New
#61
Would that include "WhiteSmoke"? Scroll down to oovootoolbar...
whitesmoketoolbar.dll Details. Is this file safe? Check the directory
Could I please have the RSIT log? You have so many toolbars loaded on this computer!!Certificate
File Names
- Details: This file is not digitally signed.
- Filename: oovootoolbar.dll
- Filename: dtband.dll
- Filename: whitesmoketoolbar.dll
I'm unclear on a direction. The link you supplied indicates:
File Names
- Filenameovootoolbar.dll
- Filename: dtband.dll
- Filename: whitesmoketoolbar.dll
Reported Behavior
that neither of those items exhibit anything suspicious. And yes, this laptop does have the whitesmoketoolbar.dll. Should I be deleting it?
- Details: No suspicious behavior reported so far.
Some people have reported that the whitesmoke toolbar has taken control over their IE and FireFox browsers.
Oops, sorry. I didn't see that you'd asked for this. I reran RSIT:
Log.txt
Logfile of random's system information tool 1.09 (written by random/random)
Run by Owner at 2011-09-06 12:24:07
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 180 GB (80%) free of 226 GB
Total RAM: 1979 MB (44% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:12 PM, on 9/6/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Owner\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ž127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nwprovau.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/tech...bs/tgctlcm.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{92B3BE0F-C1B5-4DF3-A4FB-4611CB16B819}: NameServer = 4.2.2.2,4.2.2.3
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\coIEPlg.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iWinTrusted - iWin Inc. - C:\Program Files (x86)\iWin Games\iWinTrusted.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton Security Suite (N360) - Unknown owner - C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9211 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2559799070-2916064766-2587329467-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2559799070-2916064766-2587329467-1000UA.job
C:\Windows\tasks\HPCeeScheduleForOwner.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-04-15 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-04 42272]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-05-08 2780432]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"=C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [2009-04-30 5472016]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-05-26 15147400]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll [2011-08-27 203776]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=lvcodec2.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"msacm.l3codecp"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2011-09-06 12:24:07 ----D---- C:\rsit
2011-09-05 13:43:19 ----D---- C:\Windows\Minidump
2011-09-05 00:21:49 ----D---- C:\_OTL
2011-09-03 00:20:37 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2011-09-02 23:56:19 ----D---- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2011-09-02 22:24:55 ----SHD---- C:\$RECYCLE.BIN
2011-09-02 22:19:58 ----A---- C:\ComboFix.txt
2011-09-02 22:04:06 ----A---- C:\Windows\zip.exe
2011-09-02 22:04:06 ----A---- C:\Windows\SWSC.exe
2011-09-02 22:04:06 ----A---- C:\Windows\SWREG.exe
2011-09-02 22:04:06 ----A---- C:\Windows\sed.exe
2011-09-02 22:04:06 ----A---- C:\Windows\PEV.exe
2011-09-02 22:04:06 ----A---- C:\Windows\NIRCMD.exe
2011-09-02 22:04:06 ----A---- C:\Windows\MBR.exe
2011-09-02 22:04:06 ----A---- C:\Windows\grep.exe
2011-09-02 22:04:00 ----D---- C:\Windows\ERDNT
2011-09-02 22:03:55 ----D---- C:\Qoobox
2011-09-02 21:29:41 ----D---- C:\Program Files (x86)\Microsoft Security Client
2011-09-02 15:13:01 ----D---- C:\ProgramData\NortonInstaller
2011-09-02 14:35:56 ----D---- C:\Program Files (x86)\ESET
2011-09-01 23:22:27 ----D---- C:\Program Files (x86)\Common Files\Java
2011-09-01 23:22:12 ----A---- C:\Windows\SysWOW64\javaws.exe
2011-09-01 23:22:12 ----A---- C:\Windows\SysWOW64\javaw.exe
2011-09-01 23:22:12 ----A---- C:\Windows\SysWOW64\java.exe
2011-09-01 01:54:29 ----D---- C:\Users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2011-09-01 01:53:46 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2011-09-01 00:05:32 ----D---- C:\Program Files (x86)\Trend Micro
2011-08-31 12:54:06 ----A---- C:\Windows\ntbtlog.txt
2011-08-31 03:30:04 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2011-08-29 20:19:22 ----D---- C:\Users\Owner\AppData\Roaming\Malwarebytes
2011-08-29 20:19:09 ----D---- C:\ProgramData\Malwarebytes
2011-08-29 20:19:07 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\wininet.dll
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\urlmon.dll
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\msrating.dll
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\msls31.dll
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\jscript9.dll
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\jscript.dll
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\iertutil.dll
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\iepeers.dll
2011-08-27 05:58:44 ----A---- C:\Windows\SysWOW64\IEAdvpack.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\wextract.exe
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\webcheck.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\vbscript.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\url.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\SetIEInstalledDate.exe
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\pngfilt.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\occache.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\mshtmler.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\mshtml.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\mshta.exe
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\inseng.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\imgutil.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\iexpress.exe
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\ieui.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\iesetup.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\iernonce.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\ieframe.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\ieapfltr.dat
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\ieakui.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\ieaksie.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\ieakeng.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\ie4uinit.exe
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\icardie.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2011-08-27 05:58:43 ----A---- C:\Windows\SysWOW64\admparse.dll
2011-08-26 16:04:45 ----HD---- C:\Windows\update.8.1
2011-08-24 19:21:17 ----D---- C:\Windows\pss
2011-08-23 18:55:56 ----A---- C:\Windows\SysWOW64\tzres.dll
2011-08-20 08:14:43 ----D---- C:\Windows\Sun
2011-08-19 12:53:48 ----D---- C:\Program Files (x86)\Common Files\Adobe
2011-08-19 12:49:30 ----D---- C:\Users\Owner\AppData\Roaming\Itibiti
2011-08-19 12:49:07 ----D---- C:\Program Files (x86)\Itibiti Soft Phone
2011-08-19 12:49:05 ----SHD---- C:\Windows\SysWOW64\AI_RecycleBin
2011-08-19 12:49:00 ----D---- C:\ProgramData\W3i
2011-08-19 12:49:00 ----D---- C:\Program Files (x86)\W3i
2011-08-19 12:48:41 ----D---- C:\Program Files (x86)\IMinent Toolbar
2011-08-19 12:48:37 ----D---- C:\Program Files (x86)\fbDownloader
2011-08-19 12:48:29 ----D---- C:\ProgramData\IMinent
2011-08-19 12:48:27 ----D---- C:\Program Files (x86)\Iminent
2011-08-19 12:47:55 ----D---- C:\Program Files (x86)\Shop To Win
2011-08-19 12:36:28 ----D---- C:\Windows\ufa
2011-08-19 12:35:51 ----D---- C:\Firefox
2011-08-19 12:35:04 ----SHD---- C:\Windows\SysWOW64\%APPDATA%
2011-08-19 12:34:28 ----D---- C:\Users\Owner\AppData\Roaming\vmntemplate
2011-08-19 12:34:28 ----D---- C:\Users\Owner\AppData\Roaming\oovootoolbar
2011-08-19 12:33:18 ----A---- C:\Windows\unrar.exe
2011-08-19 12:33:13 ----A---- C:\Windows\Paltalk Messenger Setup Log.txt
2011-08-19 12:32:03 ----D---- C:\Windows\av_ico
2011-08-19 12:30:05 ----HD---- C:\Windows\update.tray-10-0-lnk
2011-08-19 12:30:05 ----HD---- C:\Windows\update.tray-10-0
2011-08-11 14:24:27 ----A---- C:\Windows\SysWOW64\xmllite.dll
2011-08-11 14:24:24 ----A---- C:\Windows\SysWOW64\odbctrac.dll
2011-08-11 14:24:24 ----A---- C:\Windows\SysWOW64\odbcjt32.dll
2011-08-11 14:24:24 ----A---- C:\Windows\SysWOW64\odbccu32.dll
2011-08-11 14:24:24 ----A---- C:\Windows\SysWOW64\odbccr32.dll
2011-08-11 14:24:24 ----A---- C:\Windows\SysWOW64\odbccp32.dll
2011-08-11 14:23:37 ----A---- C:\Windows\SysWOW64\setup16.exe
2011-08-11 14:23:37 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2011-08-11 14:23:37 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2011-08-11 14:23:37 ----A---- C:\Windows\SysWOW64\kernel32.dll
2011-08-11 14:23:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 14:23:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 14:23:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-08-11 14:23:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 14:23:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 14:23:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 14:23:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-08-11 14:23:36 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 14:23:36 ----A---- C:\Windows\SysWOW64\wow32.dll
2011-08-11 14:23:35 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 14:23:35 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 14:23:35 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 14:23:35 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 14:23:35 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 14:23:35 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-08-11 14:23:34 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 14:23:34 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 14:23:34 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 14:23:34 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 14:23:34 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 14:23:34 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 14:23:34 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 14:23:33 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 14:23:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-08-11 14:23:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 14:23:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-08-11 14:23:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 14:23:32 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 14:23:31 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-08-11 14:23:31 ----A---- C:\Windows\SysWOW64\user.exe
2011-08-11 14:23:31 ----A---- C:\Windows\SysWOW64\instnm.exe
2011-08-11 14:23:25 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2011-08-11 14:23:23 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
======List of files/folders modified in the last 1 month======
2011-09-06 12:24:12 ----D---- C:\Windows\Prefetch
2011-09-06 12:24:00 ----D---- C:\Windows\Temp
2011-09-05 13:49:32 ----D---- C:\Users\Owner\AppData\Roaming\Skype
2011-09-05 13:43:19 ----D---- C:\Windows
2011-09-05 03:54:28 ----D---- C:\Windows\System32
2011-09-05 03:54:28 ----D---- C:\Windows\inf
2011-09-05 00:23:01 ----D---- C:\Windows\SysWOW64
2011-09-05 00:21:56 ----D---- C:\Program Files (x86)
2011-09-03 05:25:35 ----SHD---- C:\System Volume Information
2011-09-03 05:18:31 ----D---- C:\Windows\winsxs
2011-09-03 05:18:16 ----D---- C:\Program Files (x86)\Internet Explorer
2011-09-03 04:24:46 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-09-03 04:24:46 ----D---- C:\Config.Msi
2011-09-03 04:22:33 ----SHD---- C:\Windows\Installer
2011-09-03 04:22:33 ----SD---- C:\ProgramData\Microsoft
2011-09-03 04:21:48 ----D---- C:\ProgramData\Microsoft Help
2011-09-03 04:18:59 ----RSD---- C:\Windows\assembly
2011-09-03 04:18:17 ----RSD---- C:\Windows\Fonts
2011-09-03 04:18:09 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2011-09-03 01:56:59 ----D---- C:\Windows\Tasks
2011-09-03 01:56:44 ----D---- C:\Windows\registration
2011-09-03 01:56:41 ----D---- C:\Users\Owner\AppData\Roaming\Macromedia
2011-09-03 01:28:55 ----D---- C:\Windows\Microsoft.NET
2011-09-02 22:39:41 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2011-09-02 22:38:32 ----RD---- C:\Program Files
2011-09-02 22:35:53 ----D---- C:\ProgramData\Recovery
2011-09-02 22:15:24 ----A---- C:\Windows\system.ini
2011-09-02 22:12:57 ----D---- C:\ProgramData
2011-09-02 22:12:46 ----D---- C:\Windows\Downloaded Program Files
2011-09-02 22:09:32 ----D---- C:\Windows\SysWOW64\drivers
2011-09-02 22:09:32 ----D---- C:\Windows\AppPatch
2011-09-02 22:09:30 ----D---- C:\Program Files (x86)\Common Files
2011-09-01 23:22:00 ----D---- C:\Program Files (x86)\Java
2011-09-01 14:55:27 ----D---- C:\Program Files (x86)\Yontoo Layers Runtime
2011-09-01 14:55:27 ----D---- C:\Program Files (x86)\PageRage
2011-09-01 14:53:53 ----D---- C:\Program Files (x86)\Zynga
2011-09-01 14:53:53 ----D---- C:\Program Files (x86)\oovootoolbar
2011-09-01 14:53:53 ----D---- C:\Program Files (x86)\myYearbook Toolbar
2011-09-01 14:53:53 ----D---- C:\Program Files (x86)\ConduitEngine
2011-09-01 02:40:35 ----D---- C:\Program Files (x86)\iWin Games
2011-09-01 00:05:33 ----SD---- C:\Users\Owner\AppData\Roaming\Microsoft
2011-08-31 23:33:06 ----D---- C:\Windows\rescache
2011-08-31 06:59:54 ----D---- C:\Program Files (x86)\Windows Media Player
2011-08-31 06:59:54 ----D---- C:\Program Files (x86)\Windows Defender
2011-08-31 06:59:49 ----D---- C:\Windows\SysWOW64\wbem
2011-08-31 06:59:49 ----D---- C:\Windows\SysWOW64\migration
2011-08-31 06:59:49 ----D---- C:\Windows\SysWOW64\com
2011-08-31 06:59:49 ----D---- C:\Windows\servicing
2011-08-31 06:59:49 ----D---- C:\Windows\IME
2011-08-31 06:59:49 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-08-31 06:59:49 ----D---- C:\Program Files (x86)\Common Files\System
2011-08-31 06:59:35 ----D---- C:\Windows\AppCompat
2011-08-31 06:59:29 ----D---- C:\ProgramData\Yahoo! Companion
2011-08-31 06:59:28 ----D---- C:\Program Files (x86)\ooVoo
2011-08-31 06:59:28 ----D---- C:\Program Files (x86)\Microsoft Works
2011-08-31 06:59:28 ----D---- C:\Program Files (x86)\HP
2011-08-31 06:56:45 ----D---- C:\Windows\SysWOW64\config
2011-08-31 06:53:42 ----RD---- C:\Users
2011-08-31 06:53:40 ----D---- C:\Users\Owner\AppData\Roaming\Yahoo!
2011-08-31 06:53:39 ----D---- C:\Users\Owner\AppData\Roaming\ArcSoft
2011-08-31 06:52:51 ----D---- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-08-31 06:52:49 ----D---- C:\ProgramData\Easybits GO
2011-08-31 06:52:46 ----D---- C:\Program Files (x86)\QuickTime
2011-08-30 13:41:30 ----D---- C:\Windows\SoftwareDistribution
2011-08-28 19:25:40 ----D---- C:\Users\Owner\AppData\Roaming\go
2011-08-27 06:13:42 ----D---- C:\Windows\SysWOW64\en-US
2011-08-27 06:13:42 ----D---- C:\Windows\PolicyDefinitions
2011-08-27 06:02:43 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-08-27 06:02:43 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-08-27 06:02:43 ----D---- C:\Program Files (x86)\Windows Mail
2011-08-27 06:02:39 ----D---- C:\Windows\ehome
2011-08-27 06:02:37 ----D---- C:\Windows\SysWOW64\da-DK
2011-08-27 06:02:36 ----D---- C:\Windows\SysWOW64\oobe
2011-08-27 06:02:35 ----D---- C:\Windows\SysWOW64\Setup
2011-08-27 06:02:35 ----D---- C:\Windows\SysWOW64\manifeststore
2011-08-27 06:02:35 ----D---- C:\Windows\SysWOW64\en
2011-08-27 06:02:35 ----D---- C:\Windows\SysWOW64\cs-CZ
2011-08-27 06:02:35 ----D---- C:\Windows\SysWOW64\AdvancedInstallers
2011-08-27 06:02:34 ----D---- C:\Windows\SysWOW64\sppui
2011-08-27 06:02:34 ----D---- C:\Windows\SysWOW64\migwiz
2011-08-27 06:02:34 ----D---- C:\Windows\SysWOW64\es-ES
2011-08-27 06:02:34 ----D---- C:\Windows\SysWOW64\Dism
2011-08-27 05:58:50 ----D---- C:\Windows\Logs
2011-08-27 05:53:59 ----A---- C:\Windows\SysWOW64\msclmd.dll
2011-08-24 19:29:42 ----D---- C:\Users\Owner\AppData\Roaming\FrostWire
2011-08-20 08:46:21 ----A---- C:\ProgramData\HPWALog.txt
2011-08-19 12:53:50 ----D---- C:\ProgramData\Adobe
2011-08-19 12:53:48 ----D---- C:\Program Files (x86)\Adobe
2011-08-19 12:34:19 ----D---- C:\Program Files (x86)\Paltalk Messenger
2011-08-19 12:34:10 ----D---- C:\Windows\PaltalkScene
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\N360x64\0308000.029\SYMEFA64.SYS []
R1 BHDrvx64;Symantec Heuristics Driver; C:\Windows\System32\Drivers\N360x64\0308000.029\BHDrvx64.sys []
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\N360x64\0308000.029\ccHPx64.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-07-27 481912]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\N360x64\0308000.029\SRTSPX64.SYS []
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys []
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMTDI.SYS []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio64.sys []
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys []
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys []
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 LVPr2M64;Logitech LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys []
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMFW.SYS []
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys []
S1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20110818.030\IDSvia64.sys []
S1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\N360x64\0308000.029\SRTSP64.SYS []
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dc3d;MS Hardware Device Detection Driver (HID); C:\Windows\system32\DRIVERS\dc3d.sys []
S3 HP8107Fltr;HP-HP8107; C:\Windows\system32\DRIVERS\HP8107.sys []
S3 lvpepf64;Volume Adapter; C:\Windows\system32\DRIVERS\lv302a64.sys []
S3 lvpopf64;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopf64.sys []
S3 LVPr2Mon;LVPr2M64 Driver; C:\Windows\system32\DRIVERS\LVPr2M64.sys []
S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys []
S3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys []
S3 LVUVC64;Logitech Webcam 200(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys []
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110818.021\ENG64.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20110818.021\EX64.SYS []
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys []
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V64.SYS []
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys []
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-09-24 125440]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 iWinTrusted;iWinTrusted; C:\Program Files (x86)\iWin Games\iWinTrusted.exe [2010-04-14 78104]
R2 LVPrcS64;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 12784]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-06 247152]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 N360;Norton Security Suite; C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\ccSvcHst.exe /s N360 /m C:\Program Files (x86)\Norton Security Suite\Engine\3.8.0.41\diMaster.dll /prefetch:1 []
S3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-06-07 934176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
-----------------EOF-----------------
Info.txt
info.txt logfile of random's system information tool 1.09 2011-09-06 12:24:15
======Uninstall list======
Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe -maintain activex
Adobe Reader 9.4.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
AIM 7-->C:\Program Files (x86)\AIM\uninst.exe
Apple Application Support-->MsiExec.exe /I{B3575D00-27EF-49C2-B9E0-14B3D954E992}
Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66}
ArcSoft Magic-i Visual Effects 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F5E0EA53-30F6-4F21-8B8E-1FC16A66B76A}\Setup.exe" -l0x9
ArcSoft MediaImpression 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EAD52F56-4E36-47C0-B117-836D15FC5B0B}\Setup.exe" -l0x9
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{37530151-56A6-4CE4-9F9F-CE1F5A1356C6}\Setup.exe" -l0x9
ArcSoft Photo Book Screen Saver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E2EE273D-E111-4FFD-ACD4-78E1D35E01D2}\Setup.exe" -l0x9
ArcSoft PhotoStudio Darkroom 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{40DA94AF-34B7-4BA7-A37F-26F899C031FF}\Setup.exe" -l0x9
ArcSoft Print Creations - Album Page-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F03EC055-F34E-4F6B-A684-8A370E11A304}\Setup.exe" -l0x9 -1AlbumPage
ArcSoft Print Creations - Brochures & Flyers-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F03EC055-F34E-4F6B-A684-8A370E11A304}\Setup.exe" -l0x9 -1Brochure
ArcSoft Print Creations - Funhouse II-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F03EC055-F34E-4F6B-A684-8A370E11A304}\Setup.exe" -l0x9 -1HouseFun
ArcSoft Print Creations - Funhouse-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F03EC055-F34E-4F6B-A684-8A370E11A304}\Setup.exe" -l0x9 -1Funhouse
ArcSoft Print Creations - Greeting Card-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F03EC055-F34E-4F6B-A684-8A370E11A304}\Setup.exe" -l0x9 -1GreetingCard
ArcSoft Print Creations - Photo Book-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F03EC055-F34E-4F6B-A684-8A370E11A304}\Setup.exe" -l0x9 -1PhotoBook
ArcSoft Print Creations - Photo Calendar-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F03EC055-F34E-4F6B-A684-8A370E11A304}\Setup.exe" -l0x9 -1Calendar
ArcSoft Print Creations - Photo Prints-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F03EC055-F34E-4F6B-A684-8A370E11A304}\Setup.exe" -l0x9 -1PhotoPrint
ArcSoft Print Creations - Poster Creator-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F03EC055-F34E-4F6B-A684-8A370E11A304}\Setup.exe" -l0x9 -1Poster
ArcSoft Print Creations - Scrapbook-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F03EC055-F34E-4F6B-A684-8A370E11A304}\Setup.exe" -l0x9 -1ScrapBook
ArcSoft Print Creations - Slimline Card-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F03EC055-F34E-4F6B-A684-8A370E11A304}\Setup.exe" -l0x9 -1Slimline
ArcSoft Print Creations-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F03EC055-F34E-4F6B-A684-8A370E11A304}\Setup.exe" -l0x9
ArcSoft RAW Thumbnail Viewer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{82FAC25D-D0E1-4D60-9268-F3DD958BF052}\Setup.exe" -l0x9
ArcSoft Scan-n-Stitch Deluxe-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{363188E4-1A27-4DE6-BA48-823D2E205385}\Setup.exe" -l0x9
ArcSoft Video Downloader-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C8B44566-839A-459C-A73D-49764CE216CC}\Setup.exe" -l0x9
Ask Toolbar-->MsiExec.exe /X{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Atheros Driver Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conduit Engine -->C:\Program Files (x86)\ConduitEngine\ConduitEngineUninstall.exe engine
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink MediaShow-->"C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\setup.exe" /z-uninstall
CyberLink MediaShow-->"C:\Program Files (x86)\InstallShield Installation Information\{80E158EA-7181-40FE-A701-301CE6BE64AB}\setup.exe" /z-uninstall
CyberLink PowerDVD 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
CyberLink PowerDVD 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
DealRunner 1.26-->"C:\Program Files (x86)\DealRunner\unins000.exe"
Download Updater (AOL LLC)-->C:\Program Files (x86)\Common Files\Software Update Utility\uninstall.exe
fbDownloader 1.0.2.0-->C:\Program Files (x86)\fbDownloader\uninstall fbDownloader.exe
FrostWire 4.20.2-->C:\Program Files (x86)\FrostWire\Uninstall.exe
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
HP Advisor-->MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Quick Launch Buttons-->"C:\Program Files (x86)\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -runfromtemp -l0x0009 uninst
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17B4760F-334B-475D-829F-1A3E94A6A4E6}\setup.exe" -l0x9 -removeonly
HP Smart Web Printing-->msiexec /i{49A143E9-4A6A-43E7-86B1-388194C79248}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Update-->MsiExec.exe /X{D46D081B-F60E-467E-A7C4-117B70D76731}
HP User Guides 0156-->MsiExec.exe /X{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}
HP Wireless Assistant-->MsiExec.exe /X{54CC7901-804D-4155-B353-21F0CC9112AB}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
IMinent Toolbar-->MsiExec.exe /X{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Iminent-->C:\Program Files (x86)\Iminent\IMBooster\inst\Bootstrapper\Bootstrapper.exe uninstall
Iminent-->MsiExec.exe /X{7782C171-0E16-47B7-805C-401080068B07}
InstallIQ Updater-->MsiExec.exe /X{294A2E0E-3A0B-4D1F-8282-11DEF2040227}
Itibiti RTC-->MsiExec.exe /I{730E03E4-350E-48E5-9D3E-4329903D454D}
iWin Games (remove only)-->"C:\Program Files (x86)\iWin Games\Uninstall.exe"
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Knctr-->"C:\Program Files (x86)\Itibiti Soft Phone\unins000.exe"
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
Logitech Vid-->MsiExec.exe /I{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}
Malwarebytes' Anti-Malware version 1.51.1.1800-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Motorola Driver Installation-->MsiExec.exe /I{70CCD7C5-39E3-40C4-92CB-0A4281CE3B99}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
muvee Reveal-->MsiExec.exe /X{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}
myYearbook Toolbar-->C:\Program Files (x86)\myYearbook Toolbar\Uninst.exe
Norton Security Suite-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\7190B588\3.8.0.41\InstStub.exe /X
ooVoo Toolbar-->C:\Program Files (x86)\oovootoolbar\uninstall.exe
ooVoo-->MsiExec.exe /X{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}
PageRage Toolbar-->C:\Program Files (x86)\PageRage\uninstall.exe toolbar
Paltalk Messenger-->"C:\Windows\PaltalkScene\uninstall.exe" "/U:C:\Program Files (x86)\Paltalk Messenger\irunin.xml"
PokerStars.net-->"C:\Program Files (x86)\PokerStars.NET\PokerStarsUninstall.exe" /u:PokerStars.net
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
PriceGong 2.5.1-->C:\Program Files (x86)\PriceGong\uninst.exe
QLBCASL-->MsiExec.exe /I{F1D7AC58-554A-4A58-B784-B61558B1449A}
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Realtek 8136 8168 8169 Ethernet Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\Setup.exe" -runfromtemp -l0x0009 -removeonly
Recovery Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Shop To Win-->"C:\Program Files (x86)\Shop To Win\unins000.exe"
Skype Toolbars-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Skype™ 5.3-->MsiExec.exe /X{5335DADB-34BA-4AE8-A519-648D78498846}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974631)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D53FB73-9826-4541-B2E0-A239C6EBA718}
Update for Microsoft Office Word 2007 (KB974631)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {34726474-50D6-49FC-B8AC-35411459D27A}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Yahoo! Messenger-->C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~2\Yahoo!\Common\UNYT_W~1.EXE
Zynga Toolbar-->C:\PROGRA~2\Zynga\UNWISE.EXE /U C:\PROGRA~2\Zynga\INSTALL.LOG
======Hosts File======
::1 localhost
======System event log======
Computer Name: Owner-PC
Event Code: 1014
Message: Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 20658
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20100802031218.180370-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: Owner-PC
Event Code: 10016
Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B77C4C36-0154-4C52-AB49-FAA03837E47F}
and APPID
{EA022610-0748-4C24-B229-6C507EBDFDBB}
to the user Owner-PC\Owner SID (S-1-5-21-2559799070-2916064766-2587329467-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 20625
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100802013305.000000-000
Event Type: Error
User: Owner-PC\Owner
Computer Name: Owner-PC
Event Code: 10016
Message: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B77C4C36-0154-4C52-AB49-FAA03837E47F}
and APPID
{EA022610-0748-4C24-B229-6C507EBDFDBB}
to the user Owner-PC\Owner SID (S-1-5-21-2559799070-2916064766-2587329467-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 20606
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100802000422.000000-000
Event Type: Error
User: Owner-PC\Owner
Computer Name: Owner-PC
Event Code: 7011
Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
Record Number: 20438
Source Name: Service Control Manager
Time Written: 20100731153249.682010-000
Event Type: Error
User:
Computer Name: Owner-PC
Event Code: 7011
Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
Record Number: 20334
Source Name: Service Control Manager
Time Written: 20100731000648.102206-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Owner-PC
Event Code: 80
Message: Activation context generation failed for "C:\Program Files (x86)\Paltalk Messenger\paltalk.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Record Number: 1703
Source Name: SideBySide
Time Written: 20100127135806.000000-000
Event Type: Error
User:
Computer Name: Owner-PC
Event Code: 11
Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 764) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.
Record Number: 1595
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20100123015935.370817-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Owner-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2559799070-2916064766-2587329467-1000:
Process 408 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2559799070-2916064766-2587329467-1000
Record Number: 1544
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100122000006.060304-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Owner-PC
Event Code: 35
Message: Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.
Record Number: 1521
Source Name: SideBySide
Time Written: 20100121180254.000000-000
Event Type: Error
User:
Computer Name: Owner-PC
Event Code: 63
Message: Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
Record Number: 1520
Source Name: SideBySide
Time Written: 20100121180123.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Owner-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: OWNER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x1fc
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 37493
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110206163030.395632-000
Event Type: Audit Success
User:
Computer Name: Owner-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-21-2559799070-2916064766-2587329467-1000
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0x9c738f
Logon Type: 7
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 37492
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110206163025.795369-000
Event Type: Audit Success
User:
Computer Name: Owner-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-21-2559799070-2916064766-2587329467-1000
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0x9c73a3
Logon Type: 7
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 37491
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110206163025.795369-000
Event Type: Audit Success
User:
Computer Name: Owner-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-21-2559799070-2916064766-2587329467-1000
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0x9c738f
Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 37490
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110206163025.782368-000
Event Type: Audit Success
User:
Computer Name: Owner-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: OWNER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 7
New Logon:
Security ID: S-1-5-21-2559799070-2916064766-2587329467-1000
Account Name: Owner
Account Domain: Owner-PC
Logon ID: 0x9c73a3
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x1c0
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name: OWNER-PC
Source Network Address: 127.0.0.1
Source Port: 0
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 37489
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110206163025.782368-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\System32\WindowsPo werShell\v1.0;C:\Program Files (x86)\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=1
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Presario
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Sorry Jaycee. My wife is leaving for a convention today, and she's taking the laptop with her. If you have any last thoughts, please let me know and I can pass them onto her, or take care of it when she gets back.
Thanks again for all your help.
We need to take care of a couple things, still. The Hosts file looks like it's still messed up.
Tell her to (right click, run as Administrator) start HijackThis! ... click 'Do a system scan and save log'
When it's finished scanning, place a check mark next to:
O1 - Hosts: ˙ž127.0.0.1 localhost
Close all windows except HJT, then click 'fix checked'. Reboot the computer.
Now, download the HostsXpert 4.3 - Hosts File Manager.
- Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
- Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
- Click "Make Hosts Writable?" in the upper right corner (If available).
- Click Restore Microsoft's Hosts file and then click OK.
- Click the X to exit the program.
- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
Tell me how this goes ... and when she gets back, we can continue.
Got your pm ... glad everything is working!
Let's remove the 'tools' I had you download. Click on the Start button () and then in the Search field entercombofix /uninstall
Once you have typed this in, press Enter on your keyboard. An open File security warning will appear asking if you are sure you want to run ComboFix. Please click on the Run button to start the program.
ComboFix will now uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled. You can now delete the ComboFix.exe program from your computer. ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.