll
2010-06-09 02:42:37 ----AC---- C:\Windows\system32\ie4uinit.exe
2010-06-09 02:42:36 ----AC---- C:\Windows\system32\msfeedssync.exe
2010-06-09 02:42:36 ----AC---- C:\Windows\system32\iesetup.dll
2010-06-09 02:42:35 ----AC---- C:\Windows\system32\iernonce.dll
2010-06-08 18:09:09 ----DC---- C:\Users\Ian\AppData\Roaming\Sony Corporation
2010-06-08 17:16:33 ----DC---- C:\Program Files\Sony
2010-06-08 17:16:24 ----DC---- C:\ProgramData\Sony Corporation
2010-06-07 19:10:52 ----DC---- C:\Program Files\WinUtilities
2010-06-07 17:33:38 ----AC---- C:\Windows\system32\sirenacm.dll
2010-06-07 17:31:07 ----DC---- C:\Nexon
2010-06-07 17:27:33 ----DC---- C:\ProgramData\NexonUS
2010-06-07 15:26:28 ----DC---- C:\Program Files\Pando Networks
2010-06-07 11:17:53 ----DC---- C:\Program Files\FreeOTFE
2010-06-07 00:25:42 ----DC---- C:\Users\Ian\AppData\Roaming\Apowersoft
2010-06-07 00:25:29 ----DC---- C:\Program Files\Apowersoft
2010-06-06 13:18:25 ----DC---- C:\Users\Ian\AppData\Roaming\TeraCopy
2010-06-06 13:18:12 ----SHDC---- C:\Windows\system32\%APPDATA%
2010-06-05 23:06:09 ----DC---- C:\ProgramData\WindowsSearch
2010-06-05 23:01:17 ----DC---- C:\Program Files\TeraCopy
2010-06-05 19:16:34 ----DC---- C:\Users\Ian\AppData\Roaming\Opera
2010-06-05 19:15:38 ----DC---- C:\Program Files\Opera
2010-06-05 17:01:39 ----DC---- C:\Users\Ian\AppData\Roaming\Songbird2
2010-06-05 16:59:34 ----DC---- C:\Program Files\Songbird
2010-06-04 23:31:15 ----DC---- C:\Windows\Sun
2010-06-04 23:30:31 ----DC---- C:\Program Files\Secunia
2010-06-03 19:14:03 ----DC---- C:\Windows\Skulls and Roses
2010-06-03 09:21:42 ----DC---- C:\Program Files\USBCrypt
2010-06-03 09:21:33 ----DC---- C:\Program Files\WinAbility Encryption Driver.10.2.0.1180
2010-06-03 09:21:23 ----DC---- C:\PROGRAMS
2010-06-02 17:27:26 ----DC---- C:\Users\Ian\AppData\Roaming\vlc
2010-06-02 14:12:55 ----DC---- C:\ProgramData\IObit
2010-06-02 14:08:10 ----DC---- C:\Users\Ian\AppData\Roaming\IObit
2010-06-02 14:08:10 ----DC---- C:\Program Files\IObit
2010-06-01 22:29:34 ----DC---- C:\Users\Ian\AppData\Roaming\FrostWire
2010-06-01 12:30:06 ----DC---- C:\Users\Ian\AppData\Roaming\YCanPDF
2010-06-01 12:27:55 ----DC---- C:\Program Files\pdfOCR
2010-06-01 08:47:27 ----DC---- C:\Windows\Minidump
2010-05-31 21:13:15 ----DC---- C:\Users\Ian\AppData\Roaming\DAEMON Tools Lite
2010-05-30 22:41:13 ----AC---- C:\Windows\system32\2010-05-31-03-41-13.033-VBoxSVC.exe-5464.log
2010-05-30 22:25:39 ----AC---- C:\Windows\system32\pwNative.exe
2010-05-30 22:17:42 ----DC---- C:\Program Files\EASEUS
2010-05-30 10:49:11 ----DC---- C:\Program Files\Common Files\DivX Shared
2010-05-30 10:13:13 ----DC---- C:\Windows\RisingSun
2010-05-30 09:53:32 ----DC---- C:\Windows\Alien se wall pack 2
2010-05-30 09:33:27 ----HDC---- C:\ProgramData\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
2010-05-28 21:09:21 ----AC---- C:\Windows\system32\bandvwm.dll
2010-05-28 21:06:08 ----AC---- C:\Windows\system32\wbsys.dll
2010-05-28 21:06:07 ----AC---- C:\Windows\system32\wbload.dll
2010-05-28 21:03:26 ----AC---- C:\Windows\system32\msxml3a.dll
2010-05-28 21:02:31 ----AC---- C:\Windows\system32\atl71.dll
2010-05-28 21:02:30 ----DC---- C:\Program Files\Common Files\Stardock
2010-05-28 20:54:50 ----HDC---- C:\ProgramData\{76C80417-0C74-4A18-B59E-593FCE06C2ED}
2010-05-28 08:32:34 ----DC---- C:\Program Files\Zards software
======List of files/folders modified in the last 1 months======
2010-06-27 15:13:56 ----DC---- C:\Windows\Temp
2010-06-27 15:10:24 ----DC---- C:\Windows\Prefetch
2010-06-27 15:00:50 ----DC---- C:\Windows\system32\drivers
2010-06-27 13:15:43 ----DC---- C:\Program Files
2010-06-27 13:15:31 ----DC---- C:\Users\Ian\AppData\Roaming\uTorrent
2010-06-27 09:46:39 ----DC---- C:\Windows\System32
2010-06-27 09:45:43 ----DC---- C:\Users\Ian\AppData\Roaming\Apple Computer
2010-06-27 09:41:35 ----ADC---- C:\Windows
2010-06-27 09:36:59 ----DC---- C:\Windows\system32\catroot
2010-06-26 22:39:39 ----SHD---- C:\System Volume Information
2010-06-26 22:38:31 ----SHDC---- C:\Windows\Installer
2010-06-26 22:33:51 ----DC---- C:\Program Files\Common Files\Apple
2010-06-26 22:25:13 ----DC---- C:\Windows\inf
2010-06-25 11:26:34 ----HDC---- C:\ProgramData
2010-06-24 23:52:15 ----DC---- C:\Windows\Microsoft.NET
2010-06-24 23:46:13 ----RSDC---- C:\Windows\assembly
2010-06-24 20:14:23 ----DC---- C:\Windows\system32\catroot2
2010-06-24 20:02:09 ----DC---- C:\Program Files\Windows Live
2010-06-24 19:40:53 ----DC---- C:\Program Files\MSECache
2010-06-24 19:34:16 ----DC---- C:\Windows\system32\DRVSTORE
2010-06-24 19:29:59 ----SDC---- C:\ProgramData\Microsoft
2010-06-24 19:29:39 ----D---- C:\Windows\winsxs
2010-06-24 19:29:34 ----DC---- C:\Program Files\Common Files\microsoft shared
2010-06-24 18:14:52 ----D---- C:\Windows\rescache
2010-06-24 17:26:08 ----RSDC---- C:\Windows\Fonts
2010-06-24 16:42:21 ----DC---- C:\Windows\system32\en-US
2010-06-24 11:41:14 ----AC---- C:\Windows\system32\PerfStringBackup.INI
2010-06-23 16:10:54 ----DC---- C:\Windows\AppPatch
2010-06-23 16:10:53 ----DC---- C:\Windows\PolicyDefinitions
2010-06-23 16:10:42 ----DC---- C:\Windows\ehome
2010-06-21 21:09:46 ----DC---- C:\Windows\system32\Tasks
2010-06-21 10:07:12 ----DC---- C:\Windows\system
2010-06-20 19:34:27 ----DC---- C:\Windows\system32\wbem
2010-06-20 19:34:26 ----DC---- C:\Program Files\Common Files
2010-06-20 19:24:52 ----DC---- C:\Users\Ian\AppData\Roaming\TP
2010-06-18 15:31:31 ----DC---- C:\Users\Ian\AppData\Roaming\gtk-2.0
2010-06-18 14:18:57 ----DC---- C:\Users\Ian\AppData\Roaming\TrueCrypt
2010-06-16 20:59:52 ----DC---- C:\Users\Ian\AppData\Roaming\XBMC
2010-06-16 17:34:55 ----DC---- C:\Windows\system32\config
2010-06-16 17:32:13 ----DC---- C:\Program Files\MyDefrag v4.2.9
2010-06-15 20:42:40 ----DC---- C:\Program Files\Panda Security
2010-06-15 13:19:36 ----DC---- C:\Program Files\Common Files\Logishrd
2010-06-15 13:05:05 ----HDC---- C:\Program Files\InstallShield Installation Information
2010-06-15 12:57:19 ----DC---- C:\Users\Ian\AppData\Roaming\Logitech
2010-06-15 12:13:02 ----DC---- C:\Program Files\Microsoft Games
2010-06-15 11:09:27 ----DC---- C:\ProgramData\Spybot - Search & Destroy
2010-06-15 11:08:10 ----DC---- C:\Windows\Debug
2010-06-14 21:34:03 ----DC---- C:\Program Files\BatteryBar
2010-06-13 22:20:28 ----DC---- C:\Users\Ian\AppData\Roaming\Real
2010-06-13 22:20:12 ----DC---- C:\ProgramData\Real
2010-06-13 22:18:57 ----DC---- C:\Program Files\Common Files\Real
2010-06-13 22:18:53 ----AC---- C:\Windows\system32\rmoc3260.dll
2010-06-13 22:18:11 ----AC---- C:\Windows\system32\pndx5032.dll
2010-06-13 22:18:11 ----AC---- C:\Windows\system32\pndx5016.dll
2010-06-13 22:18:03 ----DC---- C:\Program Files\Real
2010-06-13 22:16:43 ----AC---- C:\Windows\system32\pncrt.dll
2010-06-13 16:54:44 ----DC---- C:\Windows\Tasks
2010-06-12 16:17:22 ----DC---- C:\Program Files\Aston2
2010-06-09 03:25:41 ----DC---- C:\Program Files\Windows Mail
2010-06-09 03:25:40 ----DC---- C:\Program Files\Internet Explorer
2010-06-09 03:25:38 ----DC---- C:\Windows\system32\migration
2010-06-06 13:54:37 ----DC---- C:\Program Files\Microsoft Silverlight
2010-06-06 13:47:33 ----AC---- C:\Windows\win.ini
2010-06-06 13:16:55 ----DC---- C:\ProgramData\DivX
2010-06-06 13:16:48 ----DC---- C:\Program Files\DivX
2010-06-03 14:06:44 ----DC---- C:\Program Files\Malwarebytes' Anti-Malware
2010-06-03 13:09:49 ----AC---- C:\Windows\system32\guard32.dll
2010-06-03 12:20:45 ----DC---- C:\Users\Ian\AppData\Roaming\Launchy
2010-06-02 17:22:17 ----DC---- C:\Program Files\VideoLAN
2010-06-01 23:13:49 ----SHDC---- C:\Boot
2010-06-01 23:13:49 ----DC---- C:\Program Files\Mozilla Firefox
2010-05-30 10:50:00 ----DC---- C:\Program Files\Common Files\PX Storage Engine
2010-05-30 10:38:54 ----DC---- C:\Windows\system32\SPReview
2010-05-30 10:38:54 ----DC---- C:\Windows\system32\spool
2010-05-30 10:38:53 ----HDC---- C:\Windows\system32\GroupPolicy
2010-05-30 10:38:53 ----DC---- C:\Windows\system32\OEM
2010-05-30 10:38:53 ----DC---- C:\Windows\system32\Msdtc
2010-05-30 10:38:53 ----DC---- C:\Windows\system32\EventProviders
2010-05-30 10:38:46 ----DC---- C:\Users\Ian\AppData\Roaming\Winamp
2010-05-30 10:38:46 ----DC---- C:\Users\Ian\AppData\Roaming\ProcessLasso
2010-05-30 10:38:46 ----DC---- C:\Users\Ian\AppData\Roaming\Notepad++
2010-05-30 10:38:45 ----DC---- C:\Program Files\SystemRequirementsLab
2010-05-30 10:38:45 ----DC---- C:\Program Files\Process Lasso
2010-05-30 10:38:32 ----DC---- C:\Windows\registration
2010-05-30 10:38:21 ----DC---- C:\Windows\system32\Speech
2010-05-30 10:38:21 ----DC---- C:\Windows\system32\RemInst
2010-05-30 10:38:21 ----DC---- C:\Windows\system32\licensing
2010-05-30 09:33:20 ----DC---- C:\Program Files\Stardock
2010-05-28 21:15:48 ----DC---- C:\Users\Ian\AppData\Roaming\Stardock
2010-05-28 21:15:44 ----DC---- C:\ProgramData\Stardock
2010-05-28 14:37:34 ----AC---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2010-06-03 16744]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2010-06-09 224240]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2010-06-03 30112]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 FreeOTFE;FreeOTFE; \??\C:\Windows\System32\FreeOTFE.sys [2010-02-07 31856]
R1 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc; \??\C:\Windows\System32\FreeOTFECypherAES_ltc.sys [2010-02-07 47216]
R1 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish; \??\C:\Windows\System32\FreeOTFECypherBlowfish.sys [2010-02-07 25200]
R1 FreeOTFECypherCAST5;FreeOTFECypherCAST5; \??\C:\Windows\System32\FreeOTFECypherCAST5.sys [2010-02-07 31088]
R1 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman; \??\C:\Windows\System32\FreeOTFECypherCAST6_Gladman.sys [2010-02-07 29808]
R1 FreeOTFECypherDES;FreeOTFECypherDES; \??\C:\Windows\System32\FreeOTFECypherDES.sys [2010-02-07 56816]
R1 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman; \??\C:\Windows\System32\FreeOTFECypherMARS_Gladman.sys [2010-02-07 26480]
R1 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc; \??\C:\Windows\System32\FreeOTFECypherRC6_ltc.sys [2010-02-07 26096]
R1 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman; \??\C:\Windows\System32\FreeOTFECypherSerpent_Gladman.sys [2010-02-07 29168]
R1 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc; \??\C:\Windows\System32\FreeOTFECypherTwofish_ltc.sys [2010-02-07 31856]
R1 FreeOTFEHashMD;FreeOTFEHashMD; \??\C:\Windows\System32\FreeOTFEHashMD.sys [2010-02-07 16880]
R1 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD; \??\C:\Windows\System32\FreeOTFEHashRIPEMD.sys [2010-02-07 32624]
R1 FreeOTFEHashSHA;FreeOTFEHashSHA; \??\C:\Windows\System32\FreeOTFEHashSHA.sys [2010-02-07 26224]
R1 FreeOTFEHashTiger;FreeOTFEHashTiger; \??\C:\Windows\System32\FreeOTFEHashTiger.sys [2010-02-07 22128]
R1 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool; \??\C:\Windows\System32\FreeOTFEHashWhirlpool.sys [2010-02-07 30704]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2010-06-03 75944]
R1 PSINKNC;PSINKNC; C:\Windows\system32\DRIVERS\psinknc.sys [2010-05-04 125960]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2010-01-30 223440]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2010-03-25 123856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2010-03-25 41680]
R2 PSINAflt;PSINAflt; C:\Windows\system32\DRIVERS\PSINAflt.sys [2010-05-27 141384]
R2 PSINFile;PSINFile; C:\Windows\system32\DRIVERS\PSINFile.sys [2010-04-30 99336]
R2 PSINProc;PSINProc; C:\Windows\system32\DRIVERS\PSINProc.sys [2010-04-30 111112]
R2 PSINProt;PSINProt; C:\Windows\system32\DRIVERS\PSINProt.sys [2010-05-12 111176]
R2 WED1180;WED1180; \??\C:\Program Files\WinAbility Encryption Driver.10.2.0.1180\WEDx86.sys [2010-03-02 126640]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2010-02-08 1163328]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2010-05-09 15664]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2010-03-18 38864]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2010-03-18 37328]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-03-22 262176]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 350720]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 47616]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-05-06 379904]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-10-14 32000]
R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2010-03-25 110608]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
S1 vflt;Shrew Soft Lightweight Filter; C:\Windows\system32\DRIVERS\vfilter.sys []
S3 ATP;Comodo EasyVPN Miniport Driver; C:\Windows\system32\DRIVERS\cmdatp.sys [2010-03-26 17816]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 EnumProcessesDriver;EnumProcessesDriver; C:\Windows\System32\drivers\EnumProcessesDriver.sys [2009-12-07 17664]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-06-07 39272]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 PAC207;PAC207 CIF USB Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-04-11 47360]
S3 PORTMON;PORTMON; \??\H:\PortableApps\SysinternalsSuite\PORTMSYS.SYS []
S3 pppop;PPPoP WAN Adapter; C:\Windows\system32\DRIVERS\pppop.sys []
S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2010-04-09 16472]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2010-04-09 11104]
S3 TIEHDUSB;TIEHDUSB; C:\Windows\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 TMPassthruMP;TMPassthruMP; C:\Windows\system32\DRIVERS\TMPassthru.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2010-03-25 31824]
S3 vnet;Shrew Soft Virtual Adapter; C:\Windows\system32\DRIVERS\virtualnet.sys []
S3 WinUSB;WinUSB; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-04-10 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2010-02-08 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-06-03 1778480]
R2 CrdphService;COMODO EasyVPN VNC Service; C:\Program Files\COMODO\EasyVPN\crdphService.exe [2010-03-29 491768]
R2 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 406016]
R2 EasyVpnAdpt;COMODO EasyVPN Service; C:\Program Files\COMODO\EasyVPN\Vpnservice.exe [2010-03-29 45304]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-05-06 312152]
R2 NanoServiceMain;Panda Cloud Antivirus Service; C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-04-30 136448]
R2 nlsX86cc;NLS Service; C:\Windows\system32\NLSSRV32.EXE [2009-12-16 65856]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ccfaa5a9\STacSV.exe [2008-05-06 221239]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 SynchronizationService.exe;Comodo BackUp Service; C:\Program Files\COMODO\COMODO BackUp\SynchronizationService.exe [2010-01-07 942328]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
R2 WinAbility Encryption Driver;WinAbility Encryption Driver; C:\Program Files\WinAbility Encryption Driver.10.2.0.1180\WED32.EXE [2010-03-02 161704]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-05-26 1730944]
R2 ZuneNetworkSvc;Zune Network Sharing Service; C:\Program Files\Zune\ZuneNss.exe [2010-01-07 5950704]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-06-07 1424232]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 74680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-05-06 293456]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; C:\Windows\system32\ZuneWlanCfgSvc.exe [2010-01-07 447216]
S4 wlcrasvc;Windows Live Devices remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-06-04 49504]
-----------------EOF-----------------
it only made this one file.
Thats fine, looks like there gone, how are things running now ?
typerextreme
2010-06-27, 23:27
Well things seem to be going pretty good. I really didn't notice anything before we got rid of those temp folder services or whatever they were. Which is worrying me if there was something not working before and I didn't know about it. I think that's all though. Need me to run anything else?
Lets run a free online virus scanner to make sure we didn't miss anything
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Due to inactivity, this thread will now be closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.