I recently purchased spyhunter and was scanning the computer and it found a trojan called general.trojan. It keeps coming back after removal and I also have PC MightyMAX 2009 that will not uninstall or go away. I been doing alot of research and you cannot really get rid of the trojan when running 64bit vista unless you use windows defender. The trojan disabled the windows defender and I had to re enable it whick I did sucessfully, and it still did not remove it.
I tried to run Hijack thislog and it says operating system not supported. So im doing the RSIT INSTEAD.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mark at 2009-07-29 19:32:55
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 351 GB (50%) free of 705 GB
Total RAM: 7934 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:24 PM, on 7/29/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:WindowsMHotKey.exe
c:PROGRA~2mcafee.comagentmcagent.exe
C:Program Files (x86)Windows LiveMessengermsnmsgr.exe
C:Program Files (x86)Common FilesRealUpdate_OBrealsched.exe
C:Program Files (x86)Javajre6binjusched.exe
C:Program Files (x86)McAfeeMBKMcAfeeDataBackup.exe
C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe
C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
C:Program Files (x86)iTunesiTunesHelper.exe
C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe
C:WindowsChiFuncExt.exe
C:Program Files (x86)Internet ExplorerIELowutil.exe
C:Program Files (x86)LimeWireLimeWire.exe
C:Program Files (x86)Enigma Software GroupSpyHunterSpyHunter3.exe
C:UsersMarkDesktopRSIT.exe
c:PROGRA~2mcafeempfmcmpfalert.exe
C:Program Files (x86)trend microMark.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.google.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...amp;m=lx6200-01
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:PROGRA~2mcafeemskmskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: AskBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:Program Files (x86)AskBarbarbinaskBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Mirar - {6E78479F-34AD-47D2-AC42-15AE2EC72F6F} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program Files (x86)McAfeeVirusScanscriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.2.4204.1700swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~2mcafeeSITEAD~1mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program Files (x86)GoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MSNToolbar3.0.1008.0msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program Files (x86)Windows LiveToolbarwltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program Files (x86)EPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:Program Files (x86)MSNToolbar3.0.1008.0msneshellx.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~2mcafeeSITEAD~1mcieplg.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program Files (x86)Windows LiveToolbarwltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:Program Files (x86)EPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O3 - Toolbar: (no name) - {6E78479E-34AD-47D2-AC42-15AE2EC72F6F} - (no file)
O3 - Toolbar: Ask Toolbar - {5A074B29-F830-49de-A31B-5BB9D7F6B407} - C:Program Files (x86)AskBarbarbinaskBar.dll
O4 - HKLM..Run: [mcagent_exe] 'C:Program Files (x86)McAfee.comAgentmcagent.exe' /runkey
O4 - HKLM..Run: [TkBellExe] 'C:Program Files (x86)Common FilesRealUpdate_OBrealsched.exe' -osboot
O4 - HKLM..Run: [AppleSyncNotifier] C:Program Files (x86)Common FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [McENUI] C:PROGRA~2McAfeeMHNMcENUI.exe /hide
O4 - HKLM..Run: [Adobe Reader Speed Launcher] 'C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe'
O4 - HKLM..Run: [SunJavaUpdateSched] 'C:Program Files (x86)Javajre6binjusched.exe'
O4 - HKLM..Run: [McAfee Backup] 'C:Program Files (x86)McAfeeMBKMcAfeeDataBackup.exe'
O4 - HKLM..Run: [QuickTime Task] 'C:Program Files (x86)QuickTimeQTTask.exe' -atboottime
O4 - HKLM..Run: [EEventManager] C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe
O4 - HKLM..Run: [ArcSoft Connection Service] 'C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe'
O4 - HKLM..Run: [iTunesHelper] 'C:Program Files (x86)iTunesiTunesHelper.exe'
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [msnmsgr] 'C:Program Files (x86)Windows LiveMessengermsnmsgr.exe' /background
O4 - HKCU..Run: [EPSON Artisan 700 Series] C:Windowssystem32spoolDRIVERSx643E_IATIENA.EXE /FU 'C:WindowsTEMPE_SB3FA.tmp' /EF 'HKCU'
O4 - HKCU..Run: [swg] 'C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe'
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Save Image to Folder - res://C:Program Files (x86)AskBarbarbinaskBar.dll/saveimagetofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:Program Files (x86)AskBarbarbinaskBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:Program Files (x86)AskBarbarbinaskBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:Program Files (x86)AskBarbarbinaskBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:Program Files (x86)AskBarbarbinaskBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:Program Files (x86)AskBarbarbinaskBar.dll/savewebpage.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~2mcafeeSITEAD~1mcieplg.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:Windowssystem32agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:Windowssystem32Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:Program Files (x86)BonjourmDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: dlcj_device - Unknown owner - C:Windowssystem32dlcjcoms.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesGATEWAYGateway Recovery ManagementServiceETService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe (file missing)
O23 - Service: @%windir%system32inetsrviisres.dll,-30007 (IISADMIN) - Unknown owner - C:Windowssystem32inetsrvinetinfo.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:Program Files (x86)iPodbiniPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:Program Files (x86)McAfeeMBKMBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:Program Files (x86)McAfeeSiteAdvisorMcSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~2McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~2COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~2COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~2McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program Files (x86)McAfeeMPFMPFSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:Program Files (x86)McAfeeMSKMskSrver.exe
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:Windowssystem32mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
--
End of file - 15476 bytes
Scheduled tasks folder
C:WindowstasksErrorFix Scan.job
C:WindowstasksMcDefragTask.job
C:WindowstasksMcQcTask.job
C:WindowstasksParetoLogic Registration.job
C:WindowstasksParetoLogic Update Version2.job
C:WindowstasksUser_Feed_Synchronization-{231DFC6A-EEAA-43E8-AD66-F9242A5B73C0}.job
Registry dump
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:PROGRA~2mcafeemskmskapbho.dll [2009-01-09 246800]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2009-02-22 312928]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5A074B21-F830-49de-A31B-5BB9D7F6B407}]
AskBar BHO - C:Program Files (x86)AskBarbarbinaskBar.dll [2008-02-27 238544]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6E78479F-34AD-47D2-AC42-15AE2EC72F6F}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll [2009-05-19 137600]
CDelHotkeys Object - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll [2008-12-10 656624]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:Program Files (x86)McAfeeVirusScanscriptsn.dll [2009-03-25 62784]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll [2009-07-06 256112]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:Program Files (x86)GoogleGoogleToolbarNotifier5.2.4204.1700swg.dll [2009-07-06 761840]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:PROGRA~2mcafeeSITEAD~1mcieplg.dll [2008-11-14 150032]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:Program Files (x86)GoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll [2009-07-06 458736]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:Program Files (x86)MSNToolbar3.0.1008.0msneshellx.dll [2008-11-11 83800]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:Program Files (x86)Javajre6binjp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:Program Files (x86)Windows LiveToolbarwltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:Program Files (x86)EPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:Program Files (x86)MSNToolbar3.0.1008.0msneshellx.dll [2008-11-11 83800]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:PROGRA~2mcafeeSITEAD~1mcieplg.dll [2008-11-14 150032]
{61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - Delicious Toolbar - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll [2008-12-10 656624]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:Program Files (x86)Windows LiveToolbarwltcore.dll [2009-02-06 1068904]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:Program Files (x86)EPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll [2009-07-06 256112]
{6E78479E-34AD-47D2-AC42-15AE2EC72F6F}
{5A074B29-F830-49de-A31B-5BB9D7F6B407} - Ask Toolbar - C:Program Files (x86)AskBarbarbinaskBar.dll [2008-02-27 238544]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
'mcagent_exe'=C:Program Files (x86)McAfee.comAgentmcagent.exe [2009-01-08 645328]
'TkBellExe'=C:Program Files (x86)Common FilesRealUpdate_OBrealsched.exe [2009-02-22 198160]
'AppleSyncNotifier'=C:Program Files (x86)Common FilesAppleMobile Device SupportbinAppleSyncNotifier.exe [2009-05-13 177472]
'McENUI'=C:PROGRA~2McAfeeMHNMcENUI.exe [2009-01-09 1176808]
'Adobe Reader Speed Launcher'=C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
'SunJavaUpdateSched'=C:Program Files (x86)Javajre6binjusched.exe [2009-03-09 148888]
'McAfee Backup'=C:Program Files (x86)McAfeeMBKMcAfeeDataBackup.exe [2009-01-09 5134864]
'QuickTime Task'=C:Program Files (x86)QuickTimeQTTask.exe [2009-05-26 413696]
'EEventManager'=C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe [2008-05-07 591696]
'ArcSoft Connection Service'=C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe [2009-07-10 195072]
'iTunesHelper'=C:Program Files (x86)iTunesiTunesHelper.exe [2009-07-13 292128]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
'Sidebar'=C:Program FilesWindows Sidebarsidebar.exe [2009-04-11 1555968]
'ehTray.exe'=C:WindowsehomeehTray.exe [2008-01-20 138240]
'msnmsgr'=C:Program Files (x86)Windows LiveMessengermsnmsgr.exe [2009-02-06 3885408]
'EPSON Artisan 700 Series'=C:Windowssystem32spoolDRIVERSx643E_IATIENA.EXE [2008-04-06 221696]
'swg'=C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-07-06 39408]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program Files (x86)AdobeReader 8.0ReaderReader_sl.exe []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregeRecoveryService]
[]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLchDrvKey]
C:WindowsLchDrvKey.exe [2007-03-28 36864]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLedKey]
C:WindowsCNYHKey.exe [2008-04-23 339968]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNew Acer AlaunchX]
c:AcerPreloadCommandAlaunchXLaunchAlaunchX.exe [2008-07-16 200704]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-07-16 61440]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
C:Program Files (x86)Javajre1.6.0_05binjusched.exe [2008-02-22 144784]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrigger New Acer AlaunchX]
c:AcerPreloadCommandAlaunchXAppInRun.exe [2008-07-16 8192]
C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Bluetooth.lnk - C:Program Files (x86)WIDCOMMBluetooth SoftwareBTTray.exe
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmcmscsvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMCODS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMpfService]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfPf]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfRd]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfUsbccidDriver]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
'LogonHoursAction'=2
'DontDisplayLogonHoursWarnings'=1
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
'dontdisplaylastusername'=0
'legalnoticecaption'=
'legalnoticetext'=
'shutdownwithoutlogon'=1
'undockwithoutlogon'=1
'EnableUIADesktopToggle'=0
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
'NoDesktopCleanupWizard'=1
'NoDriveTypeAutoRun'=145
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
'NoActiveDesktop'=
'NoActiveDesktopChanges'=
'ForceActiveDesktopOn'=
'BindDirectlyToPropertySetStorage'=
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7362e17a-38a0-11de-be1a-002268390744}]
shellAutoRuncommand - L:LaunchU3.exe -a
File associations
.js - edit - C:WindowsSysWOW64Notepad.exe %1
.js - open - C:WindowsSysWOW64WScript.exe '%1' %*
List of files/folders created in the last 1 months
2009-07-29 19:32:55 ----D---- C:rsit
2009-07-29 19:32:55 ----D---- C:Program Files (x86)trend micro
2009-07-29 10:35:02 ----D---- C:UsersMarkAppDataRoamingTemplate
2009-07-29 10:30:21 ----D---- C:Program Files (x86)MGTEK
2009-07-29 10:30:20 ----D---- C:Program Files (x86)Common FilesMGTEK
2009-07-29 10:28:42 ----D---- C:ProgramDataMGTEK
2009-07-29 07:06:56 ----D---- C:UsersMarkAppDataRoamingGetRightToGo
2009-07-29 06:37:00 ----D---- C:Program Files (x86)Enigma Software Group
2009-07-29 05:47:37 ----D---- C:Program Files (x86)CCleaner
2009-07-29 03:01:53 ----A---- C:Windowsdd_ATL80SP1_KB973923MSI42F5.txt
2009-07-29 03:01:48 ----A---- C:Windowsdd_ATL80SP1_KB973923UI42F5.txt
2009-07-29 03:01:23 ----A---- C:Windowsdd_ATL80SP1_KB973923MSI42A0.txt
2009-07-29 03:01:22 ----A---- C:Windowsdd_ATL80SP1_KB973923UI42A0.txt
2009-07-28 12:08:19 ----A---- C:Windowssystem32mshtml.dll
2009-07-28 12:08:18 ----A---- C:Windowssystem32ieframe.dll
2009-07-28 12:08:15 ----A---- C:Windowssystem32wininet.dll
2009-07-28 12:08:15 ----A---- C:Windowssystem32urlmon.dll
2009-07-28 12:08:15 ----A---- C:Windowssystem32iertutil.dll
2009-07-28 12:08:14 ----A---- C:Windowssystem32occache.dll
2009-07-28 12:08:14 ----A---- C:Windowssystem32msfeeds.dll
2009-07-28 12:08:14 ----A---- C:Windowssystem32iedkcs32.dll
2009-07-28 12:08:13 ----A---- C:Windowssystem32msfeedsbs.dll
2009-07-28 12:08:13 ----A---- C:Windowssystem32ieUnatt.exe
2009-07-28 12:08:13 ----A---- C:Windowssystem32ieui.dll
2009-07-28 12:08:13 ----A---- C:Windowssystem32iesysprep.dll
2009-07-28 12:08:13 ----A---- C:Windowssystem32iepeers.dll
2009-07-28 12:08:12 ----A---- C:Windowssystem32msfeedssync.exe
2009-07-28 12:08:12 ----A---- C:Windowssystem32jsproxy.dll
2009-07-28 12:08:12 ----A---- C:Windowssystem32iesetup.dll
2009-07-28 12:08:12 ----A---- C:Windowssystem32iernonce.dll
2009-07-28 12:08:12 ----A---- C:Windowssystem32ie4uinit.exe
2009-07-17 06:36:12 ----D---- C:Program Files (x86)AskBar
2009-07-17 06:36:05 ----D---- C:Program Files (x86)YouTube Downloader
2009-07-14 16:56:40 ----A---- C:Windowssystem32t2embed.dll
2009-07-14 16:56:40 ----A---- C:Windowssystem32fontsub.dll
2009-07-14 16:56:39 ----A---- C:Windowssystem32dciman32.dll
2009-07-14 16:56:39 ----A---- C:Windowssystem32atmfd.dll
2009-07-08 23:47:25 ----A---- C:Windowssystem32win27.exe
2009-07-07 08:25:46 ----A---- C:WindowsEEventManager.INI
2009-07-06 19:45:06 ----A---- C:WindowsDEBUGSM.INI
2009-07-06 17:05:17 ----ASH---- C:UsersMarkAppDataRoamingdesktop.ini
2009-07-05 16:08:22 ----D---- C:UsersMarkAppDataRoamingLudia
2009-07-05 16:08:22 ----D---- C:ProgramDataLudia
2009-07-05 14:43:33 ----D---- C:UsersMarkAppDataRoamingEpson
2009-07-05 08:38:02 ----D---- C:UsersMarkAppDataRoamingLeadertech
2009-07-05 08:32:14 ----D---- C:Program Files (x86)Common FilesEPSON
2009-07-05 08:15:13 ----D---- C:Program Files (x86)ABBYY FineReader 6.0 Sprint
2009-07-05 08:14:32 ----D---- C:ProgramDataArcSoft
2009-07-05 08:13:48 ----D---- C:UsersMarkAppDataRoamingArcsoft
2009-07-05 08:13:16 ----D---- C:Program Files (x86)Common FilesArcSoft
2009-07-05 08:13:16 ----D---- C:Program Files (x86)ArcSoft
2009-07-05 08:00:20 ----D---- C:Program Files (x86)Epson Software
2009-07-05 07:56:10 ----A---- C:Windowssystem32PICSDK2.dll
2009-07-05 07:56:10 ----A---- C:Windowssystem32PICSDK.ini
2009-07-05 07:56:09 ----A---- C:Windowssystem32PICSDK.dll
2009-07-05 07:56:09 ----A---- C:Windowssystem32PICEntry.dll
2009-07-05 07:56:09 ----A---- C:Windowssystem32EpPicPrt.dll
2009-07-05 07:56:09 ----A---- C:Windowssystem32EpPicMgr.dll
2009-07-05 07:56:08 ----D---- C:ProgramDataEPSON
2009-07-05 07:56:06 ----D---- C:UsersMarkAppDataRoamingInstallShield
2009-07-05 07:54:37 ----D---- C:Program Files (x86)epson
2009-07-05 07:54:03 ----A---- C:WindowsEPART700.ini
List of files/folders modified in the last 1 months
2009-07-29 19:33:23 ----D---- C:WindowsTemp
2009-07-29 19:33:14 ----D---- C:UsersMarkAppDataRoamingLimeWire
2009-07-29 19:32:55 ----RD---- C:Program Files (x86)
2009-07-29 19:07:50 ----D---- C:Windows
2009-07-29 11:51:14 ----D---- C:UsersMarkAppDataRoamingDelicious IE Extension
2009-07-29 10:35:02 ----SD---- C:UsersMarkAppDataRoamingMicrosoft
2009-07-29 10:30:26 ----SHD---- C:WindowsInstaller
2009-07-29 10:30:20 ----D---- C:Program Files (x86)Common Files
2009-07-29 10:30:06 ----SHD---- C:System Volume Information
2009-07-29 10:28:42 ----HD---- C:ProgramData
2009-07-29 09:20:15 ----D---- C:WindowsSystem32
2009-07-29 09:20:13 ----D---- C:Windowsinf
2009-07-29 06:58:31 ----D---- C:WindowsSysWOW64
2009-07-29 06:24:16 ----SD---- C:WindowsDownloaded Program Files
2009-07-29 06:05:41 ----D---- C:Program Files (x86)PC MightyMax 2009
2009-07-29 05:59:26 ----D---- C:WindowsDebug
2009-07-29 03:12:16 ----RD---- C:Users
2009-07-29 03:09:02 ----D---- C:Program Files (x86)Internet Explorer
2009-07-29 03:09:01 ----D---- C:Windowssystem32migration
2009-07-29 03:03:25 ----D---- C:Windowswinsxs
2009-07-21 11:20:58 ----D---- C:Program Files (x86)Safari
2009-07-21 11:19:26 ----D---- C:Program Files (x86)iTunes
2009-07-21 11:19:12 ----D---- C:Program Files (x86)iPod
2009-07-21 11:19:10 ----RD---- C:Program Files
2009-07-21 09:34:38 ----A---- C:Windowscdplayer.ini
2009-07-21 01:00:10 ----D---- C:ProgramDataNOS
2009-07-21 01:00:06 ----D---- C:Program Files (x86)NOS
2009-07-19 16:22:25 ----D---- C:UsersMarkAppDataRoaminglicenses
2009-07-17 06:18:48 ----HD---- C:Windowsmsdownld.tmp
2009-07-16 03:30:09 ----D---- C:Program Files (x86)Windows Mail
2009-07-13 01:27:04 ----HD---- C:Program Files (x86)InstallShield Installation Information
2009-07-11 04:39:27 ----D---- C:ProgramDataMcAfee
2009-07-11 04:33:07 ----D---- C:Program Files (x86)McAfee
2009-07-11 01:56:26 ----D---- C:WindowsPrefetch
2009-07-06 23:40:28 ----D---- C:Program Files (x86)Google
2009-07-06 23:39:14 ----D---- C:ProgramDataGoogle
2009-07-05 16:25:00 ----D---- C:ProgramDataWildTangent
2009-07-05 08:02:05 ----D---- C:Program Files (x86)Common FilesInstallShield
2009-07-05 07:54:37 ----D---- C:Windowstwain_32
2009-07-04 08:11:59 ----D---- C:WindowsLiveKernelReports
2009-07-04 05:24:36 ----D---- C:WindowsMicrosoft.NET
List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)
R1 mfehidk;McAfee Inc. mfehidk; C:Windowssystem32driversmfehidk.sys []
R1 MPFP;MPFP; C:WindowsSystem32DriversMpfp.sys []
R2 RMCAST;RMCAST (Pgm) Protocol Driver; C:Windowssystem32DRIVERSRMCAST.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:Windowssystem32DRIVERSagrsm64.sys []
R3 atikmdag;atikmdag; C:Windowssystem32DRIVERSatikmdag.sys []
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture; C:Windowssystem32driversAVer88xHD64.sys []
R3 BthEnum;Bluetooth Enumerator Service; C:Windowssystem32DRIVERSBthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:Windowssystem32DRIVERSbthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:WindowsSystem32DriversBTHUSB.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:Windowssystem32driversbtwaudio.sys []
R3 btwavdt;Bluetooth AVDT Service; C:Windowssystem32driversbtwavdt.sys []
R3 btwrchid;btwrchid; C:Windowssystem32DRIVERSbtwrchid.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WindowsSystem32DriversGEARAspiWDM.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:Windowssystem32driversksthunk.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:Windowssystem32driversmfeavfk.sys []
R3 mfesmfk;McAfee Inc. mfesmfk; C:Windowssystem32driversmfesmfk.sys []
R3 MQAC;@mqutil.dll,-6101; C:Windowssystem32driversmqac.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:Windowssystem32DRIVERSrfcomm.sys []
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:WindowsSystem32DriversRTS5121.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:Windowssystem32driversRtHDMIVX.sys []
R3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:Windowssystem32DRIVERSyk60x64.sys []
S2 int15;int15; ??C:WindowsSysWOW64driversint15_64.sys [2008-06-11 17952]
S3 BTHPORT;Bluetooth Port Driver; C:WindowsSystem32DriversBTHport.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:Windowssystem32driversdrmkaud.sys []
S3 fssfltr;FssFltr; C:Windowssystem32DRIVERSfssfltr.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:Windowssystem32driversHdAudio.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:Windowssystem32driversmferkdk.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:Windowssystem32driversMSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:Windowssystem32driversMSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:Windowssystem32driversMSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:Windowssystem32driversMSTEE.sys []
S3 Rts516xIR;Realtek IR Driver; C:Windowssystem32driversRts516xIR.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:WindowsSystem32Driversusbaapl64.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:Windowssystem32driversUSBCCID.sys []
S3 usbscan;USB Scanner Driver; C:Windowssystem32DRIVERSusbscan.sys []
S3 WpdUsb;WpdUsb; C:Windowssystem32DRIVERSwpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys []
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys []
List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)
R2 ACDaemon;ArcSoft Connect Daemon; C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe [2009-02-06 109056]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:Windowssystem32agr64svc.exe []
R2 AppHostSvc;@%windir%system32inetsrviisres.dll,-30011; C:Windowssystem32svchost.exe [2008-01-20 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:Program Files (x86)Common FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati External Event Utility;Ati External Event Utility; C:Windowssystem32Ati2evxx.exe []
R2 Bonjour Service;Bonjour Service; C:Program Files (x86)BonjourmDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2008-01-20 21504]
R2 dlcj_device;dlcj_device; C:Windowssystem32dlcjcoms.exe -service []
R2 ETService;Empowering Technology Service; C:Program FilesGATEWAYGateway Recovery ManagementServiceETService.exe [2008-06-11 24576]
R2 IISADMIN;@%windir%system32inetsrviisres.dll,-30007; C:Windowssystem32inetsrvinetinfo.exe []
R2 iprip;@%Systemroot%system32iprip.dll,-200; C:WindowsSystem32svchost.exe [2008-01-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:Program Files (x86)McAfeeSiteAdvisorMcSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:PROGRA~2McAfeeMSCmcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:PROGRA~2COMMON~1mcafeemnamcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:PROGRA~2COMMON~1mcafeemcproxymcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:PROGRA~1McAfeeVIRUSS~1mcshield.exe [2009-03-25 153920]
R2 MpfService;McAfee Personal Firewall Service; C:Program Files (x86)McAfeeMPFMPFSrv.exe [2009-03-19 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:Program Files (x86)McAfeeMSKMskSrver.exe [2009-01-09 26640]
R2 MSMQ;@mqutil.dll,-6102; C:Windowssystem32mqsvc.exe []
R2 SeaPort;SeaPort; C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe [2009-05-19 240512]
R2 simptcp;@%SystemRoot%system32simptcp.dll,-200; C:WindowsSystem32tcpsvcs.exe [2006-11-02 9728]
R2 SNMP;@%SystemRoot%system32snmp.exe,-3; C:WindowsSystem32snmp.exe [2009-04-10 47616]
R2 W3SVC;@%windir%system32inetsrviisres.dll,-30003; C:Windowssystem32svchost.exe [2008-01-20 21504]
R3 iPod Service;iPod Service; C:Program Files (x86)iPodbiniPodService.exe [2009-07-13 542496]
R3 McSysmon;McAfee SystemGuards; C:PROGRA~2McAfeeVIRUSS~1mcsysmon.exe [2009-03-24 606736]
R3 WAS;@%windir%system32inetsrviisres.dll,-30001; C:Windowssystem32svchost.exe [2008-01-20 21504]
S3 aspnet_state;ASP.NET State Service; C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2009-03-29 89920]
S3 fsssvc;Windows Live Family Safety; C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe []
S3 MBackMonitor;MBackMonitor; C:Program Files (x86)McAfeeMBKMBackMonitor.exe [2009-01-09 68112]
S3 McODS;McAfee Scanner; C:PROGRA~1McAfeeVIRUSS~1mcods.exe [2009-04-01 696848]
S3 NtmsSvc;@%SystemRoot%system32ntmssvc.dll,-2; C:Windowssystem32svchost.exe [2008-01-20 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:Program Files (x86)Common FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:Program Files (x86)Common FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%sysWow64perfhost.exe,-2; C:WindowsSysWow64perfhost.exe [2008-01-20 19968]
S4 GameConsoleService;GameConsoleService; C:Program Files (x86)Gateway GamesGateway Game ConsoleGameConsoleService.exe [2009-07-09 250616]
S4 yksvc;Marvell Yukon Service; ykx64coinst,serviceStartProc []
-----------------EOF-----------------
I tried to run Hijack thislog and it says operating system not supported. So im doing the RSIT INSTEAD.
Learn how to change default Program Files install or installation directory or folder location in Windows, so that software get installed automatically in it.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mark at 2009-07-29 19:32:55
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 351 GB (50%) free of 705 GB
Total RAM: 7934 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:24 PM, on 7/29/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:WindowsMHotKey.exe
c:PROGRA~2mcafee.comagentmcagent.exe
C:Program Files (x86)Windows LiveMessengermsnmsgr.exe
C:Program Files (x86)Common FilesRealUpdate_OBrealsched.exe
C:Program Files (x86)Javajre6binjusched.exe
C:Program Files (x86)McAfeeMBKMcAfeeDataBackup.exe
C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe
C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe
C:Program Files (x86)iTunesiTunesHelper.exe
C:Program FilesWIDCOMMBluetooth SoftwareBluetoothHeadsetProxy.exe
C:WindowsChiFuncExt.exe
C:Program Files (x86)Internet ExplorerIELowutil.exe
C:Program Files (x86)LimeWireLimeWire.exe
C:Program Files (x86)Enigma Software GroupSpyHunterSpyHunter3.exe
C:UsersMarkDesktopRSIT.exe
c:PROGRA~2mcafeempfmcmpfalert.exe
C:Program Files (x86)trend microMark.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = www.google.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://www.mirarsearch.com/?useie5=1&q=
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACG...amp;m=lx6200-01
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:PROGRA~2mcafeemskmskapbho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: AskBar BHO - {5A074B21-F830-49de-A31B-5BB9D7F6B407} - C:Program Files (x86)AskBarbarbinaskBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: Mirar - {6E78479F-34AD-47D2-AC42-15AE2EC72F6F} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:Program Files (x86)McAfeeVirusScanscriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program Files (x86)GoogleGoogleToolbarNotifier5.2.4204.1700swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:PROGRA~2mcafeeSITEAD~1mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program Files (x86)GoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MSNToolbar3.0.1008.0msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program Files (x86)Windows LiveToolbarwltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:Program Files (x86)EPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:Program Files (x86)MSNToolbar3.0.1008.0msneshellx.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:PROGRA~2mcafeeSITEAD~1mcieplg.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program Files (x86)Windows LiveToolbarwltcore.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:Program Files (x86)EPSONEPSON Web-To-PageEPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll
O3 - Toolbar: (no name) - {6E78479E-34AD-47D2-AC42-15AE2EC72F6F} - (no file)
O3 - Toolbar: Ask Toolbar - {5A074B29-F830-49de-A31B-5BB9D7F6B407} - C:Program Files (x86)AskBarbarbinaskBar.dll
O4 - HKLM..Run: [mcagent_exe] 'C:Program Files (x86)McAfee.comAgentmcagent.exe' /runkey
O4 - HKLM..Run: [TkBellExe] 'C:Program Files (x86)Common FilesRealUpdate_OBrealsched.exe' -osboot
O4 - HKLM..Run: [AppleSyncNotifier] C:Program Files (x86)Common FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [McENUI] C:PROGRA~2McAfeeMHNMcENUI.exe /hide
O4 - HKLM..Run: [Adobe Reader Speed Launcher] 'C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe'
O4 - HKLM..Run: [SunJavaUpdateSched] 'C:Program Files (x86)Javajre6binjusched.exe'
O4 - HKLM..Run: [McAfee Backup] 'C:Program Files (x86)McAfeeMBKMcAfeeDataBackup.exe'
O4 - HKLM..Run: [QuickTime Task] 'C:Program Files (x86)QuickTimeQTTask.exe' -atboottime
O4 - HKLM..Run: [EEventManager] C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe
O4 - HKLM..Run: [ArcSoft Connection Service] 'C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe'
O4 - HKLM..Run: [iTunesHelper] 'C:Program Files (x86)iTunesiTunesHelper.exe'
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [msnmsgr] 'C:Program Files (x86)Windows LiveMessengermsnmsgr.exe' /background
O4 - HKCU..Run: [EPSON Artisan 700 Series] C:Windowssystem32spoolDRIVERSx643E_IATIENA.EXE /FU 'C:WindowsTEMPE_SB3FA.tmp' /EF 'HKCU'
O4 - HKCU..Run: [swg] 'C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe'
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Save Image to Folder - res://C:Program Files (x86)AskBarbarbinaskBar.dll/saveimagetofolder.html
O8 - Extra context menu item: &Save Image to MyStuff - res://C:Program Files (x86)AskBarbarbinaskBar.dll/saveimages.html
O8 - Extra context menu item: &Save Link to Folder - res://C:Program Files (x86)AskBarbarbinaskBar.dll/saveltof.html
O8 - Extra context menu item: &Save Link to MyStuff - res://C:Program Files (x86)AskBarbarbinaskBar.dll/savelink.html
O8 - Extra context menu item: &Save Page to Folder... - res://C:Program Files (x86)AskBarbarbinaskBar.dll/savepagetofolder.html
O8 - Extra context menu item: &Save this Page to MyStuff - res://C:Program Files (x86)AskBarbarbinaskBar.dll/savewebpage.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program Files (x86)Windows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:PROGRA~2mcafeeSITEAD~1mcieplg.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:Windowssystem32agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:Windowssystem32Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:Program Files (x86)BonjourmDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: dlcj_device - Unknown owner - C:Windowssystem32dlcjcoms.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesGATEWAYGateway Recovery ManagementServiceETService.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe (file missing)
O23 - Service: @%windir%system32inetsrviisres.dll,-30007 (IISADMIN) - Unknown owner - C:Windowssystem32inetsrvinetinfo.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:Program Files (x86)iPodbiniPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: MBackMonitor - McAfee - C:Program Files (x86)McAfeeMBKMBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:Program Files (x86)McAfeeSiteAdvisorMcSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:PROGRA~2McAfeeMSCmcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:PROGRA~2COMMON~1mcafeemnamcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:PROGRA~2COMMON~1mcafeemcproxymcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:PROGRA~1McAfeeVIRUSS~1mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:PROGRA~2McAfeeVIRUSS~1mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:Program Files (x86)McAfeeMPFMPFSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:Program Files (x86)McAfeeMSKMskSrver.exe
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:Windowssystem32mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
--
End of file - 15476 bytes
Scheduled tasks folder
C:WindowstasksErrorFix Scan.job
C:WindowstasksMcDefragTask.job
C:WindowstasksMcQcTask.job
C:WindowstasksParetoLogic Registration.job
C:WindowstasksParetoLogic Update Version2.job
C:WindowstasksUser_Feed_Synchronization-{231DFC6A-EEAA-43E8-AD66-F9242A5B73C0}.job
Registry dump
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:PROGRA~2mcafeemskmskapbho.dll [2009-01-09 246800]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2009-02-22 312928]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5A074B21-F830-49de-A31B-5BB9D7F6B407}]
AskBar BHO - C:Program Files (x86)AskBarbarbinaskBar.dll [2008-02-27 238544]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6E78479F-34AD-47D2-AC42-15AE2EC72F6F}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:Program Files (x86)MicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{78875F5C-A685-4405-8DC5-D48DC65452B0}]
CDelHotkeys Object - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll [2008-12-10 656624]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:Program Files (x86)McAfeeVirusScanscriptsn.dll [2009-03-25 62784]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll [2009-07-06 256112]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:Program Files (x86)GoogleGoogleToolbarNotifier5.2.4204.1700swg.dll [2009-07-06 761840]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:PROGRA~2mcafeeSITEAD~1mcieplg.dll [2008-11-14 150032]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:Program Files (x86)GoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll [2009-07-06 458736]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:Program Files (x86)MSNToolbar3.0.1008.0msneshellx.dll [2008-11-11 83800]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:Program Files (x86)Javajre6binjp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:Program Files (x86)Windows LiveToolbarwltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:Program Files (x86)EPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:Program Files (x86)MSNToolbar3.0.1008.0msneshellx.dll [2008-11-11 83800]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:PROGRA~2mcafeeSITEAD~1mcieplg.dll [2008-11-14 150032]
{61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - Delicious Toolbar - C:Program Files (x86)Delicious Add-on for Internet ExplorerDeliciousExtension.dll [2008-12-10 656624]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:Program Files (x86)Windows LiveToolbarwltcore.dll [2009-02-06 1068904]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:Program Files (x86)EPSONEPSON Web-To-PageEPSON Web-To-Page.dll [2005-02-22 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll [2009-07-06 256112]
{6E78479E-34AD-47D2-AC42-15AE2EC72F6F}
{5A074B29-F830-49de-A31B-5BB9D7F6B407} - Ask Toolbar - C:Program Files (x86)AskBarbarbinaskBar.dll [2008-02-27 238544]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
'mcagent_exe'=C:Program Files (x86)McAfee.comAgentmcagent.exe [2009-01-08 645328]
'TkBellExe'=C:Program Files (x86)Common FilesRealUpdate_OBrealsched.exe [2009-02-22 198160]
'AppleSyncNotifier'=C:Program Files (x86)Common FilesAppleMobile Device SupportbinAppleSyncNotifier.exe [2009-05-13 177472]
'McENUI'=C:PROGRA~2McAfeeMHNMcENUI.exe [2009-01-09 1176808]
'Adobe Reader Speed Launcher'=C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe [2008-06-12 34672]
'SunJavaUpdateSched'=C:Program Files (x86)Javajre6binjusched.exe [2009-03-09 148888]
'McAfee Backup'=C:Program Files (x86)McAfeeMBKMcAfeeDataBackup.exe [2009-01-09 5134864]
'QuickTime Task'=C:Program Files (x86)QuickTimeQTTask.exe [2009-05-26 413696]
'EEventManager'=C:PROGRA~2EPSONS~1EVENTM~1EEventManager.exe [2008-05-07 591696]
'ArcSoft Connection Service'=C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACDaemon.exe [2009-07-10 195072]
'iTunesHelper'=C:Program Files (x86)iTunesiTunesHelper.exe [2009-07-13 292128]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
'Sidebar'=C:Program FilesWindows Sidebarsidebar.exe [2009-04-11 1555968]
'ehTray.exe'=C:WindowsehomeehTray.exe [2008-01-20 138240]
'msnmsgr'=C:Program Files (x86)Windows LiveMessengermsnmsgr.exe [2009-02-06 3885408]
'EPSON Artisan 700 Series'=C:Windowssystem32spoolDRIVERSx643E_IATIENA.EXE [2008-04-06 221696]
'swg'=C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2009-07-06 39408]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe Reader Speed Launcher]
C:Program Files (x86)AdobeReader 8.0ReaderReader_sl.exe []
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregeRecoveryService]
[]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLchDrvKey]
C:WindowsLchDrvKey.exe [2007-03-28 36864]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregLedKey]
C:WindowsCNYHKey.exe [2008-04-23 339968]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNew Acer AlaunchX]
c:AcerPreloadCommandAlaunchXLaunchAlaunchX.exe [2008-07-16 200704]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregStartCCC]
C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe [2008-07-16 61440]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
C:Program Files (x86)Javajre1.6.0_05binjusched.exe [2008-02-22 144784]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTrigger New Acer AlaunchX]
c:AcerPreloadCommandAlaunchXAppInRun.exe [2008-07-16 8192]
C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup
Bluetooth.lnk - C:Program Files (x86)WIDCOMMBluetooth SoftwareBTTray.exe
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalmcmscsvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkmcmscsvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMCODS]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkMpfService]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfPf]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfRd]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfSvc]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWudfUsbccidDriver]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
'LogonHoursAction'=2
'DontDisplayLogonHoursWarnings'=1
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
'dontdisplaylastusername'=0
'legalnoticecaption'=
'legalnoticetext'=
'shutdownwithoutlogon'=1
'undockwithoutlogon'=1
'EnableUIADesktopToggle'=0
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
'NoDesktopCleanupWizard'=1
'NoDriveTypeAutoRun'=145
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
'NoActiveDesktop'=
'NoActiveDesktopChanges'=
'ForceActiveDesktopOn'=
'BindDirectlyToPropertySetStorage'=
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{7362e17a-38a0-11de-be1a-002268390744}]
shellAutoRuncommand - L:LaunchU3.exe -a
File associations
.js - edit - C:WindowsSysWOW64Notepad.exe %1
.js - open - C:WindowsSysWOW64WScript.exe '%1' %*
List of files/folders created in the last 1 months
2009-07-29 19:32:55 ----D---- C:rsit
2009-07-29 19:32:55 ----D---- C:Program Files (x86)trend micro
2009-07-29 10:35:02 ----D---- C:UsersMarkAppDataRoamingTemplate
2009-07-29 10:30:21 ----D---- C:Program Files (x86)MGTEK
2009-07-29 10:30:20 ----D---- C:Program Files (x86)Common FilesMGTEK
2009-07-29 10:28:42 ----D---- C:ProgramDataMGTEK
2009-07-29 07:06:56 ----D---- C:UsersMarkAppDataRoamingGetRightToGo
2009-07-29 06:37:00 ----D---- C:Program Files (x86)Enigma Software Group
2009-07-29 05:47:37 ----D---- C:Program Files (x86)CCleaner
2009-07-29 03:01:53 ----A---- C:Windowsdd_ATL80SP1_KB973923MSI42F5.txt
2009-07-29 03:01:48 ----A---- C:Windowsdd_ATL80SP1_KB973923UI42F5.txt
2009-07-29 03:01:23 ----A---- C:Windowsdd_ATL80SP1_KB973923MSI42A0.txt
2009-07-29 03:01:22 ----A---- C:Windowsdd_ATL80SP1_KB973923UI42A0.txt
2009-07-28 12:08:19 ----A---- C:Windowssystem32mshtml.dll
2009-07-28 12:08:18 ----A---- C:Windowssystem32ieframe.dll
2009-07-28 12:08:15 ----A---- C:Windowssystem32wininet.dll
2009-07-28 12:08:15 ----A---- C:Windowssystem32urlmon.dll
2009-07-28 12:08:15 ----A---- C:Windowssystem32iertutil.dll
2009-07-28 12:08:14 ----A---- C:Windowssystem32occache.dll
2009-07-28 12:08:14 ----A---- C:Windowssystem32msfeeds.dll
2009-07-28 12:08:14 ----A---- C:Windowssystem32iedkcs32.dll
2009-07-28 12:08:13 ----A---- C:Windowssystem32msfeedsbs.dll
2009-07-28 12:08:13 ----A---- C:Windowssystem32ieUnatt.exe
2009-07-28 12:08:13 ----A---- C:Windowssystem32ieui.dll
2009-07-28 12:08:13 ----A---- C:Windowssystem32iesysprep.dll
2009-07-28 12:08:13 ----A---- C:Windowssystem32iepeers.dll
2009-07-28 12:08:12 ----A---- C:Windowssystem32msfeedssync.exe
2009-07-28 12:08:12 ----A---- C:Windowssystem32jsproxy.dll
2009-07-28 12:08:12 ----A---- C:Windowssystem32iesetup.dll
2009-07-28 12:08:12 ----A---- C:Windowssystem32iernonce.dll
2009-07-28 12:08:12 ----A---- C:Windowssystem32ie4uinit.exe
2009-07-17 06:36:12 ----D---- C:Program Files (x86)AskBar
2009-07-17 06:36:05 ----D---- C:Program Files (x86)YouTube Downloader
2009-07-14 16:56:40 ----A---- C:Windowssystem32t2embed.dll
2009-07-14 16:56:40 ----A---- C:Windowssystem32fontsub.dll
2009-07-14 16:56:39 ----A---- C:Windowssystem32dciman32.dll
2009-07-14 16:56:39 ----A---- C:Windowssystem32atmfd.dll
2009-07-08 23:47:25 ----A---- C:Windowssystem32win27.exe
2009-07-07 08:25:46 ----A---- C:WindowsEEventManager.INI
2009-07-06 19:45:06 ----A---- C:WindowsDEBUGSM.INI
2009-07-06 17:05:17 ----ASH---- C:UsersMarkAppDataRoamingdesktop.ini
2009-07-05 16:08:22 ----D---- C:UsersMarkAppDataRoamingLudia
2009-07-05 16:08:22 ----D---- C:ProgramDataLudia
2009-07-05 14:43:33 ----D---- C:UsersMarkAppDataRoamingEpson
2009-07-05 08:38:02 ----D---- C:UsersMarkAppDataRoamingLeadertech
2009-07-05 08:32:14 ----D---- C:Program Files (x86)Common FilesEPSON
2009-07-05 08:15:13 ----D---- C:Program Files (x86)ABBYY FineReader 6.0 Sprint
2009-07-05 08:14:32 ----D---- C:ProgramDataArcSoft
2009-07-05 08:13:48 ----D---- C:UsersMarkAppDataRoamingArcsoft
2009-07-05 08:13:16 ----D---- C:Program Files (x86)Common FilesArcSoft
2009-07-05 08:13:16 ----D---- C:Program Files (x86)ArcSoft
2009-07-05 08:00:20 ----D---- C:Program Files (x86)Epson Software
2009-07-05 07:56:10 ----A---- C:Windowssystem32PICSDK2.dll
2009-07-05 07:56:10 ----A---- C:Windowssystem32PICSDK.ini
2009-07-05 07:56:09 ----A---- C:Windowssystem32PICSDK.dll
2009-07-05 07:56:09 ----A---- C:Windowssystem32PICEntry.dll
2009-07-05 07:56:09 ----A---- C:Windowssystem32EpPicPrt.dll
2009-07-05 07:56:09 ----A---- C:Windowssystem32EpPicMgr.dll
2009-07-05 07:56:08 ----D---- C:ProgramDataEPSON
2009-07-05 07:56:06 ----D---- C:UsersMarkAppDataRoamingInstallShield
2009-07-05 07:54:37 ----D---- C:Program Files (x86)epson
2009-07-05 07:54:03 ----A---- C:WindowsEPART700.ini
List of files/folders modified in the last 1 months
2009-07-29 19:33:23 ----D---- C:WindowsTemp
2009-07-29 19:33:14 ----D---- C:UsersMarkAppDataRoamingLimeWire
2009-07-29 19:32:55 ----RD---- C:Program Files (x86)
2009-07-29 19:07:50 ----D---- C:Windows
2009-07-29 11:51:14 ----D---- C:UsersMarkAppDataRoamingDelicious IE Extension
2009-07-29 10:35:02 ----SD---- C:UsersMarkAppDataRoamingMicrosoft
2009-07-29 10:30:26 ----SHD---- C:WindowsInstaller
2009-07-29 10:30:20 ----D---- C:Program Files (x86)Common Files
2009-07-29 10:30:06 ----SHD---- C:System Volume Information
2009-07-29 10:28:42 ----HD---- C:ProgramData
2009-07-29 09:20:15 ----D---- C:WindowsSystem32
2009-07-29 09:20:13 ----D---- C:Windowsinf
2009-07-29 06:58:31 ----D---- C:WindowsSysWOW64
2009-07-29 06:24:16 ----SD---- C:WindowsDownloaded Program Files
2009-07-29 06:05:41 ----D---- C:Program Files (x86)PC MightyMax 2009
2009-07-29 05:59:26 ----D---- C:WindowsDebug
2009-07-29 03:12:16 ----RD---- C:Users
2009-07-29 03:09:02 ----D---- C:Program Files (x86)Internet Explorer
2009-07-29 03:09:01 ----D---- C:Windowssystem32migration
2009-07-29 03:03:25 ----D---- C:Windowswinsxs
2009-07-21 11:20:58 ----D---- C:Program Files (x86)Safari
2009-07-21 11:19:26 ----D---- C:Program Files (x86)iTunes
2009-07-21 11:19:12 ----D---- C:Program Files (x86)iPod
2009-07-21 11:19:10 ----RD---- C:Program Files
2009-07-21 09:34:38 ----A---- C:Windowscdplayer.ini
2009-07-21 01:00:10 ----D---- C:ProgramDataNOS
2009-07-21 01:00:06 ----D---- C:Program Files (x86)NOS
2009-07-19 16:22:25 ----D---- C:UsersMarkAppDataRoaminglicenses
2009-07-17 06:18:48 ----HD---- C:Windowsmsdownld.tmp
2009-07-16 03:30:09 ----D---- C:Program Files (x86)Windows Mail
2009-07-13 01:27:04 ----HD---- C:Program Files (x86)InstallShield Installation Information
2009-07-11 04:39:27 ----D---- C:ProgramDataMcAfee
2009-07-11 04:33:07 ----D---- C:Program Files (x86)McAfee
2009-07-11 01:56:26 ----D---- C:WindowsPrefetch
2009-07-06 23:40:28 ----D---- C:Program Files (x86)Google
2009-07-06 23:39:14 ----D---- C:ProgramDataGoogle
2009-07-05 16:25:00 ----D---- C:ProgramDataWildTangent
2009-07-05 08:02:05 ----D---- C:Program Files (x86)Common FilesInstallShield
2009-07-05 07:54:37 ----D---- C:Windowstwain_32
2009-07-04 08:11:59 ----D---- C:WindowsLiveKernelReports
2009-07-04 05:24:36 ----D---- C:WindowsMicrosoft.NET
List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)
R1 mfehidk;McAfee Inc. mfehidk; C:Windowssystem32driversmfehidk.sys []
R1 MPFP;MPFP; C:WindowsSystem32DriversMpfp.sys []
R2 RMCAST;RMCAST (Pgm) Protocol Driver; C:Windowssystem32DRIVERSRMCAST.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:Windowssystem32DRIVERSagrsm64.sys []
R3 atikmdag;atikmdag; C:Windowssystem32DRIVERSatikmdag.sys []
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture; C:Windowssystem32driversAVer88xHD64.sys []
R3 BthEnum;Bluetooth Enumerator Service; C:Windowssystem32DRIVERSBthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:Windowssystem32DRIVERSbthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:WindowsSystem32DriversBTHUSB.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:Windowssystem32driversbtwaudio.sys []
R3 btwavdt;Bluetooth AVDT Service; C:Windowssystem32driversbtwavdt.sys []
R3 btwrchid;btwrchid; C:Windowssystem32DRIVERSbtwrchid.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WindowsSystem32DriversGEARAspiWDM.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:Windowssystem32driversRTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:Windowssystem32driversksthunk.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:Windowssystem32driversmfeavfk.sys []
R3 mfesmfk;McAfee Inc. mfesmfk; C:Windowssystem32driversmfesmfk.sys []
R3 MQAC;@mqutil.dll,-6101; C:Windowssystem32driversmqac.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:Windowssystem32DRIVERSrfcomm.sys []
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:WindowsSystem32DriversRTS5121.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:Windowssystem32driversRtHDMIVX.sys []
R3 WUDFRd;WUDFRd; C:Windowssystem32DRIVERSWUDFRd.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:Windowssystem32DRIVERSyk60x64.sys []
S2 int15;int15; ??C:WindowsSysWOW64driversint15_64.sys [2008-06-11 17952]
S3 BTHPORT;Bluetooth Port Driver; C:WindowsSystem32DriversBTHport.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:Windowssystem32driversdrmkaud.sys []
S3 fssfltr;FssFltr; C:Windowssystem32DRIVERSfssfltr.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:Windowssystem32driversHdAudio.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:Windowssystem32driversmferkdk.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:Windowssystem32driversMSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:Windowssystem32driversMSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:Windowssystem32driversMSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:Windowssystem32driversMSTEE.sys []
S3 Rts516xIR;Realtek IR Driver; C:Windowssystem32driversRts516xIR.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:WindowsSystem32Driversusbaapl64.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:Windowssystem32driversUSBCCID.sys []
S3 usbscan;USB Scanner Driver; C:Windowssystem32DRIVERSusbscan.sys []
S3 WpdUsb;WpdUsb; C:Windowssystem32DRIVERSwpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:Windowssystem32driverserrdev.sys []
S4 MegaSR;MegaSR; C:Windowssystem32driversmegasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:Windowssystem32driverswmiacpi.sys []
List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)
R2 ACDaemon;ArcSoft Connect Daemon; C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe [2009-02-06 109056]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:Windowssystem32agr64svc.exe []
R2 AppHostSvc;@%windir%system32inetsrviisres.dll,-30011; C:Windowssystem32svchost.exe [2008-01-20 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:Program Files (x86)Common FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe [2009-06-05 144712]
R2 Ati External Event Utility;Ati External Event Utility; C:Windowssystem32Ati2evxx.exe []
R2 Bonjour Service;Bonjour Service; C:Program Files (x86)BonjourmDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%System32bthserv.dll,-101; C:Windowssystem32svchost.exe [2008-01-20 21504]
R2 dlcj_device;dlcj_device; C:Windowssystem32dlcjcoms.exe -service []
R2 ETService;Empowering Technology Service; C:Program FilesGATEWAYGateway Recovery ManagementServiceETService.exe [2008-06-11 24576]
R2 IISADMIN;@%windir%system32inetsrviisres.dll,-30007; C:Windowssystem32inetsrvinetinfo.exe []
R2 iprip;@%Systemroot%system32iprip.dll,-200; C:WindowsSystem32svchost.exe [2008-01-20 21504]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:Program Files (x86)McAfeeSiteAdvisorMcSACore.exe [2008-12-05 206096]
R2 mcmscsvc;McAfee Services; C:PROGRA~2McAfeeMSCmcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:PROGRA~2COMMON~1mcafeemnamcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:PROGRA~2COMMON~1mcafeemcproxymcproxy.exe [2009-01-09 359952]
R2 McShield;McAfee Real-time Scanner; C:PROGRA~1McAfeeVIRUSS~1mcshield.exe [2009-03-25 153920]
R2 MpfService;McAfee Personal Firewall Service; C:Program Files (x86)McAfeeMPFMPFSrv.exe [2009-03-19 884360]
R2 MSK80Service;McAfee Anti-Spam Service; C:Program Files (x86)McAfeeMSKMskSrver.exe [2009-01-09 26640]
R2 MSMQ;@mqutil.dll,-6102; C:Windowssystem32mqsvc.exe []
R2 SeaPort;SeaPort; C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe [2009-05-19 240512]
R2 simptcp;@%SystemRoot%system32simptcp.dll,-200; C:WindowsSystem32tcpsvcs.exe [2006-11-02 9728]
R2 SNMP;@%SystemRoot%system32snmp.exe,-3; C:WindowsSystem32snmp.exe [2009-04-10 47616]
R2 W3SVC;@%windir%system32inetsrviisres.dll,-30003; C:Windowssystem32svchost.exe [2008-01-20 21504]
R3 iPod Service;iPod Service; C:Program Files (x86)iPodbiniPodService.exe [2009-07-13 542496]
R3 McSysmon;McAfee SystemGuards; C:PROGRA~2McAfeeVIRUSS~1mcsysmon.exe [2009-03-24 606736]
R3 WAS;@%windir%system32inetsrviisres.dll,-30001; C:Windowssystem32svchost.exe [2008-01-20 21504]
S3 aspnet_state;ASP.NET State Service; C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2009-03-29 89920]
S3 fsssvc;Windows Live Family Safety; C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe []
S3 MBackMonitor;MBackMonitor; C:Program Files (x86)McAfeeMBKMBackMonitor.exe [2009-01-09 68112]
S3 McODS;McAfee Scanner; C:PROGRA~1McAfeeVIRUSS~1mcods.exe [2009-04-01 696848]
S3 NtmsSvc;@%SystemRoot%system32ntmssvc.dll,-2; C:Windowssystem32svchost.exe [2008-01-20 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:Program Files (x86)Common FilesMicrosoft SharedOFFICE12ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:Program Files (x86)Common FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%sysWow64perfhost.exe,-2; C:WindowsSysWow64perfhost.exe [2008-01-20 19968]
S4 GameConsoleService;GameConsoleService; C:Program Files (x86)Gateway GamesGateway Game ConsoleGameConsoleService.exe [2009-07-09 250616]
S4 yksvc;Marvell Yukon Service; ykx64coinst,serviceStartProc []
-----------------EOF-----------------
by Martin Brinkmann on December 29, 2017 in Misc, Tutorials - Last Update: January 04, 2018 - 17 comments
Win32 programs have a lot of flexibility when it comes to the installation process. Programs may install in various directories, may write to the Registry, or run on system start without asking the user about it.
Most programs install in one of the 'official' program folders. There is c:Program Files for 64-bit applications, and c:Program Files (x86) for 32-bit programs.
It often happens that the removal of programs leaves traces of the program on the system. It may be an empty start menu folder, values in the Registry, or files and folders on a connected hard drive.
Leftovers don't cause functionality issues usually. There are exceptions to the rule, but the vast majority of leftovers have no impact on a system's performance or stability.
They may cause other issues however like wasting disk space or making it more difficult to navigate the Start Menu or folders.
Cleaning up the Windows Program Files folder
You can use a program like the free Bulk Crap Uninstaller to clean up the program files folder. While you can do so manually as well, using Bulk Crap Uninstaller has the advantage that you can remove multiple orphan folders in one operation, and that you get a second opinion in the form of a confidence rating.
Tip: check out our review of Bulk Crap Uninstaller if you are new to the program. It highlights all important program features and helps you get acquainted with the application.
If you use custom install locations, do the following before you continue: select Tools > Settings > Folders, and add any custom installation folder to the listing. The program crawls any custom folder you add there for leftovers when you run the leftover removal tool.
Select Tools > Clean up 'program files' folders to get started. The scan takes a couple of seconds to complete. Bulk Crap Uninstaller lists folders in the program files directories that it identified as an orphan.
The program lists the full folder path and a reputation rating for each item. The reputation algorithm uses positive and negative identifiers. A positive identifier is an empty program folder, for instance, a negative one if files are present.
Note: There is no backup or creation of a System Restore point prior to the removal. If you want to be on the save side, create a backup first before you proceed.
The author of the application suggests that you mark folders with very good or good reputation ratings only.
What you may want to do first is to verify the findings of the program. While you can mark any program for deletion that you identify as uninstalled already, it is likely that you cannot do that for all the orphan programs listed by Bulk Crap Uninstaller.
A double-click on an entry opens the program folder on the local system. You can right-click and select open from the context menu alternatively if you prefer it that way.
A click on the details entry of the context menu opens the list of positive and negative modifiers used by the confidence rating algorithm.
You can export the list of orphan program folders with a click on the export button, and change the default list of checked items as well. There is no option to uncheck all items to start with a clean slate, unfortunately.
The best way to go about it is to select only very good items and uncheck those manually afterward.
Select the program locations that you want to be removed from the system, and hit the delete selected button then to delete them.
Closing Words
The leftover removal scan of Bulk Crap Uninstaller takes care of orphan program folders that are not deleted properly during the removal of installed programs on Windows PCs. It is easy to use but could benefit from a couple of usability enhancements such as an option to uncheck all items, or an option to create a backup before running delete operations.
Now You: How do you handle orphan program files and folders?
How to clean up the Windows Program Files folder
Description
Your Windows program files folder is growing like crazy? Find out how to clean it up by searching for orphan program folders and removing them in bulk.
Author
Ghacks Technology News
Logo
Advertisement