Lately I've been getting the BSOD atleast once a day. The info that gives me is as followed:

A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching and shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advance Startup options, and then select Safe Mode.

Technical Information:

*** STOP: 0x0000008E (0xC0000005, 0X8FEAC1D9, 0XAF17B204, 0X00000000)

*** Klif.sys - Address 8FEAC1D9base at 8FE8D000, DateStamp 4afabcf7
------------------------------------------
The only thing I tried was going into Safe Mode> Control Panel> System> Device Manager
from there I deleted the progams with an exclamation mark next to it. The 3 of them were unidentified programs.
Then I ran Spybot- Search & Destroy and eliminated everything it found.
I still got the message again.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My Hijack This Log:

Code:

 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:15 PM, on 11/3/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP® - Laptops, Desktop, Printers, Servers, and more
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP® - Laptops, Desktop, Printers, Servers, and more
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [CaptureIt] C:\Program Files\CaptureIt\CaptureIt.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Cool Tattoos Feed Reader] C:\Program Files\Cool Tattoos Feed Reader\CustomReader.exe /background
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://p.playfirst.com/play/game/fas...b.1.0.0.21.cab
O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://p.playfirst.com/play/game/spo...b.1.0.0.17.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Page Not Found | Facebook
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://p.playfirst.com/play/game/coo...eb.1.0.0.9.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) - http://p.playfirst.com/play/game/fit...b.1.0.0.11.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://p.playfirst.com/play/game/dog...h.1.0.0.10.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/...sticsVista.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540400} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540003} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/d...h.1.0.0.93.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/ins...loader_v10.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 18118 bytes

There is lot of things that I don't even know how they got there, maybe my kids downloaded them...

Hello,

My name is Richard, and I will be helping you with this problem. In actual fact, I am not incredible with BSoDs, I can do the simple ones, but nothing advanced, and so I will probably call in more of an expert to help us. I will deal with your HiJackThis log, while he deals with the BSoD, so please follow both of our advice together. But at first, I will do the routine BSoD work.

This error you see (Blue Screen of Death (BSoD)) can be caused by malware, but in this case I think not. Your HiJackThis log shows nothing really dangerous, but a little bit of junk and Adware, and I will help you deal with that.

Your BSoD is caused by a Kaspersky driver, your Anti-Virus software. What I need to know is how happy you are to remove this software. Have you paid for it? When is it due to expire? Do you like it? I will never force you to remove it, but removing it will solve the problem. If you choose to try and fix it, I will gather all required data, and then bring in the expert to try and fix it for you, or else, we could switch to a very good (in my opinion, better), free Anti-Virus program. Your choice.


Anyway, please do all of the following.

For the BSoD:

STEP ONE:

Please navigate to C:\Windows\Minidumps, highlight everything in that folder, right click on one, while still highlighted, Sent To > Compressed (Zipped) folder, copy that zip archive (file or folder) to your Desktop, and upload it to your next post. This is crucial!

STEP TWO:

Please go to here: VistaForums SysInfo Tool and create a log Selecting Everything. Either upload it to your next reply, or put it in a Code box.


For the Junk:

STEP ONE:

If you can, please post the Spyware Search and Destroy Log.

STEP TWO:

TFC (Temp File Cleaner) - Download - Homepage
Why? This will remove unneeded temporary files from your system, make automated scans that follow run faster, and save you time. Many infections also load from a temporary file location.

• Download TFC to your desktop, or other location.
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• If prompted, click "Yes" to reboot.

Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.


STEP THREE:

Malwarebytes' Anti-Malware a.k.a. MBAM - Download Free Version (freeware) - Homepage
Why? Malwarebytes' Anti-Malware is very good at removing the zlob trojan, virtumonde, and most other current infections. This single tool has replaced multiple tools that have been required in the past.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, confirm a check mark is placed next to the following:
  
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. The rogue application should now be gone.

When completed, a log will open in Notepad. If you need to create a new topic, please paste this log with it.

Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.

Extra Note: Do not run a full scan with MBAM. It is not required or needed, and in fact makes our job tougher.


STEP FOUR:
Disable resident protections (Antivirus...); re-enable them after the scan

Download ToolBar S&D < here

Double-click ToolBar S&D.exe
Choose the language, then choose Option 2 (Fix)
Wait till the end of the scan
Post the log which was created: (%SystemDrive%\TB.txt)


STEP FIVE:

Post a new HiJackThis log:


Thanks! You will get helped, and I know there is a lot there!

Richard

I can't create the zip file. Is giving me an ERROR message.
It says:
File not found or no read permission.

*************************************************************
********************** Computer Info ************************
*************************************************************
Logged in user: Family\Yessi
Computer Model: KJ387AA-ABA a6403w
Computer Manufacturer: HP-Pavilion
OS Name: Microsoft® Windows Vista™ Home Premium |C:\Windows|\Device\Harddisk0\Partition1
OS Version: 6.0.6002
System Type: X86-based PC
Total Physical Memory: 1916 MB
Windows Directory: C:\Windows
BIOS Version: Phoenix - AwardBIOS v6.00PG
CPU: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Video Card: NVIDIA GeForce 7100 / NVIDIA nForce 630i
Resolution: 1440 x 900 x 4294967296 colors


*************************************************************
*********************** UAC Status **************************
*************************************************************
UAC is currently enabled


*************************************************************
***************** Installed Applications ********************
*************************************************************

HP Driver Diagnostics - Location: C:\Program Files\Hp\
Windows Media Player Firefox Plugin - Location:
HP Product Detection - Location: C:\Program Files\HP\Common\
RealUpgrade 1.0 - Location:
erLT - Location: C:\Program Files\Logitech\Ereg\
Microsoft Office OneNote MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Groove Setup Metadata MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office InfoPath MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Access MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Shared Setup Metadata MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Excel MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Access Setup Metadata MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office PowerPoint MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Publisher MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Outlook MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Groove MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Word MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Proofing (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Shared MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Proof (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Proof (Spanish) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Proof (French) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Enterprise 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Professional 2007 - Location: C:\Program Files\Microsoft Office\
D1400 - Location:
AIO_CDB_ProductContext - Location:
dj_sf_software_req - Location:
HPPhotoSmartPhotobookWebPack1 - Location:
HP Photosmart Essential 2.5 - Location:
HP Update - Location:
PowerDirector - Location: c:\Program Files\Cyberlink\PowerDirector\
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - Location:
Microsoft Works - Location:
VoiceOver Kit - Location: C:\Program Files\iTunes\
CameraHelperMsi - Location:
Snapfish Picture Mover - Location: C:\Program Files\Snapfish Picture Mover\
Microsoft_VC90_CRT_x86 - Location: C:\Program Files\Adobe\My Product Name\
Logitech Vid - Location: C:\Program Files\Logitech\Vid\
Adobe Elements Inspiration Browser - Location: C:\Program Files\Adobe\PhotoshopdotcomInspirationBrowser
Google Toolbar for Internet Explorer - Location: C:\Program Files\Google\Installers\
Microsoft SQL Server 2005 Compact Edition [ENU] - Location: C:\Program Files\Microsoft SQL Server Compact Edition\
Roxio Creator Audio - Location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Audio\
Microsoft_VC80_MFC_x86 - Location: C:\Program Files\Adobe\My Product Name\
Roxio Media Manager - Location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\
HP Advisor - Location: C:\Program Files\Hewlett-Packard\HP Advisor\
Microsoft_VC80_MFCLOC_x86 - Location: C:\Program Files\Adobe\My Product Name\
Microsoft .NET Framework 3.5 SP1 - Location:
Windows Mobile Device Center - Location:
LWS VideoEffects - Location:
OGA Notifier 2.0.0048.0 - Location:
Apple Mobile Device Support - Location: C:\Program Files\Common Files\Apple\Mobile Device Support\
Roxio Creator EasyArchive - Location:
Microsoft Visual C++ 2005 Redistributable - Location:
Windows Live Photo Gallery - Location:
Apple Application Support - Location: C:\Program Files\Common Files\Apple\Apple Application Support\
BufferChm - Location:
dj_sf_ProductContext - Location:
LWS Webcam Software - Location:
LWS YouTube Plugin - Location:
WebReg - Location:
PanoStandAlone - Location:
Java(TM) 6 Update 18 - Location: C:\Program Files\Java\jre6\
Windows Mobile Device Center Driver Update - Location:
Acrobat.com - Location: C:\Program Files\Adobe\Acrobat_com
Hewlett-Packard Asset Agent for Health Check - Location:
LWS Facebook - Location:
Greeting Card Factory Express Workshop - Location:
Microsoft .NET Framework 4 Client Profile - Location:
Adobe Media Player - Location: C:\Program Files\Adobe Media Player
Adobe Reader 9.3 - Location: C:\Program Files\Adobe\Reader 9.0\Reader\
Windows Live ID Sign-in Assistant - Location:
MSXML 4.0 SP2 (KB973688) - Location:
Sonic Creator Copy - Location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Copy\
D1400_Help - Location:
Roxio Activation Module - Location: C:\Program Files\Common Files\Roxio Shared\DLLShared\
TrayApp - Location:
HPProductAssistant - Location:
LWS Video Mask Maker - Location:
LightScribeTemplateLabeler - Location: C:\Program Files\LightScribeTemplateLabeler\
Windows Live Mail - Location:
MarketResearch - Location:
Compaq Demo - Location:
LWS Pictures And Video - Location:
Java(TM) SE Runtime Environment 6 Update 1 - Location:
Roxio Media Manager - Location: C:\Program Files\Roxio\
OverDrive Media Console - Location:
Microsoft_VC80_ATL_x86 - Location: C:\Program Files\Adobe\My Product Name\
Microsoft_VC80_CRT_x86 - Location: C:\Program Files\Adobe\My Product Name\
Bonjour - Location: C:\Program Files\Bonjour\
Google Update Helper - Location:
Kaspersky Internet Security 2010 - Location: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\
PSSWCORE - Location:
Apple Software Update - Location: C:\Program Files\Apple Software Update\
Cards_Calendar_OrderGift_DoMorePlugout - Location:
SolutionCenter - Location:
CustomerResearchQFolder - Location:
DeviceDiscovery - Location:
PDF Settings CS5 - Location:
Adobe Community Help - Location: C:\Program Files\Adobe\Adobe Help
Hewlett-Packard Active Check - Location:
Skype™ 4.2 - Location: C:\Program Files\Skype\
SmartWebPrinting - Location:
Windows Live installer - Location:
Microsoft Visual C++ 2005 Redistributable - Location:
Microsoft_VC90_MFC_x86 - Location: C:\Program Files\Adobe\My Product Name\
LWS WLM Plugin - Location:
HPSSupply - Location: C:\Program Files\HP\
eSupportQFolder - Location:
LightScribe System Software - Location: C:\Program Files\Common Files\LightScribe\
iTunes - Location: C:\Program Files\iTunes\
LWS Launcher - Location:
LWS Gallery - Location:
VC80CRTRedist - 8.0.50727.762 - Location:
UnloadSupport - Location:
dj_sf_software - Location:
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - Location:
Adobe AIR - Location: c:\Program Files\Common Files\Adobe AIR\
Microsoft Silverlight - Location: c:\Program Files\Microsoft Silverlight\
Toolbox - Location:
MSXML 4.0 SP2 (KB954430) - Location:
Roxio Creator Data - Location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Data\
Status - Location:
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - Location:
QuickTime - Location: C:\Program Files\QuickTime\
LWS Help_main - Location:
HP Product Assistant - Location: C:\Program Files\HP\Digital Imaging\Product Assistant\
VideoToolkit01 - Location:
Microsoft_VC90_ATL_x86 - Location: C:\Program Files\Adobe\My Product Name\
HP Customer Feedback - Location:
LWS Motion Detection - Location:
Java Auto Updater - Location:
HP Active Support Library - Location: c:\Program Files\Hewlett-Packard\HP Health Check\
Content Transfer - Location: C:\Program Files\Sony\Content Transfer\


*************************************************************
************************* Services **************************
*************************************************************

------------------------------------------
Name: Application Experience
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: AffinegyService
Path: "C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: Akamai NetSession Interface
Path: C:\Windows\System32\svchost.exe -k Akamai
StartMode: Auto
State: Running
------------------------------------------
Name: Application Layer Gateway Service
Path: C:\Windows\System32\alg.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Application Information
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Manual
State: Running
------------------------------------------
Name: Apple Mobile Device
Path: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Audio Endpoint Builder
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Audio
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Kaspersky Internet Security
Path: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" -r
StartMode: Auto
State: Running
------------------------------------------
Name: Base Filtering Engine
Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
StartMode: Auto
State: Running
------------------------------------------
Name: Background Intelligent Transfer Service
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Bonjour Service
Path: "C:\Program Files\Bonjour\mDNSResponder.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: Computer Browser
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Bluetooth Support Service
Path: C:\Windows\system32\svchost.exe -k bthsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Certificate Propagation
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: Microsoft .NET Framework NGEN v2.0.50727_X86
Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
StartMode: Disabled
State: Stopped
------------------------------------------
Name: Microsoft .NET Framework NGEN v4.0.30319_X86
Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
StartMode: Auto
State: Stopped
------------------------------------------
Name: COM+ System Application
Path: C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
StartMode: Manual
State: Stopped
------------------------------------------
Name: Cryptographic Services
Path: C:\Windows\system32\svchost.exe -k NetworkService
StartMode: Auto
State: Running
------------------------------------------
Name: DCOM Server Process Launcher
Path: C:\Windows\system32\svchost.exe -k DcomLaunch
StartMode: Auto
State: Running
------------------------------------------
Name: DFS Replication
Path: C:\Windows\system32\DFSR.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: DHCP Client
Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: DNS Client
Path: C:\Windows\system32\svchost.exe -k NetworkService
StartMode: Auto
State: Running
------------------------------------------
Name: Wired AutoConfig
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: Diagnostic Policy Service
Path: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
StartMode: Auto
State: Running
------------------------------------------
Name: Extensible Authentication Protocol
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Manual
State: Running
------------------------------------------
Name: Windows Media Center Receiver Service
Path: C:\Windows\ehome\ehRecvr.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Media Center Scheduler Service
Path: C:\Windows\ehome\ehsched.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Media Center Service Launcher
Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
StartMode: Auto
State: Stopped
------------------------------------------
Name: ReadyBoost
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Event Log
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: COM+ Event System
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: Function Discovery Provider Host
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Running
------------------------------------------
Name: Function Discovery Resource Publication
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Font Cache Service
Path: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Presentation Foundation Font Cache 3.0.0.0
Path: C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
StartMode: Manual
State: Running
------------------------------------------
Name: GameConsoleService
Path: "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Group Policy Client
Path: C:\Windows\system32\svchost.exe -k GPSvcGroup
StartMode: Auto
State: Running
------------------------------------------
Name: Google Update Service (gupdate)
Path: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
StartMode: Auto
State: Stopped
------------------------------------------
Name: Google Software Updater
Path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Human Interface Device Access
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: Health Key and Certificate Management
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: HP Health Check Service
Path: "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: hpqcxs08
Path: C:\Windows\system32\svchost.exe -k hpdevmgmt
StartMode: Manual
State: Running
------------------------------------------
Name: HP CUE DeviceDiscovery Service
Path: C:\Windows\system32\svchost.exe -k hpdevmgmt
StartMode: Auto
State: Running
------------------------------------------
Name: InstallDriver Table Manager
Path: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows CardSpace
Path: "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: IKE and AuthIP IPsec Keying Modules
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: PnP-X IP Bus Enumerator
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: IP Helper
Path: C:\Windows\System32\svchost.exe -k NetSvcs
StartMode: Auto
State: Running
------------------------------------------
Name: iPod Service
Path: "C:\Program Files\iPod\bin\iPodService.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: CNG Key Isolation
Path: C:\Windows\system32\lsass.exe
StartMode: Manual
State: Running
------------------------------------------
Name: KtmRm for Distributed Transaction Coordinator
Path: C:\Windows\System32\svchost.exe -k NetworkService
StartMode: Auto
State: Running
------------------------------------------
Name: Server
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Workstation
Path: C:\Windows\System32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: LightScribeService Direct Disc Labeling Service
Path: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: Link-Layer Topology Discovery Mapper
Path: C:\Windows\System32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: TCP/IP NetBIOS Helper
Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Process Monitor
Path: "C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: McAfee SiteAdvisor Service
Path: c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Media Center Extender Service
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Disabled
State: Stopped
------------------------------------------
Name: Microsoft Office Groove Audit Service
Path: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Multimedia Class Scheduler
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Firewall
Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
StartMode: Auto
State: Running
------------------------------------------
Name: Distributed Transaction Coordinator
Path: C:\Windows\System32\msdtc.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Microsoft iSCSI Initiator Service
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Installer
Path: C:\Windows\system32\msiexec /V
StartMode: Manual
State: Running
------------------------------------------
Name: Network Access Protection Agent
Path: C:\Windows\System32\svchost.exe -k NetworkService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Net Driver HPZ12
Path: C:\Windows\System32\svchost.exe -k HPZ12
StartMode: Auto
State: Stopped
------------------------------------------
Name: Netlogon
Path: C:\Windows\system32\lsass.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Network Connections
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Manual
State: Running
------------------------------------------
Name: Network List Service
Path: C:\Windows\System32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: Net.Tcp Port Sharing Service
Path: "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
StartMode: Disabled
State: Stopped
------------------------------------------
Name: Network Location Awareness
Path: C:\Windows\System32\svchost.exe -k NetworkService
StartMode: Auto
State: Running
------------------------------------------
Name: Network Store Interface Service
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: NVIDIA Display Driver Service
Path: C:\Windows\system32\nvvsvc.exe
StartMode: Auto
State: Running
------------------------------------------
Name: Microsoft Office Diagnostics Service
Path: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Office Source Engine
Path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Peer Networking Identity Manager
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: Peer Networking Grouping
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: Program Compatibility Assistant Service
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Performance Logs & Alerts
Path: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
StartMode: Manual
State: Stopped
------------------------------------------
Name: Plug and Play
Path: C:\Windows\system32\svchost.exe -k DcomLaunch
StartMode: Auto
State: Running
------------------------------------------
Name: Pml Driver HPZ12
Path: C:\Windows\System32\svchost.exe -k HPZ12
StartMode: Auto
State: Stopped
------------------------------------------
Name: PNRP Machine Name Publication Service
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: Peer Name Resolution Protocol
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: IPsec Policy Agent
Path: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: User Profile Service
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Protected Storage
Path: C:\Windows\system32\lsass.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Quality Windows Audio Video Experience
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Mobile-based device connectivity
Path: C:\Windows\system32\svchost.exe -k WindowsMobile
StartMode: Auto
State: Running
------------------------------------------
Name: Remote Access Auto Connection Manager
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: Remote Access Connection Manager
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Manual
State: Running
------------------------------------------
Name: Routing and Remote Access
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Disabled
State: Stopped
------------------------------------------
Name: Remote Registry
Path: C:\Windows\system32\svchost.exe -k regsvc
StartMode: Manual
State: Stopped
------------------------------------------
Name: Roxio UPnP Renderer 9
Path: "C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Roxio Upnp Server 9
Path: "C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe"
StartMode: Auto
State: Stopped
------------------------------------------
Name: LiveShare P2P Server 9
Path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"
StartMode: Auto
State: Stopped
------------------------------------------
Name: RoxMediaDB9
Path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Roxio Hard Drive Watcher 9
Path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
StartMode: Auto
State: Stopped
------------------------------------------
Name: Remote Procedure Call (RPC) Locator
Path: C:\Windows\system32\locator.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Remote Procedure Call (RPC)
Path: C:\Windows\system32\svchost.exe -k rpcss
StartMode: Auto
State: Running
------------------------------------------
Name: Security Accounts Manager
Path: C:\Windows\system32\lsass.exe
StartMode: Auto
State: Running
------------------------------------------
Name: SBSD Security Center Service
Path: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
StartMode: Auto
State: Running
------------------------------------------
Name: Smart Card
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Task Scheduler
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Smart Card Removal Policy
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Backup
Path: C:\Windows\system32\svchost.exe -k SDRSVC
StartMode: Manual
State: Stopped
------------------------------------------
Name: Secondary Logon
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: System Event Notification Service
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Terminal Services Configuration
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: Internet Connection Sharing (ICS)
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Disabled
State: Stopped
------------------------------------------
Name: Shell Hardware Detection
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Software Licensing
Path: C:\Windows\system32\SLsvc.exe
StartMode: Auto
State: Running
------------------------------------------
Name: SL UI Notification Service
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: SNMP Trap
Path: C:\Windows\System32\snmptrap.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Print Spooler
Path: C:\Windows\System32\spoolsv.exe
StartMode: Auto
State: Running
------------------------------------------
Name: SSDP Discovery
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Running
------------------------------------------
Name: Secure Socket Tunneling Protocol Service
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Running
------------------------------------------
Name: Windows Image Acquisition (WIA)
Path: C:\Windows\system32\svchost.exe -k imgsvc
StartMode: Auto
State: Running
------------------------------------------
Name: Adobe SwitchBoard
Path: "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Microsoft Software Shadow Copy Provider
Path: C:\Windows\System32\svchost.exe -k swprv
StartMode: Manual
State: Stopped
------------------------------------------
Name: Superfetch
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Tablet PC Input Service
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Telephony
Path: C:\Windows\System32\svchost.exe -k NetworkService
StartMode: Manual
State: Running
------------------------------------------
Name: TPM Base Services
Path: C:\Windows\System32\svchost.exe -k LocalService
StartMode: Auto
State: Stopped
------------------------------------------
Name: Terminal Services
Path: C:\Windows\System32\svchost.exe -k NetworkService
StartMode: Auto
State: Running
------------------------------------------
Name: Themes
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Thread Ordering Server
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Distributed Link Tracking Client
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Modules Installer
Path: C:\Windows\servicing\TrustedInstaller.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Interactive Services Detection
Path: C:\Windows\system32\UI0Detect.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: UPnP Device Host
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: Desktop Window Manager Session Manager
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Virtual Disk
Path: C:\Windows\System32\vds.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Viewpoint Manager Service
Path: "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: Volume Shadow Copy
Path: C:\Windows\system32\vssvc.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Time
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Mobile-2003-based device connectivity
Path: C:\Windows\system32\svchost.exe -k WindowsMobile
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Connect Now - Config Registrar
Path: C:\Windows\System32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Color System
Path: C:\Windows\system32\svchost.exe -k wcssvc
StartMode: Manual
State: Stopped
------------------------------------------
Name: Diagnostic Service Host
Path: C:\Windows\System32\svchost.exe -k wdisvc
StartMode: Manual
State: Stopped
------------------------------------------
Name: Diagnostic System Host
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Manual
State: Running
------------------------------------------
Name: WebClient
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Event Collector
Path: C:\Windows\system32\svchost.exe -k NetworkService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Problem Reports and Solutions Control Panel Support
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Error Reporting Service
Path: C:\Windows\System32\svchost.exe -k WerSvcGroup
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Defender
Path: C:\Windows\System32\svchost.exe -k secsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: WinHTTP Web Proxy Auto-Discovery Service
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Management Instrumentation
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Remote Management (WS-Management)
Path: C:\Windows\System32\svchost.exe -k NetworkService
StartMode: Manual
State: Stopped
------------------------------------------
Name: WLAN AutoConfig
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Live ID Sign-in Assistant
Path: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Live Setup Service
Path: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: WMI Performance Adapter
Path: C:\Windows\system32\wbem\WmiApSrv.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Media Player Network Sharing Service
Path: "C:\Program Files\Windows Media Player\wmpnetwk.exe"
StartMode: Manual
State: Running
------------------------------------------
Name: Parental Controls
Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Portable Device Enumerator Service
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Presentation Foundation Font Cache 4.0.0.0
Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Security Center
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Search
Path: C:\Windows\system32\SearchIndexer.exe /Embedding
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Update
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Driver Foundation - User-mode Driver Framework
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: XAudioService
Path: C:\Windows\system32\DRIVERS\xaudio.exe
StartMode: Auto
State: Running
------------------------------------------
Name: Yahoo! Updater
Path: "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
StartMode: Auto
State: Running
------------------------------------------


*************************************************************
******************** Installed Codecs ***********************
*************************************************************
------------------------------------------
Name: C:\Windows\system32\IMAADP32.ACM Description:
Version: 6.0.6000.16386
Path: \windows\system32\
FileName: imaadp32
------------------------------------------
Name: C:\Windows\system32\MSRLE32.DLL Description:
Version: 6.0.6002.18158
Path: \windows\system32\
FileName: msrle32
------------------------------------------
Name: C:\Windows\system32\MSVIDC32.DLL Description:
Version: 6.0.6002.18158
Path: \windows\system32\
FileName: msvidc32
------------------------------------------
Name: C:\Windows\system32\DIVX.DLL Description: DivX 6.8.5 Codec
Version: 6.8.5.5
Path: \windows\system32\
FileName: divx
------------------------------------------
Name: C:\Windows\system32\L3CODECP.ACM Description:
Version: 3.4.0.0
Path: \windows\system32\
FileName: l3codecp
------------------------------------------
Name: C:\Windows\system32\ICCVID.DLL Description:
Version: 1.10.0.13
Path: \windows\system32\
FileName: iccvid
------------------------------------------
Name: C:\Windows\system32\MSADP32.ACM Description:
Version: 6.0.6000.16386
Path: \windows\system32\
FileName: msadp32
------------------------------------------
Name: C:\Windows\system32\L3CODECA.ACM Description: Fraunhofer IIS MPEG Layer-3 Codec
Version: 1.9.0.402
Path: \windows\system32\
FileName: l3codeca
------------------------------------------
Name: C:\Windows\system32\TSBYUV.DLL Description:
Version: 6.0.6002.18158
Path: \windows\system32\
FileName: tsbyuv
------------------------------------------
Name: C:\Windows\system32\LVCODEC2.DLL Description:
Version: 13.0.1783.0
Path: \windows\system32\
FileName: lvcodec2
------------------------------------------
Name: C:\Windows\system32\IYUV_32.DLL Description:
Version: 6.0.6002.18158
Path: \windows\system32\
FileName: iyuv_32
------------------------------------------
Name: C:\Windows\system32\MSYUV.DLL Description:
Version: 6.0.6002.18158
Path: \windows\system32\
FileName: msyuv
------------------------------------------
Name: C:\Windows\system32\MSGSM32.ACM Description:
Version: 6.0.6000.16386
Path: \windows\system32\
FileName: msgsm32
------------------------------------------
Name: C:\Windows\system32\MSG711.ACM Description:
Version: 6.0.6000.16386
Path: \windows\system32\
FileName: msg711
------------------------------------------


*************************************************************
*********************** Hot Fixes ***************************
*************************************************************
Description:
HotFixID: {331B99C1-4C7B-4E90-848E-C6F90047E126}
------------------------------------------
Description:
HotFixID: {36FE6700-97C3-4CE4-BC23-B7A127BC3987}
------------------------------------------
Description:
HotFixID: {A2B15D44-B3D7-4696-8458-A0986C28AFD0}
------------------------------------------
Description: Update
HotFixID: KB971513
------------------------------------------
Description: Update
HotFixID: KB971512
------------------------------------------
Description: Update
HotFixID: KB960362
------------------------------------------
Description: Update
HotFixID: KB971514
------------------------------------------
Description: Security Update
HotFixID: KB2079403
------------------------------------------
Description: Security Update
HotFixID: KB2160329
------------------------------------------
Description: Security Update
HotFixID: KB2183461
------------------------------------------
Description: Security Update
HotFixID: KB2286198
------------------------------------------
Description: Update
HotFixID: KB905866
------------------------------------------
Description: Update
HotFixID: KB935509
------------------------------------------
Description: Update
HotFixID: KB937287
------------------------------------------
Description: Update
HotFixID: KB938371
------------------------------------------
Description: Security Update
HotFixID: KB938464
------------------------------------------
Description: Security Update
HotFixID: KB941693
------------------------------------------
Description: Update
HotFixID: KB947562
------------------------------------------
Description: Security Update
HotFixID: KB948590
------------------------------------------
Description: Update
HotFixID: KB948609
------------------------------------------
Description: Update
HotFixID: KB948610
------------------------------------------
Description: Update
HotFixID: KB950124
------------------------------------------
Description: Update
HotFixID: KB950125
------------------------------------------
Description: Update
HotFixID: KB950126
------------------------------------------
Description: Security Update
HotFixID: KB950582
------------------------------------------
Description: Security Update
HotFixID: KB950759
------------------------------------------
Description: Security Update
HotFixID: KB950760
------------------------------------------
Description: Security Update
HotFixID: KB950762
------------------------------------------
Description: Security Update
HotFixID: KB950974
------------------------------------------
Description: Security Update
HotFixID: KB951066
------------------------------------------
Description: Update
HotFixID: KB951072
------------------------------------------
Description: Security Update
HotFixID: KB951376
------------------------------------------
Description: Update
HotFixID: KB951618
------------------------------------------
Description: Security Update
HotFixID: KB951698
------------------------------------------
Description: Update
HotFixID: KB951978
------------------------------------------
Description: Security Update
HotFixID: KB952004
------------------------------------------
Description: Security Update
HotFixID: KB952069
------------------------------------------
Description: Hotfix
HotFixID: KB952287
------------------------------------------
Description: Update
HotFixID: KB952709
------------------------------------------
Description: Security Update
HotFixID: KB953155
------------------------------------------
Description: Security Update
HotFixID: KB953733
------------------------------------------
Description: Security Update
HotFixID: KB953838
------------------------------------------
Description: Security Update
HotFixID: KB953839
------------------------------------------
Description: Security Update
HotFixID: KB954154
------------------------------------------
Description: Security Update
HotFixID: KB954155
------------------------------------------
Description: Security Update
HotFixID: KB954211
------------------------------------------
Description: Update
HotFixID: KB954366
------------------------------------------
Description: Security Update
HotFixID: KB954459
------------------------------------------
Description: Update
HotFixID: KB955020
------------------------------------------
Description: Security Update
HotFixID: KB955069
------------------------------------------
Description: Update
HotFixID: KB955302
------------------------------------------
Description: Update
HotFixID: KB955430
------------------------------------------
Description: Update
HotFixID: KB955519
------------------------------------------
Description: Update
HotFixID: KB955839
------------------------------------------
Description: Update
HotFixID: KB956250
------------------------------------------
Description: Security Update
HotFixID: KB956390
------------------------------------------
Description: Security Update
HotFixID: KB956391
------------------------------------------
Description: Security Update
HotFixID: KB956572
------------------------------------------
Description: Security Update
HotFixID: KB956744
------------------------------------------
Description: Security Update
HotFixID: KB956802
------------------------------------------
Description: Security Update
HotFixID: KB956841
------------------------------------------
Description: Security Update
HotFixID: KB957095
------------------------------------------
Description: Security Update
HotFixID: KB957097
------------------------------------------
Description: Update
HotFixID: KB957200
------------------------------------------
Description: Update
HotFixID: KB957321
------------------------------------------
Description: Update
HotFixID: KB957388
------------------------------------------
Description: Security Update
HotFixID: KB958215
------------------------------------------
Description: Update
HotFixID: KB958481
------------------------------------------
Description: Update
HotFixID: KB958483
------------------------------------------
Description: Security Update
HotFixID: KB958623
------------------------------------------
Description: Security Update
HotFixID: KB958624
------------------------------------------
Description: Security Update
HotFixID: KB958644
------------------------------------------
Description: Security Update
HotFixID: KB958687
------------------------------------------
Description: Security Update
HotFixID: KB958690
------------------------------------------
Description: Security Update
HotFixID: KB958869
------------------------------------------
Description: Update
HotFixID: KB959108
------------------------------------------
Description: Update
HotFixID: KB959130
------------------------------------------
Description: Security Update
HotFixID: KB959426
------------------------------------------
Description: Update
HotFixID: KB959772
------------------------------------------
Description: Security Update
HotFixID: KB960225
------------------------------------------
Description: Update
HotFixID: KB960544
------------------------------------------
Description: Security Update
HotFixID: KB960714
------------------------------------------
Description: Security Update
HotFixID: KB960715
------------------------------------------
Description: Security Update
HotFixID: KB960803
------------------------------------------
Description: Security Update
HotFixID: KB961260
------------------------------------------
Description: Security Update
HotFixID: KB961371
------------------------------------------
Description: Security Update
HotFixID: KB961501
------------------------------------------
Description: Update
HotFixID: KB967632
------------------------------------------
Description: Security Update
HotFixID: KB967723
------------------------------------------
Description: Update
HotFixID: KB968389
------------------------------------------
Description: Security Update
HotFixID: KB968537
------------------------------------------
Description: Security Update
HotFixID: KB968816
------------------------------------------
Description: Security Update
HotFixID: KB969898
------------------------------------------
Description: Security Update
HotFixID: KB969947
------------------------------------------
Description: Security Update
HotFixID: KB970238
------------------------------------------
Description: Security Update
HotFixID: KB970430
------------------------------------------
Description: Update
HotFixID: KB970653
------------------------------------------
Description: Security Update
HotFixID: KB970710
------------------------------------------
Description: Security Update
HotFixID: KB971468
------------------------------------------
Description: Security Update
HotFixID: KB971486
------------------------------------------
Description: Security Update
HotFixID: KB971557
------------------------------------------
Description: Security Update
HotFixID: KB971657
------------------------------------------
Description: Update
HotFixID: KB971737
------------------------------------------
Description: Security Update
HotFixID: KB971961
------------------------------------------
Description: Update
HotFixID: KB972036
------------------------------------------
Description: Update
HotFixID: KB972145
------------------------------------------
Description: Security Update
HotFixID: KB972260
------------------------------------------
Description: Security Update
HotFixID: KB972270
------------------------------------------
Description: Security Update
HotFixID: KB973346
------------------------------------------
Description: Security Update
HotFixID: KB973507
------------------------------------------
Description: Security Update
HotFixID: KB973525
------------------------------------------
Description: Security Update
HotFixID: KB973540
------------------------------------------
Description: Security Update
HotFixID: KB973565
------------------------------------------
Description: Update
HotFixID: KB973687
------------------------------------------
Description: Update
HotFixID: KB973768
------------------------------------------
Description: Update
HotFixID: KB973917
------------------------------------------
Description: Security Update
HotFixID: KB974145
------------------------------------------
Description: Update
HotFixID: KB974306
------------------------------------------
Description: Security Update
HotFixID: KB974318
------------------------------------------
Description: Security Update
HotFixID: KB974455
------------------------------------------
Description: Security Update
HotFixID: KB974469
------------------------------------------
Description: Security Update
HotFixID: KB974470
------------------------------------------
Description: Security Update
HotFixID: KB974571
------------------------------------------
Description: Security Update
HotFixID: KB975467
------------------------------------------
Description: Security Update
HotFixID: KB975517
------------------------------------------
Description: Security Update
HotFixID: KB975560
------------------------------------------
Description: Security Update
HotFixID: KB975561
------------------------------------------
Description: Hotfix
HotFixID: KB975929
------------------------------------------
Description: Update
HotFixID: KB976098
------------------------------------------
Description: Update
HotFixID: KB976264
------------------------------------------
Description: Security Update
HotFixID: KB976325
------------------------------------------
Description: Update
HotFixID: KB976470
------------------------------------------
Description: Update
HotFixID: KB976749
------------------------------------------
Description: Security Update
HotFixID: KB976768
------------------------------------------
Description: Security Update
HotFixID: KB976772
------------------------------------------
Description: Security Update
HotFixID: KB977165
------------------------------------------
Description: Security Update
HotFixID: KB977816
------------------------------------------
Description: Update
HotFixID: KB978207
------------------------------------------
Description: Security Update
HotFixID: KB978251
------------------------------------------
Description: Security Update
HotFixID: KB978262
------------------------------------------
Description: Security Update
HotFixID: KB978338
------------------------------------------
Description: Security Update
HotFixID: KB978542
------------------------------------------
Description: Security Update
HotFixID: KB978601
------------------------------------------
Description: Security Update
HotFixID: KB978886
------------------------------------------
Description: Update
HotFixID: KB979099
------------------------------------------
Description: Update
HotFixID: KB979306
------------------------------------------
Description: Security Update
HotFixID: KB979309
------------------------------------------
Description: Security Update
HotFixID: KB979482
------------------------------------------
Description: Security Update
HotFixID: KB979559
------------------------------------------
Description: Security Update
HotFixID: KB979683
------------------------------------------
Description: Update
HotFixID: KB979899
------------------------------------------
Description: Security Update
HotFixID: KB979910
------------------------------------------
Description: Update
HotFixID: KB980182
------------------------------------------
Description: Security Update
HotFixID: KB980195
------------------------------------------
Description: Security Update
HotFixID: KB980218
------------------------------------------
Description: Security Update
HotFixID: KB980232
------------------------------------------
Description: Update
HotFixID: KB980248
------------------------------------------
Description: Security Update
HotFixID: KB980436
------------------------------------------
Description: Security Update
HotFixID: KB980842
------------------------------------------
Description: Security Update
HotFixID: KB981349
------------------------------------------
Description: Update
HotFixID: KB981793
------------------------------------------
Description: Security Update
HotFixID: KB981852
------------------------------------------
Description: Security Update
HotFixID: KB981997
------------------------------------------
Description: Security Update
HotFixID: KB982214
------------------------------------------
Description: Security Update
HotFixID: KB982381
------------------------------------------
Description: Update
HotFixID: KB982480
------------------------------------------
Description: Update
HotFixID: KB982519
------------------------------------------
Description: Security Update
HotFixID: KB982665
------------------------------------------
Description: Security Update
HotFixID: KB982799
------------------------------------------
Description: Security Update
HotFixID: KB983589
------------------------------------------
Description: Service Pack
HotFixID: KB948465
------------------------------------------
Description: Update
HotFixID: 940157
------------------------------------------


*************************************************************
************************* Event Log *************************
*************************************************************

Application - 8/14/2010 6:14:37 PM: Windows Installer reconfigured the product. Product Name: Greeting Card Factory Express Workshop. Product Version: 5.0.0.5. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:38 PM: Windows Installer reconfigured the product. Product Name: Microsoft .NET Framework 4 Client Profile. Product Version: 4.0.30319. Product Language: 0. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:38 PM: Windows Installer reconfigured the product. Product Name: Adobe Media Player. Product Version: 1.8. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:39 PM: Windows Installer reconfigured the product. Product Name: Adobe Reader 9.3. Product Version: 9.3.0. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:39 PM: Windows Installer reconfigured the product. Product Name: Windows Live ID Sign-in Assistant. Product Version: 6.500.3165.0. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:40 PM: Windows Installer reconfigured the product. Product Name: MSXML 4.0 SP2 (KB973688). Product Version: 4.20.9876.0. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:40 PM: Windows Installer reconfigured the product. Product Name: Sonic Creator Copy. Product Version: 3.5.0. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:40 PM: Windows Installer reconfigured the product. Product Name: D1400_Help. Product Version: 90.0.235.000. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:41 PM: Windows Installer reconfigured the product. Product Name: Roxio Activation Module. Product Version: 1.0. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:41 PM: Windows Installer reconfigured the product. Product Name: TrayApp. Product Version: 110.0.180.000. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Media Center - 6/16/2010 5:58:17 PM: Update::Run: Doesn't need to download package NetTV at 06/16/2010 17:58:17. Earliest next start time 06/17/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:17 PM: Update::Run: Doesn't need to download package MCESpotlight at 06/16/2010 17:58:17. Earliest next start time 06/18/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:17 PM: Update::Run: Doesn't need to download package SportsTemplate at 06/16/2010 17:58:17. Earliest next start time 06/17/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:40 PM: MCUpdate terminates at 06/16/2010 17:58:40.
------------------------------------------
Media Center - 6/16/2010 5:58:41 PM: Update::Run: Doesn't need to download package Directory Service at 06/16/2010 17:58:41. Earliest next start time 06/17/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:41 PM: Update::Run: Doesn't need to download package NetTV at 06/16/2010 17:58:41. Earliest next start time 06/17/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:41 PM: Update::Run: Doesn't need to download package MCESpotlight at 06/16/2010 17:58:41. Earliest next start time 06/18/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:41 PM: Update::Run: Doesn't need to download package SportsSchedule at 06/16/2010 17:58:41. Earliest next start time 06/17/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:41 PM: Update::Run: Doesn't need to download package SportsTemplate at 06/16/2010 17:58:41. Earliest next start time 06/17/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:59:03 PM: MCUpdate terminates at 06/16/2010 17:59:03.
------------------------------------------
Microsoft Office Diagnostics - 6/14/2010 8:03:08 PM: Office Diagnostics has determined that there is no evidence of repeated problems.
------------------------------------------
Microsoft Office Diagnostics - 6/14/2010 8:03:08 PM: Office Diagnostics is closing.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:39:26 PM: A crash has occurred. Office Diagnostics are running to determine whether there is evidence of repeated problems.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:39:26 PM: The default thresholds are being used.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:39:26 PM: Office Diagnostics has determined that there is no evidence of repeated problems.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:39:26 PM: Office Diagnostics is closing.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:40:03 PM: A crash has occurred. Office Diagnostics are running to determine whether there is evidence of repeated problems.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:40:03 PM: The default thresholds are being used.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:40:03 PM: Office Diagnostics has determined that there is no evidence of repeated problems.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:40:03 PM: Office Diagnostics is closing.
------------------------------------------
Microsoft Office Sessions - 8/2/2010 12:07:34 PM: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1005 seconds with 600 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/4/2010 2:49:39 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/6/2010 12:39:55 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/6/2010 1:17:23 PM: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 334 seconds with 240 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/10/2010 2:06:30 AM: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13945 seconds with 240 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/12/2010 3:27:22 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/12/2010 4:55:44 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/12/2010 5:29:30 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/12/2010 6:25:25 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/13/2010 1:36:07 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Security - 8/14/2010 5:21:10 PM: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: FAMILY$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-2686262384-4198757005-2905472078-1005
Account Name: Yessi
Account Domain: Family
Logon ID: 0x18b4d39
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0xbd4
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: FAMILY
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
------------------------------------------
Security - 8/14/2010 5:21:10 PM: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-2686262384-4198757005-2905472078-1005
Account Name: Yessi
Account Domain: Family
Logon ID: 0x18b4d2c

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
------------------------------------------
Security - 8/14/2010 5:21:14 PM: An account was logged off.

Subject:
Security ID: S-1-5-21-2686262384-4198757005-2905472078-1005
Account Name: Yessi
Account Domain: Family
Logon ID: 0x18b4d39

Logon Type: 2

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
------------------------------------------
Security - 8/14/2010 5:21:14 PM: An account was logged off.

Subject:
Security ID: S-1-5-21-2686262384-4198757005-2905472078-1005
Account Name: Yessi
Account Domain: Family
Logon ID: 0x18b4d2c

Logon Type: 2

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
------------------------------------------
Security - 8/14/2010 6:14:03 PM: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: FAMILY$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2d4
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
------------------------------------------
Security - 8/14/2010 6:14:03 PM: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: FAMILY$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2d4
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
------------------------------------------
Security - 8/14/2010 6:14:03 PM: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
------------------------------------------
Security - 8/14/2010 6:15:24 PM: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: FAMILY$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2d4
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
------------------------------------------
Security - 8/14/2010 6:15:24 PM: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: FAMILY$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2d4
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
------------------------------------------
Security - 8/14/2010 6:15:24 PM: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
------------------------------------------
System - 8/14/2010 12:00:52 PM: The system uptime is 3447 seconds.
------------------------------------------
System - 8/14/2010 12:17:49 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'WinHTTP Web Proxy Auto-Discovery Service', 'running'
------------------------------------------
System - 8/14/2010 12:18:07 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Windows Modules Installer', 'running'
------------------------------------------
System - 8/14/2010 12:28:07 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Windows Modules Installer', 'stopped'
------------------------------------------
System - 8/14/2010 12:34:19 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'WinHTTP Web Proxy Auto-Discovery Service', 'stopped'
------------------------------------------
System - 8/14/2010 2:37:05 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Windows Presentation Foundation Font Cache 3.0.0.0', 'running'
------------------------------------------
System - 8/14/2010 6:14:04 PM: The description for Event ID '-1073731795' in Source 'DCOM' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'MSIServer', '', '{000C101C-0000-0000-C000-000000000046}'
------------------------------------------
System - 8/14/2010 6:14:05 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Windows Installer', 'running'
------------------------------------------
System - 8/14/2010 6:15:25 PM: The description for Event ID '-1073731795' in Source 'DCOM' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'TrustedInstaller', '', '{752073A1-23F2-4396-85F0-8FDB879ED0ED}'
------------------------------------------
System - 8/14/2010 6:15:25 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Windows Modules Installer', 'running'
------------------------------------------


*************************************************************
**************** Windows Experience Index *******************
*************************************************************

CPU Score: 4.9
Disk Score: 5.7
Graphics Score: 3.3
Direct 3D Score: 3
Memory Score: 4.7
WEI Score: 3


*************************************************************
************************* Users *****************************
*************************************************************
------------------------------------------
Name: Adaya1996 Domain: Family
FullName: Adaya1996 Description:
Disabled: False
Status: OK
LocalAccount: True
PasswordChangeable: True
PasswordExpires: False
PasswordRequired: True
------------------------------------------
Name: Administrator Domain: Family
FullName: Description: Built-in account for administering the computer/domain
Disabled: True
Status: Degraded
LocalAccount: True
PasswordChangeable: True
PasswordExpires: False
PasswordRequired: True
------------------------------------------
Name: Elijah Domain: Family
FullName: Elijah Description:
Disabled: False
Status: OK
LocalAccount: True
PasswordChangeable: True
PasswordExpires: False
PasswordRequired: True
------------------------------------------
Name: Guest Domain: Family
FullName: Description: Built-in account for guest access to the computer/domain
Disabled: True
Status: Degraded
LocalAccount: True
PasswordChangeable: False
PasswordExpires: False
PasswordRequired: False
------------------------------------------
Name: Joshua Domain: Family
FullName: Joshua Description:
Disabled: False
Status: OK
LocalAccount: True
PasswordChangeable: True
PasswordExpires: False
PasswordRequired: True
------------------------------------------
Name: Yessi Domain: Family
FullName: Yessi Description:
Disabled: False
Status: OK
LocalAccount: True
PasswordChangeable: True
PasswordExpires: False
PasswordRequired: True
------------------------------------------


*************************************************************
************************** Memory ***************************
*************************************************************

------------------------------------------
Manufacturer: CE00000000000000
Model:
Name: Physical Memory
Bank Label: Bank0/1
Capacity: 1024 MB
Description: Physical Memory
Tag: Physical Memory 0
------------------------------------------
Manufacturer: CE00000000000000
Model:
Name: Physical Memory
Bank Label: Bank2/3
Capacity: 1024 MB
Description: Physical Memory
Tag: Physical Memory 1
------------------------------------------


*************************************************************
************************ Video Card *************************
*************************************************************

Brand: NVIDIA
Model: NVIDIA GeForce 7100 / NVIDIA nForce 630i
Adapter DAC Type: Integrated RAMDAC
Adapter RAM: 128 MB
Current BitsPerPixel: 32
Current Number Of Colors: 4294967296
Current Refresh Rate: 59
Driver Date: 05/22/2008 18:49:00
Driver Version: 7.15.11.7521
MaxRefreshRate: 75
MinRefreshRate: 50
Status: OK
Video Memory Type: 2
Video Mode Description: 1440 x 900 x 4294967296 colors
Video Processor: GeForce 7100 / NVIDIA nForce 630i


*************************************************************
************************** Drives ***************************
*************************************************************

Model: SAMSUNG HD501LJ ATA Device
Description: Disk drive
InterfaceType: IDE
Partitions: 2
SCSIBus: 0
SCSILogicalUnit: 0
SCSIPort: 2
SCSITargetId: 0
SectorsPerTrack: 63
Size: 466 GB
Status: OK
------------------------------------------
Model: Generic- Compact Flash USB Device
Description: Disk drive
InterfaceType: USB
Partitions: 0
SCSIBus:
SCSILogicalUnit:
SCSIPort:
SCSITargetId:
SectorsPerTrack:
Size: 0 GB
Status: OK
------------------------------------------
Model: Generic- MS/MS-Pro USB Device
Description: Disk drive
InterfaceType: USB
Partitions: 0
SCSIBus:
SCSILogicalUnit:
SCSIPort:
SCSITargetId:
SectorsPerTrack:
Size: 0 GB
Status: OK
------------------------------------------
Model: Generic- SD/MMC USB Device
Description: Disk drive
InterfaceType: USB
Partitions: 0
SCSIBus:
SCSILogicalUnit:
SCSIPort:
SCSITargetId:
SectorsPerTrack:
Size: 0 GB
Status: OK
------------------------------------------
Model: Generic- SM/xD-Picture USB Device
Description: Disk drive
InterfaceType: USB
Partitions: 0
SCSIBus:
SCSILogicalUnit:
SCSIPort:
SCSITargetId:
SectorsPerTrack:
Size: 0 GB
Status: OK
------------------------------------------


*************************************************************
************************ CD/DVD Rom *************************
*************************************************************

Name: TSSTcorp CDDVDW TS-H653N ATA Device
Description: CD-ROM Drive
LastErrorCode:
Manufacturer: (Standard CD-ROM drives)
Media Type: DVD Writer
------------------------------------------
Name: MagicISO Virtual DVD-ROM0000
Description: CD-ROM Drive
LastErrorCode:
Manufacturer: (Standard CD-ROM drives)
Media Type: DVD-ROM
------------------------------------------


*************************************************************
************************* IDE/SATA **************************
*************************************************************

------------------------------------------
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: Standard Dual Channel PCI IDE Controller
Last Error Code:
Status: OK
------------------------------------------
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: IDE Channel
Last Error Code:
Status: OK
------------------------------------------
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: IDE Channel
Last Error Code:
Status: OK
------------------------------------------
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: Standard Dual Channel PCI IDE Controller
Last Error Code:
Status: OK
------------------------------------------
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: IDE Channel
Last Error Code:
Status: OK
------------------------------------------
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: IDE Channel
Last Error Code:
Status: OK
------------------------------------------


*************************************************************
************************** Network **************************
*************************************************************


Windows IP Configuration

Host Name . . . . . . . . . . . . : Family
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1C-25-E7-1E-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, August 14, 2010 11:04:04 AM
Lease Expires . . . . . . . . . . : Wednesday, September 21, 2146 12:45:44 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled


*************************************************************
********************* Systerm Restore ***********************
*************************************************************

------------------------------------------
Description: Scheduled Checkpoint
Creation Time: 07/29/2010 05:54:18
SequenceNumber: 1215
------------------------------------------
Description: Windows Update
Creation Time: 07/29/2010 07:00:24
SequenceNumber: 1216
------------------------------------------
Description: Windows Update
Creation Time: 07/30/2010 03:47:02
SequenceNumber: 1217
------------------------------------------
Description: Windows Update
Creation Time: 07/30/2010 04:24:19
SequenceNumber: 1218
------------------------------------------
Description: Scheduled Checkpoint
Creation Time: 07/30/2010 19:52:00
SequenceNumber: 1219
------------------------------------------
Description: Windows Update
Creation Time: 07/31/2010 07:00:34
SequenceNumber: 1220
------------------------------------------
Description: Windows Update
Creation Time: 08/01/2010 07:12:17
SequenceNumber: 1221
------------------------------------------
Description: Windows Update
Creation Time: 08/02/2010 11:13:45
SequenceNumber: 1222
------------------------------------------
Description: Windows Update
Creation Time: 08/03/2010 05:54:45
SequenceNumber: 1223
------------------------------------------
Description: Windows Update
Creation Time: 08/03/2010 15:43:11
SequenceNumber: 1224
------------------------------------------
Description: Windows Update
Creation Time: 08/04/2010 15:12:49
SequenceNumber: 1225
------------------------------------------
Description: Windows Update
Creation Time: 08/05/2010 08:44:38
SequenceNumber: 1226
------------------------------------------
Description: Windows Update
Creation Time: 08/06/2010 08:13:15
SequenceNumber: 1227
------------------------------------------
Description: Windows Update
Creation Time: 08/06/2010 08:26:37
SequenceNumber: 1228
------------------------------------------
Description: Scheduled Checkpoint
Creation Time: 08/07/2010 05:21:18
SequenceNumber: 1229
------------------------------------------
Description: Windows Update
Creation Time: 08/07/2010 08:01:09
SequenceNumber: 1230
------------------------------------------
Description: Scheduled Checkpoint
Creation Time: 08/08/2010 03:53:15
SequenceNumber: 1231
------------------------------------------
Description: Windows Update
Creation Time: 08/08/2010 14:44:00
SequenceNumber: 1232
------------------------------------------
Description: Revo Uninstaller's restore point - My Web Search (Retrogamer)
Creation Time: 08/08/2010 16:12:50
SequenceNumber: 1233
------------------------------------------
Description: Windows Update
Creation Time: 08/09/2010 16:50:51
SequenceNumber: 1234
------------------------------------------
Description: Windows Update
Creation Time: 08/09/2010 17:12:30
SequenceNumber: 1235
------------------------------------------
Description: Windows Update
Creation Time: 08/10/2010 07:00:38
SequenceNumber: 1236
------------------------------------------
Description: Scheduled Checkpoint
Creation Time: 08/10/2010 22:23:33
SequenceNumber: 1237
------------------------------------------
Description: Windows Update
Creation Time: 08/11/2010 10:52:03
SequenceNumber: 1238
------------------------------------------
Description: Windows Update
Creation Time: 08/12/2010 19:14:09
SequenceNumber: 1239
------------------------------------------
Description: Windows Update
Creation Time: 08/12/2010 19:47:52
SequenceNumber: 1240
------------------------------------------
Description: Windows Update
Creation Time: 08/13/2010 00:09:23
SequenceNumber: 1241
------------------------------------------
Description: Windows Update
Creation Time: 08/13/2010 05:50:31
SequenceNumber: 1242
------------------------------------------
Description: Windows Update
Creation Time: 08/13/2010 15:49:27
SequenceNumber: 1243
------------------------------------------
Description: Windows Update
Creation Time: 08/13/2010 17:30:43
SequenceNumber: 1244
------------------------------------------
Description: Windows Update
Creation Time: 08/14/2010 07:00:36
SequenceNumber: 1245
------------------------------------------


*************************************************************
******************** Running Processes **********************
*************************************************************

------------------------------------------
Name: System Idle Process
------------------------------------------
Name: System
------------------------------------------
Name: smss.exe
------------------------------------------
Name: csrss.exe
------------------------------------------
Name: wininit.exe
------------------------------------------
Name: csrss.exe
------------------------------------------
Name: services.exe
------------------------------------------
Name: lsass.exe
------------------------------------------
Name: lsm.exe
------------------------------------------
Name: winlogon.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: nvvsvc.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: audiodg.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: SLsvc.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: rundll32.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: spoolsv.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: dwm.exe
------------------------------------------
Name: taskeng.exe
------------------------------------------
Name: BelkinService.exe
------------------------------------------
Name: explorer.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: AppleMobileDeviceService.exe
------------------------------------------
Name: taskeng.exe
------------------------------------------
Name: avp.exe
------------------------------------------
Name: mDNSResponder.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: LSSrvc.exe
------------------------------------------
Name: LVPrcSrv.exe
------------------------------------------
Name: McSACore.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: rundll32.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: ViewpointService.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: WLIDSVC.EXE
------------------------------------------
Name: SearchIndexer.exe
------------------------------------------
Name: XAudio.exe
------------------------------------------
Name: YahooAUService.exe
------------------------------------------
Name: SDWinSec.exe
------------------------------------------
Name: WUDFHost.exe
------------------------------------------
Name: WLIDSVCM.EXE
------------------------------------------
Name: MSASCui.exe
------------------------------------------
Name: RtHDVCpl.exe
------------------------------------------
Name: hpsysdrv.exe
------------------------------------------
Name: OSD.exe
------------------------------------------
Name: wpcumi.exe
------------------------------------------
Name: rundll32.exe
------------------------------------------
Name: GrooveMonitor.exe
------------------------------------------
Name: RoxWatchTray9.exe
------------------------------------------
Name: wmdc.exe
------------------------------------------
Name: jusched.exe
------------------------------------------
Name: avp.exe
------------------------------------------
Name: GoogleQuickSearchBox.exe
------------------------------------------
Name: sidebar.exe
------------------------------------------
Name: veohwebplayer.exe
------------------------------------------
Name: ehtray.exe
------------------------------------------
Name: Rainlendar2.exe
------------------------------------------
Name: ISUSPM.exe
------------------------------------------
Name: TeaTimer.exe
------------------------------------------
Name: Aston2.exe
------------------------------------------
Name: DesktopIconToy.exe
------------------------------------------
Name: GoogleToolbarNotifier.exe
------------------------------------------
Name: wmpnscfg.exe
------------------------------------------
Name: ehmsas.exe
------------------------------------------
Name: wmpnetwk.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: mobsync.exe
------------------------------------------
Name: HPHC_Service.exe
------------------------------------------
Name: wmplayer.exe
------------------------------------------
Name: jucheck.exe
------------------------------------------
Name: chrome.exe
------------------------------------------
Name: chrome.exe
------------------------------------------
Name: chrome.exe
------------------------------------------
Name: PresentationFontCache.exe
------------------------------------------
Name: wuauclt.exe
------------------------------------------
Name: chrome.exe
------------------------------------------
Name: firefox.exe
------------------------------------------
Name: klwtblfs.exe
------------------------------------------
Name: plugin-container.exe
------------------------------------------
Name: VistaForums SysInfo.exe
------------------------------------------
Name: WmiPrvSE.exe
------------------------------------------
Name: msiexec.exe
------------------------------------------
Name: TrustedInstaller.exe
------------------------------------------
Name: VSSVC.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: taskeng.exe
------------------------------------------

Originally Posted by felinaboricua21

I can't create the zip file. Is giving me an ERROR message.
It says:
File not found or no read permission.

Hello,

Thanks for that! Go back, and try to zip up the entire Minidump folder, and if that still doesn't work, we will change tack, and I will show you another method that works just as well.

It doesn't work either.

Hello,

We will change tack. Sorry to be pushy, but we need those files. Please copy all of the contents of C:\Windows\Minidump to your Desktop. Now try to zip them up, and upload, but if it still doesn't work, please read on.

Open up Start Orb > Documents and press the Alt key.

Now in the drop downs that most people never knew existed in Vista, select Tools > View tab > Uncheck "Hide extensions for known file types" > OK and go back to your desktop.

Please now rename all of those Minidump files from minidump****.dmp to minidump****.txt, and click Yes, you are sure you want to change the file extension.

Please do this to all of them, so that they open up meaningless symbols in Notepad, and the icon changes, and then upload them to all to your next post.

Once you have done this, you may switch off file extensions, so:

Open up Start Orb > Documents and press the Alt key.

Now in the drop downs that most people never knew existed in Vista, select Tools > View tab > Check "Hide extensions for known file types" > OK and go back to your desktop.

Richard

P.S. Any luck on the rest of the post? Don't worry though, all in good time.

Finally I was able to do it. Let me know if you can see it.
I'm going to work on the rest and I let you know as soon as I finish.

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4433

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/15/2010 1:45:57 PM
mbam-log-2010-08-15 (13-45-57).txt

Scan type: Quick scan
Objects scanned: 184470
Time elapsed: 15 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Joshua.Family\downloads\RetrogamerSetup2.3.69.8.RGman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Joshua.Family\downloads\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

Originally Posted by felinaboricua21

Finally I was able to do it. Let me know if you can see it.
I'm going to work on the rest and I let you know as soon as I finish.

Wonderful, it is all these lovely new Vista Security Features that cause the problems. Thanks for the rest, and I have already seen something important in the MBAM log.