Solved Vista Anti Virus 2012???

F

FORDSVTPARTS

Member
Ok, I know that this is a fake anti virus program but how do you remove it? I have started my computer in safe mode and ran four security/malware removers (MS security essentials, Malwarebytes, Ad-Aware, Spy Bot search and destroy) then i cleaned the computer and restarted normally. only one problem, it was still there... how do i remove this virus?
Firefox AND IE9 prompt me to get this antivirus program and if you click ANYWHERE it is an automatic YES button and it installs in the backround while you are browsing the web!!!
Any help would be greatly appriciated.
 

My Computer

System One

  • Manufacturer/Model
    HP pavilion a1224n
    CPU
    Pentium 4 3.6 GHz
    Motherboard
    ASUS
    Memory
    3 GB
    Graphics Card(s)
    ATi Radeon
    Sound Card
    None
    Monitor(s) Displays
    HP L1706
Hello FORDSVTPARTS and welcome to the forums :party:

As much as I would love to help you remove this infection, I am currently doing a malware removal course and I am not allowed to assist with malware removal during my studying.

Just to help speed things up, I would recommend that you post all of the logs of the things you've scanned your computer with (AV software, malwarebytes and any online scanners, such as the ESET Online Scanner). This will help others understand your problem better and will hopefully allow us to clean you up faster

I would also suggest that you clear out your temp files:

  • Download TFC (By OldTimer), to your desktop.
  • Save any open documents, then close any active programs/windows
  • Right click on the file, and select Run As Administrator
  • When it opens, click Start to being the process
  • A reboot is required upon completion of this, if this is not done by TFC then do so manually

I'm sorry I cannot be of further assistance to you, but rules are rules :( Have you tried any removal tools?

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Thank you, i will try more removal tools and see if that fixes it...
 

My Computer

System One

  • Manufacturer/Model
    HP pavilion a1224n
    CPU
    Pentium 4 3.6 GHz
    Motherboard
    ASUS
    Memory
    3 GB
    Graphics Card(s)
    ATi Radeon
    Sound Card
    None
    Monitor(s) Displays
    HP L1706
If you have a restore point from before this problem started I recommend you use it immediately. In my experience this is the best solution for removing viruses/malware. It's basically guaranteed to work and you don't have to mess around with different programs, trying to remove them. http://www.vistax64.com/tutorials/76905-system-restore-how.html
 

My Computer

System One

  • Manufacturer/Model
    Dell Inspiron 1545
    CPU
    Intel Core 2 Duo T6400 @ 2.00 GHz
    Motherboard
    DELL - 27d90219 Phoenix ROM BIOS PLUS Version 1.10 A05
    Memory
    4 GB
    Graphics Card(s)
    Mobile Intel(R) 4 Series Express Chipset Family
    Sound Card
    IDT High Definition Audio CODEC
    Monitor(s) Displays
    Generic PnP Monitor (DPMS), 15.3" (34cm x 19cm)
    Screen Resolution
    1366x768
    Hard Drives
    Internal 320 GB
    Portable 320 GB used for separate storage of media, plugged into USB port as needed.
    Cooling
    Single built in fan
    Keyboard
    Built in
    Mouse
    Touchpad, + Logitech wireless mouse (USB)
    Internet Speed
    ~150 kilobytes/sec DL
    Other Info
    Usually have low HD free space left (<10 GB), often left on overnight. I really push its capabilities.
Slammer said:
If you have a restore point from before this problem started I recommend you use it immediately. In my experience this is the best solution for removing viruses/malware. It's basically guaranteed to work and you don't have to mess around with different programs, trying to remove them. http://www.vistax64.com/tutorials/76905-system-restore-how.html
Click to expand...

Unless you're sure that your restore points are clean, do not use them. If they have been made during the time you have been infected, they will be infected and using them wont help in the slightest.


Let me give you a scenario, say you're infected with a new rootkit and have been for a few months which has no easily visible symptoms but is silently giving remote access to your files and keystrokes, then you get this Vista Anti Virus 2012.

If you do a system restore to before you got the Vista Anti Virus 2012, you may still have the underlying infection - the aforementioned rootkit. But you think your infection is gone because the symptoms of Vista Home Security 2012 have gone, so you use your computer thinking its clean. This could lead to bank passwords and other login credentials being stolen because the user is using online banking etc. thinking that they are safe

I'm not saying that you have underlying infections! I'm just trying to explain my thoughts

Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Oh very true. I should probably start putting a warning like that up when I recommend people do that... Hadn't even thought about that leading to stolen personal info.
 

My Computer

System One

  • Manufacturer/Model
    Dell Inspiron 1545
    CPU
    Intel Core 2 Duo T6400 @ 2.00 GHz
    Motherboard
    DELL - 27d90219 Phoenix ROM BIOS PLUS Version 1.10 A05
    Memory
    4 GB
    Graphics Card(s)
    Mobile Intel(R) 4 Series Express Chipset Family
    Sound Card
    IDT High Definition Audio CODEC
    Monitor(s) Displays
    Generic PnP Monitor (DPMS), 15.3" (34cm x 19cm)
    Screen Resolution
    1366x768
    Hard Drives
    Internal 320 GB
    Portable 320 GB used for separate storage of media, plugged into USB port as needed.
    Cooling
    Single built in fan
    Keyboard
    Built in
    Mouse
    Touchpad, + Logitech wireless mouse (USB)
    Internet Speed
    ~150 kilobytes/sec DL
    Other Info
    Usually have low HD free space left (<10 GB), often left on overnight. I really push its capabilities.
Its unlikely, but you never know. You can never be too careful when malware is at stake :)
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
I restored to a whole couple of months before i even KNEW of this virus... and it worked just fine!
CASE SOLVED
 

My Computer

System One

  • Manufacturer/Model
    HP pavilion a1224n
    CPU
    Pentium 4 3.6 GHz
    Motherboard
    ASUS
    Memory
    3 GB
    Graphics Card(s)
    ATi Radeon
    Sound Card
    None
    Monitor(s) Displays
    HP L1706
Awesome, I'm glad to hear it was that easy :)
 

My Computer

System One

  • Manufacturer/Model
    Dell Inspiron 1545
    CPU
    Intel Core 2 Duo T6400 @ 2.00 GHz
    Motherboard
    DELL - 27d90219 Phoenix ROM BIOS PLUS Version 1.10 A05
    Memory
    4 GB
    Graphics Card(s)
    Mobile Intel(R) 4 Series Express Chipset Family
    Sound Card
    IDT High Definition Audio CODEC
    Monitor(s) Displays
    Generic PnP Monitor (DPMS), 15.3" (34cm x 19cm)
    Screen Resolution
    1366x768
    Hard Drives
    Internal 320 GB
    Portable 320 GB used for separate storage of media, plugged into USB port as needed.
    Cooling
    Single built in fan
    Keyboard
    Built in
    Mouse
    Touchpad, + Logitech wireless mouse (USB)
    Internet Speed
    ~150 kilobytes/sec DL
    Other Info
    Usually have low HD free space left (<10 GB), often left on overnight. I really push its capabilities.
Glad to hear it all worked out for you :) Let's just make sure its all gone.

Can you do the following for me please?

OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles


Although I cannot help you remove any traces of any malware, I will be able to tell you whether you are still infected

tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
For some reason i cannot get this program to work... It is giving all sorts of Please insert a disk into Drive [A:] when i have yet to get Drive [A:] working on my computer!
 

My Computer

System One

  • Manufacturer/Model
    HP pavilion a1224n
    CPU
    Pentium 4 3.6 GHz
    Motherboard
    ASUS
    Memory
    3 GB
    Graphics Card(s)
    ATi Radeon
    Sound Card
    None
    Monitor(s) Displays
    HP L1706
I've never heard of anything like that with OTL :confused:

Try this then:

RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.

Make sure that RSIT.exe is on the your Desktop before running the application!

Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please attach both log.txt and info.txt with your next post for me to analyse


Tom
 

My Computer

System One

  • Manufacturer/Model
    Build #1
    CPU
    Intel Core i7 3770K @4.4GHz
    Motherboard
    ASUS P8Z77-V PRO
    Memory
    Corsair Vengeance 2x4GB DDR3 1600MHz Low Profile (White)
    Graphics Card(s)
    Gigabyte Radeon HD 7850 (2GB GDDR5)
    Sound Card
    Integrated on motherboard
    Monitor(s) Displays
    23" LG LCD/LED IPS
    Screen Resolution
    1920*1080
    Hard Drives
    Samsung EVO 128GB SSD
    Seagate Barracuda 2TB 7200rpm
    2x500GB Seagate FreeAgent 5400rpm
    PSU
    Corsair TX650W V2 (80+ Bronze)
    Case
    NZXT Phantom 410
    Cooling
    Corsair H100 Water Cooler, 1x140mm and 1x120mm stock fans
    Keyboard
    Microsoft Desktop 2000 Wireless Keyboard
    Mouse
    Microsoft Desktop 2000 Wireless Mouse
    Internet Speed
    95 Mb/s Download 70 Mb/s Upload
Log.txt
Code: 
Logfile of random's system information tool 1.09 (written by 
random/random)

 
Run by Jake at 2011-08-09 17:53:56

 
Microsoft® Windows Vista™ Home Premium  Service Pack 2

 
System drive C: has 92 GB (51%) free of 183 GB

 
Total RAM: 2935 MB (68% free)

 
Logfile of Trend Micro HijackThis v2.0.4

 
Scan saved at 5:54:36 PM, on 8/9/2011

 
Platform: Windows Vista SP2 (WinNT 6.00.1906)

 
MSIE: Internet Explorer v9.00 (9.00.8112.16421)

 
Boot mode: Normal

 
Running processes:

 
C:\Windows\system32\Dwm.exe

 
C:\Windows\Explorer.EXE

 
C:\Windows\system32\taskeng.exe

 
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

 
C:\Program Files\iTunes\iTunesHelper.exe

 
C:\Windows\System32\wpcumi.exe

 
C:\Program Files\Microsoft Security Client\msseces.exe

 
C:\Windows\ehome\ehtray.exe

 
C:\Program Files\Steam\Steam.exe

 
C:\Program Files\uTorrent\uTorrent.exe

 
C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe

 
C:\Program Files\Windows Media Player\wmpnscfg.exe

 
C:\Windows\ehome\ehmsas.exe

 
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe

 
C:\Windows\system32\SearchFilterHost.exe

 
C:\Users\Jake\Desktop\RSIT.exe

 
C:\Program Files\trend micro\Jake.exe

 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]

 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]

 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]

 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]

 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]

 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet 
Settings,ProxyOverride = *.local

 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

 
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe

 
O1 - Hosts: ::1 localhost

 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - 
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

 
O2 - BHO: Windows Live ID Sign-in Helper - 
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft 
Shared\Windows Live\WindowsLiveLogin.dll

 
O2 - BHO: Windows Live Messenger Companion Helper - 
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows 
Live\Companion\companioncore.dll

 
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
"C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

 
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - 
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program 
Files\Java\jre6\bin\jp2ssv.dll

 
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program 
Files\Microsoft\BingBar\BingExt.dll" (file missing)

 
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows 
Defender\MSASCui.exe -hide

 
O4 - HKLM\..\Run: [SMSERIAL] C:\Program 
Files\Motorola\SMSERIAL\sm56hlpr.exe

 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" 
-atboottime

 
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program 
Files\iTunes\iTunesHelper.exe"

 
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

 
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security 
Client\msseces.exe" -hide -runkey

 
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common 
Files\Adobe\ARM\1.0\AdobeARM.exe"

 
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

 
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent

 
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"  
/MINIMIZED

 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows 
Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

 
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe 
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows 
Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

 
O4 - Startup: Dropbox.lnk = 
C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe

 
O8 - Extra context menu item: Free YouTube Download - 
C:\Users\Jake\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

 
O8 - Extra context menu item: Free YouTube to MP3 Converter - 
C:\Users\Jake\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

 
O9 - Extra button: @C:\Program Files\Windows 
Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - 
C:\Program Files\Windows Live\Companion\companioncore.dll

 
O9 - Extra button: @C:\Program Files\Windows 
Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - 
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows 
Live\Writer\WriterBrowserExtension.dll

 
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows 
Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - 
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows 
Live\Writer\WriterBrowserExtension.dll

 
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

 
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

 
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

 
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

 
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

 
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

 
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

 
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

 
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

 
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - 
[URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL]

 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [URL]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/URL]

 
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program 
Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

 
O22 - SharedTaskScheduler: Component Categories cache daemon - 
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

 
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems 
Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

 
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common 
Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

 
O23 - Service: Bonjour Service - Apple Inc. - C:\Program 
Files\Bonjour\mDNSResponder.exe

 
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - 
C:\Program Files\Google\Update\GoogleUpdate.exe

 
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - 
C:\Program Files\Google\Update\GoogleUpdate.exe

 
O23 - Service: iPod Service - Apple Inc. - C:\Program 
Files\iPod\bin\iPodService.exe

 
O23 - Service: Steam Client Service - Valve Corporation - C:\Program 
Files\Common Files\Steam\SteamService.exe

 
--

 
End of file - 6887 bytes

 
======Scheduled tasks folder======

 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

 
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

 
=========Mozilla firefox=========

 
ProfilePath - 
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6xo7hmmr.default

 
prefs.js - "browser.startup.homepage" -  "[URL="http://www.google.com""{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows"]http://www.google.com"[/URL]
[URL="http://www.google.com""{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows"]
 
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows
[/URL]
 
 Presentation Foundation\DotNetAssistantExtension\

 
 

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

 
"Description"=Adobe® Flash® Player 10.1 Plugin

 
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

 
"Description"=Adobe Shockwave Player

 
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

 
"Description"=iTunes Detector Plug-in

 
"Path"=

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

 
"Description"=

 
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

 
"Description"=Google Earth in your browser

 
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]

 
"Description"=Oracle® Next Generation Java™ Plug-In

 
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

 
"Description"=Ag Player Plugin

 
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]

 
"Description"=WLPG Install MIME type

 
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]

 
"Description"=WLPG Install MIME type

 
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]

 
"Description"=WLPG Install MIME type

 
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

 
"Description"=Windows Presentation Foundation plug-in for Mozilla 
browsers

 
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation 
Foundation\NPWPF.dll

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google 
Update;version=3]

 
"Description"=Google Update

 
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google 
Update;version=9]

 
"Description"=Google Update

 
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll

 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

 
"Description"=Handles PDFs in-place in Firefox

 
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

 
C:\Program Files\Mozilla Firefox\extensions\

 
{972ce4c6-7e08-4474-a285-3208198ce6fd}

 
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

 
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

 
C:\Program Files\Mozilla Firefox\components\

 
binary.manifest

 
browsercomps.dll

 
nsIQTScriptablePlugin.xpt

 
C:\Program Files\Mozilla Firefox\searchplugins\

 
amazondotcom.xml

 
bing.xml

 
eBay.xml

 
google.xml

 
wikipedia.xml

 
yahoo.xml

 
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6xo7hmmr.default\extensions\

 
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

 
======Registry dump======

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser 
Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

 
Adobe PDF Link Helper - C:\Program Files\Common 
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser 
Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

 
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft 
Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser 
Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

 
Windows Live Messenger Companion Helper - C:\Program Files\Windows 
Live\Companion\companioncore.dll [2011-05-13 393600]

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser 
Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]

 
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28 
1089288]

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser 
Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

 
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
[2011-04-07 41760]

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

 
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program 
Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

 
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 
1008184]

 
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-10-26 
1458176]

 
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 
421888]

 
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-03-07 
421160]

 
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]

 
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 
997920]

 
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
[2011-06-06 937920]

 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

 
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]

 
"Steam"=C:\Program Files\Steam\Steam.exe [2011-08-01 1242448]

 
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-06-23 639352]

 
[HKEY_LOCAL_MACHINE\software\microsoft\shared 
tools\msconfig\startupfolder\C:^Users^Jake^AppData^Roaming^Microsoft^Windows^Start 
Menu^Programs^Startup^Shrink Pic.lnk]

 
C:\PROGRA~1\SHRINK~1\SHRINK~1.EXE []

 
C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start 
Menu\Programs\Startup

 
Dropbox.lnk - C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

 
"LogonHoursAction"=2

 
"DontDisplayLogonHoursWarnings"=1

 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

 
"dontdisplaylastusername"=0

 
"legalnoticecaption"=

 
"legalnoticetext"=

 
"shutdownwithoutlogon"=1

 
"undockwithoutlogon"=1

 
"EnableUIADesktopToggle"=0

 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

 
"NoDriveTypeAutoRun"=145

 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

 
"BindDirectlyToPropertySetStorage"=0

 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows 
NT\CurrentVersion\Drivers32]

 
"vidc.mrle"=msrle32.dll

 
"vidc.msvc"=msvidc32.dll

 
"msacm.imaadpcm"=imaadp32.acm

 
"msacm.msg711"=msg711.acm

 
"msacm.msgsm610"=msgsm32.acm

 
"msacm.msadpcm"=msadp32.acm

 
"midimapper"=midimap.dll

 
"wavemapper"=msacm32.drv

 
"vidc.uyvy"=msyuv.dll

 
"vidc.yuy2"=msyuv.dll

 
"vidc.yvyu"=msyuv.dll

 
"vidc.iyuv"=iyuv_32.dll

 
"vidc.i420"=iyuv_32.dll

 
"vidc.yvu9"=tsbyuv.dll

 
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

 
"vidc.cvid"=iccvid.dll

 
"wave1"=serwvdrv.dll

 
"wave"=wdmaud.drv

 
"midi"=wdmaud.drv

 
"mixer"=wdmaud.drv

 
"aux"=wdmaud.drv

 
"msacm.siren"=sirenacm.dll

 
======File associations======

 
.js - edit - C:\Windows\System32\Notepad.exe %1

 
.js - open - C:\Windows\System32\WScript.exe "%1" %*

 
======List of files/folders created in the last 1 month======

 
2011-08-09 17:53:57 ----D---- C:\Program Files\trend micro

 
2011-08-09 17:53:56 ----D---- C:\rsit

 
2011-08-09 17:13:36 ----D---- C:\Program Files\AMD APP

 
2011-08-09 17:13:17 ----D---- C:\Program Files\ATI Technologies

 
2011-08-09 17:13:14 ----D---- C:\Program Files\ATI

 
2011-08-09 17:11:27 ----D---- C:\ATI

 
2011-08-09 12:55:32 ----D---- C:\Program Files\Common Files\InstallShield

 
2011-08-09 12:55:22 ----A---- C:\Windows\CoDUO.INI

 
2011-08-09 12:47:59 ----D---- C:\Program Files\Call of Duty

 
2011-08-09 12:46:55 ----A---- C:\Windows\CoD.INI

 
2011-08-09 10:16:07 ----D---- C:\Program Files\Microsoft Synchronization 
Services

 
2011-08-09 10:02:45 ----D---- C:\Users\Jake\AppData\Roaming\Windows Live 
Writer

 
2011-08-09 09:21:53 ----D---- C:\Windows\en

 
2011-08-09 09:12:32 ----D---- C:\Users\Jake\AppData\Roaming\inkscape

 
2011-08-08 21:22:22 ----A---- C:\Windows\ntbtlog.txt

 
2011-08-08 13:09:06 ----A---- C:\Windows\Operation.ini

 
2011-08-08 13:09:00 ----D---- C:\Program Files\Hasbro Interactive

 
2011-08-08 13:08:51 ----A---- C:\Windows\uninst.exe

 
2011-08-07 22:47:11 ----D---- C:\Users\Jake\AppData\Roaming\Real

 
2011-08-07 08:44:15 ----A---- C:\Windows\system32\imageres.dll

 
2011-08-07 08:43:31 ----D---- C:\ProgramData\Stardock

 
2011-08-07 08:43:13 ----D---- C:\Program Files\Stardock

 
2011-08-02 14:10:03 ----ASH---- C:\pagefile.sys

 
2011-07-25 19:48:45 ----D---- C:\Program Files\Common Files\Adobe

 
2011-07-25 19:46:04 ----D---- C:\Windows\system32\Adobe

 
2011-07-25 19:44:56 ----D---- C:\Program Files\Adobe

 
2011-07-25 19:44:54 ----D---- C:\Program Files\Common Files\Adobe AIR

 
2011-07-24 18:27:50 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys

 
2011-07-24 18:27:42 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys

 
2011-07-12 14:18:49 ----A---- C:\Windows\system32\win32k.sys

 
2011-07-12 14:18:47 ----A---- C:\Windows\system32\kernel32.dll

 
2011-07-12 14:18:45 ----A---- C:\Windows\system32\winsrv.dll

 
2011-07-12 14:18:45 ----A---- C:\Windows\system32\csrsrv.dll

 
2011-07-11 11:16:05 ----ASH---- C:\hiberfil.sys

 
======List of files/folders modified in the last 1 month======

 
2011-08-09 17:54:33 ----D---- C:\Windows\Temp

 
2011-08-09 17:54:09 ----D---- C:\Windows\Prefetch

 
2011-08-09 17:53:57 ----RD---- C:\Program Files

 
2011-08-09 17:52:30 ----D---- C:\Users\Jake\AppData\Roaming\uTorrent

 
2011-08-09 17:38:20 ----D---- C:\Windows\System32

 
2011-08-09 17:38:20 ----A---- C:\Windows\system32\PerfStringBackup.INI

 
2011-08-09 17:33:08 ----D---- C:\Users\Jake\AppData\Roaming\Dropbox

 
2011-08-09 17:32:56 ----D---- C:\Program Files\Steam

 
2011-08-09 17:31:40 ----D---- C:\Windows\system32\catroot2

 
2011-08-09 17:13:39 ----SHD---- C:\Windows\Installer

 
2011-08-09 17:13:38 ----SHD---- C:\Config.Msi

 
2011-08-09 15:54:16 ----SHD---- C:\System Volume Information

 
2011-08-09 13:21:38 ----SD---- C:\ProgramData\Microsoft

 
2011-08-09 13:09:46 ----D---- C:\Program Files\InstallShield Installation 
Information

 
2011-08-09 12:55:32 ----D---- C:\Program Files\Common Files

 
2011-08-09 12:55:22 ----D---- C:\Windows

 
2011-08-09 10:16:16 ----D---- C:\Windows\winsxs

 
2011-08-09 10:16:10 ----RSD---- C:\Windows\assembly

 
2011-08-09 10:16:06 ----D---- C:\Program Files\Microsoft SQL Server Compact 
Edition

 
2011-08-09 09:28:45 ----D---- C:\Windows\Microsoft.NET

 
2011-08-09 09:17:59 ----D---- C:\Program Files\Windows Live

 
2011-08-09 09:17:12 ----D---- C:\Program Files\Common Files\microsoft 
shared

 
2011-08-08 14:48:14 ----SD---- C:\Users\Jake\AppData\Roaming\Microsoft

 
2011-08-07 22:11:10 ----D---- C:\Windows\Branding

 
2011-08-07 19:41:02 ----D---- C:\Windows\pss

 
2011-08-07 08:46:01 ----D---- C:\Windows\Debug

 
2011-08-07 08:43:31 ----HD---- C:\ProgramData

 
2011-08-05 19:41:45 ----D---- C:\Program Files\Common Files\Steam

 
2011-07-25 19:48:49 ----D---- C:\ProgramData\Adobe

 
2011-07-25 19:45:10 ----D---- C:\Users\Jake\AppData\Roaming\Adobe

 
2011-07-24 18:28:01 ----DC---- C:\Windows\system32\DRVSTORE

 
2011-07-24 18:27:50 ----D---- C:\Windows\system32\drivers

 
2011-07-24 18:27:50 ----D---- C:\Windows\system32\catroot

 
2011-07-24 18:27:49 ----D---- C:\Windows\inf

 
2011-07-13 03:01:32 ----A---- C:\Windows\system32\mrt.exe

 
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 
3=Demand, 4=Disabled)======

 
R1 MpFilter;Microsoft Malware Protection Driver; 
C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]

 
R1 MpKslc634ad3a;MpKslc634ad3a; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{940BF723-E394-4D95-BD50-951F7176B414}\MpKslc634ad3a.sys [2011-08-09 
28752]

 
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys 
[2011-07-19 158000]

 
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; 
C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2011-07-19 93488]

 
R3 ati2mtag;ati2mtag; C:\Windows\system32\DRIVERS\ati2mtag.sys [2006-11-02 
1523200]

 
R3 GEARAspiWDM;GEAR ASPI Filter Driver; 
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

 
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition 
Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]

 
R3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02 
1302492]

 
R3 MpNWMon;Microsoft Malware Protection Network Driver; 
C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

 
R3 NisDrv;Microsoft Network Inspection System; 
C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

 
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; 
C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-10-29 43520]

 
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 
83328]

 
S1 MpKsl0c78b795;MpKsl0c78b795; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{4B63F5DD-D772-4425-A978-FED6EFC7936D}\MpKsl0c78b795.sys []

 
S1 MpKsl2c6dcf1a;MpKsl2c6dcf1a; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{3F34AFE7-0A37-4C4B-A850-4D7EBDEB55A4}\MpKsl2c6dcf1a.sys []

 
S1 MpKsl2cc9f108;MpKsl2cc9f108; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{496CDFED-D8EE-4593-B9BC-62A472EFB8FD}\MpKsl2cc9f108.sys []

 
S1 MpKsl323ad76a;MpKsl323ad76a; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{21046753-5124-4A4D-AA17-439A9ABBCECA}\MpKsl323ad76a.sys []

 
S1 MpKsl3f1750e2;MpKsl3f1750e2; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{348960E3-20CF-4964-BD8E-436C0CDD9A3A}\MpKsl3f1750e2.sys []

 
S1 MpKsl501f013b;MpKsl501f013b; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{E5714DE8-996D-46B7-B3E5-E6F07697A54A}\MpKsl501f013b.sys []

 
S1 MpKsl5c31dce0;MpKsl5c31dce0; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{F94532FB-44D0-4A2D-BE24-3F70D9F02156}\MpKsl5c31dce0.sys []

 
S1 MpKsl6f21a356;MpKsl6f21a356; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{EFF98E8A-72AE-41F4-B86F-1407D8FD8A0D}\MpKsl6f21a356.sys []

 
S1 MpKsl7a8b8d21;MpKsl7a8b8d21; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{9AE2367B-0E74-4B06-B1D2-3DD1322C27E0}\MpKsl7a8b8d21.sys []

 
S1 MpKsl9233928e;MpKsl9233928e; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{F94532FB-44D0-4A2D-BE24-3F70D9F02156}\MpKsl9233928e.sys []

 
S1 MpKsl9d22f8ca;MpKsl9d22f8ca; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{313A7A11-5E2D-4F1E-B81D-31646E61001D}\MpKsl9d22f8ca.sys []

 
S1 MpKsla4f8b431;MpKsla4f8b431; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{313A7A11-5E2D-4F1E-B81D-31646E61001D}\MpKsla4f8b431.sys []

 
S1 MpKsla54878d9;MpKsla54878d9; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{313A7A11-5E2D-4F1E-B81D-31646E61001D}\MpKsla54878d9.sys []

 
S1 MpKslaa30deb9;MpKslaa30deb9; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{F94532FB-44D0-4A2D-BE24-3F70D9F02156}\MpKslaa30deb9.sys []

 
S1 MpKslae89c86c;MpKslae89c86c; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{D666D9F1-F0E7-4328-9B2C-A25F47690CFF}\MpKslae89c86c.sys []

 
S1 MpKslb8a61aec;MpKslb8a61aec; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{496CDFED-D8EE-4593-B9BC-62A472EFB8FD}\MpKslb8a61aec.sys []

 
S1 MpKsld46c0b73;MpKsld46c0b73; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{51B7CF04-8E50-413E-9676-BC90917F5AD5}\MpKsld46c0b73.sys []

 
S1 MpKsldf583e1e;MpKsldf583e1e; \??\c:\ProgramData\Microsoft\Microsoft 
Antimalware\Definition 
Updates\{313A7A11-5E2D-4F1E-B81D-31646E61001D}\MpKsldf583e1e.sys []

 
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; 
C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]

 
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 
39272]

 
S3 MODEMCSA;Unimodem Streaming Filter Device; 
C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-20 18432]

 
S3 MSKSSRV;Microsoft Streaming Service Proxy; 
C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]

 
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; 
C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]

 
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; 
C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]

 
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; 
C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]

 
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-10-26 
1095936]

 
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys 
[2011-02-18 41984]

 
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 
[2011-04-21 122224]

 
S3 WinRing0_1_2_0;WinRing0_1_2_0; 
\??\C:\Users\Jake\AppData\Local\Temp\tmp9CD1.tmp []

 
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 
40448]

 
S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19 
170000]

 
S4 ErrDev;Microsoft Hardware Error Device Driver; 
C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]

 
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 
386616]

 
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys 
[2007-12-08 131616]

 
S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-12-08 
140320]

 
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 
3=Demand, 4=Disabled)======

 
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common 
Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

 
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common 
Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 
37664]

 
R2 Bonjour Service;Bonjour Service; C:\Program 
Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]

 
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; 
C:\Windows\system32\svchost.exe [2008-01-20 21504]

 
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security 
Client\Antimalware\MsMpEng.exe [2011-04-27 11736]

 
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\BingBar\SeaPort.EXE 
[2011-02-25 249648]

 
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common 
Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]

 
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe 
[2011-03-07 820520]

 
R3 NisSrv;@c:\Program Files\Microsoft Security 
Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security 
Client\Antimalware\NisSrv.exe [2011-04-27 208944]

 
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common 
Files\Steam\SteamService.exe [2011-08-02 411432]

 
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN 
v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 
[2010-03-18 130384]

 
S2 gupdate;Google Update Service (gupdate); C:\Program 
Files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]

 
S3 BBSvc;Bing Bar Update Service; C:\Program 
Files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

 
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows 
Live\Family Safety\fsssvc.exe [2011-05-13 1492840]

 
S3 gupdatem;Google Update Service (gupdatem); C:\Program 
Files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]

 
S3 
WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; 
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 
[2010-03-18 753504]

 
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program 
Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

 
-----------------EOF-----------------

 
info.txt

 
info.txt logfile of random's system information tool 1.09 2011-08-09 
17:54:39

 
======Uninstall list======

 
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL

 
Adobe AIR-->c:\Program Files\Common Files\Adobe 
AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

 
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}

 
Adobe Flash Player 10 
ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe 
-maintain activex

 
Adobe Flash Player 10 
Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe -maintain 
plugin

 
Adobe Reader X (10.1.0)-->MsiExec.exe 
/I{AC76BA86-7AD7-1033-7B44-AA1000000001}

 
Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 
11\uninstaller.exe"

 
Advanced Uninstaller PRO 2006 - version 7-->"C:\Program Files\Innovative 
Solutions\Advanced Uninstaller PRO 2006 version 7\unins000.exe"

 
AMD APP SDK Runtime-->MsiExec.exe 
/I{A25FF1C0-80B6-4B8B-A551-DC525697A408}

 
Apple Application Support-->MsiExec.exe 
/I{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}

 
Apple Mobile Device Support-->MsiExec.exe 
/I{CACAEB5F-174D-4C7C-AC56-A33289A807CA}

 
Apple Software Update-->MsiExec.exe 
/I{C41300B9-185D-475E-BFEC-39EF732F19B1}

 
ATI Catalyst Install Manager-->msiexec 
/q/x{11661616-6C82-1CA6-874A-2C7A5A7BF72C} REBOOT=ReallySuppress

 
Bing Bar-->MsiExec.exe /X{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}

 
Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8}

 
Call of Duty - United 
Offensive-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe 
/M{A662E280-64A8-4CF5-8407-13D0808602B3} 

 
Call of Duty-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u 
C:\PROGRA~1\CALLOF~1\Uninstall\Install.log

 
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

 
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

 
DiRT 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12840

 
Family Tree Maker 2008-->C:\Program Files\InstallShield Installation 
Information\{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}\setup.exe -runfromtemp 
-l0x0409

 
Free Studio version 5.0.8-->"C:\Program Files\DVDVideoSoft\Free 
Studio\unins000.exe"

 
Geekbench 2.1-->C:\Program Files\Geekbench 2.1\uninstall.exe

 
GIMP 2.6.11-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"

 
Google Earth-->MsiExec.exe /X{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}

 
Google Update Helper-->MsiExec.exe 
/I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

 
Hotfix for Microsoft .NET Framework 3.5 SP1 
(KB953595)-->C:\Windows\system32\msiexec.exe /package 
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

 
Hotfix for Microsoft .NET Framework 3.5 SP1 
(KB958484)-->C:\Windows\system32\msiexec.exe /package 
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall 
{A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

 
InfraRecorder-->"C:\Program Files\InfraRecorder\uninstall.exe"

 
Inkscape 0.48.1 -->C:\Program Files\Inkscape\Uninstall.exe

 
iTunes-->MsiExec.exe /I{2A697B53-0DE3-42DA-B41D-C3F804B1C538}

 
Java(TM) 6 Update 13-->MsiExec.exe 
/X{26A24AE4-039D-4CA4-87B4-2F83216013F0}

 
Java(TM) 6 Update 24-->MsiExec.exe 
/X{26A24AE4-039D-4CA4-87B4-2F83216024FF}

 
Junk Mail filter update-->MsiExec.exe 
/I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

 
LibreOffice 3.3-->MsiExec.exe /I{CEE2613D-3B53-4447-BA2D-E88C08272581}

 
LogonStudio-->C:\PROGRA~1\Stardock\OBJECT~1\LOGONS~1\UNWISE.EXE 
C:\PROGRA~1\Stardock\OBJECT~1\LOGONS~1\INSTALL.LOG

 
Make Your Own Browser-->"C:\Program 
Files\MakeYourOwnBrowser\unins000.exe"

 
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

 
Messenger Companion-->MsiExec.exe 
/I{50816F92-1652-4A7C-B9BC-48F682742C4B}

 
Microsoft .NET Framework 3.5 
SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 
SP1\setup.exe

 
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe 
/I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

 
Microsoft .NET Framework 4 Client 
Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe 
/repair /x86 /parameterfolder Client

 
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe 
/X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

 
Microsoft Antimalware-->MsiExec.exe 
/X{05BFB060-4F22-4710-B0A2-2801A1B606C5}

 
Microsoft Automated Troubleshooting Services 
Shim-->%windir%\system32\sdbinst.exe -u 
"C:\Windows\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb"

 
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe 
/X{F2508213-9989-4E85-A078-72BE483917EF}

 
Microsoft Games for Windows Marketplace-->MsiExec.exe 
/X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}

 
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe 
/X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}

 
Microsoft Security Client-->MsiExec.exe 
/I{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}

 
Microsoft Security Essentials-->C:\Program Files\Microsoft Security 
Client\Setup.exe /x

 
Microsoft Silverlight-->MsiExec.exe 
/X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

 
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe 
/I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

 
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe 
/I{3A9FC03D-C685-4831-94CF-4EDFD3749497}

 
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 
8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

 
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe 
/X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

 
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 
9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

 
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 
9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe 
/X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

 
Microsoft Visual C++ 2008 Redistributable - x86 
9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

 
Microsoft WSE 3.0-->MsiExec.exe 
/I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}

 
Motorola SM56 Speakerphone Modem-->rundll32.exe 
sm56co85.dll,SM56UnInstaller

 
Mozilla Firefox 5.0 (x86 en-US)-->C:\Program Files\Mozilla 
Firefox\uninstall\helper.exe

 
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

 
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U

 
Operation-->C:\Windows\uninst.exe -f"C:\Program Files\Hasbro 
Interactive\Operation\DeIsL1.isu"

 
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}

 
Rapture3D 2.3.26 Game-->"C:\Program Files\BRS\unins000.exe"

 
Security Update for Microsoft .NET Framework 3.5 SP1 
(KB2416473)-->C:\Windows\system32\msiexec.exe /package 
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall 
{A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""

 
Security Update for Microsoft .NET Framework 4 Client Profile 
(KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe 
/uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder 
Client

 
Security Update for Microsoft .NET Framework 4 Client Profile 
(KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe 
/uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder 
Client

 
Security Update for Microsoft .NET Framework 4 Client Profile 
(KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe 
/uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder 
Client

 
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}

 
soft Xpansion Perfect PDF 6 Reader-->"C:\Program Files\Common Files\soft 
Xpansion\Uninstall\{06351084-D958-4981-BA7A-1F9EC231926D}.exe" 
/X{06351084-D958-4981-BA7A-1F9EC231926D}

 
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

 
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}

 
Uninstall 1.0.0.1-->"C:\Program Files\Common 
Files\DVDVideoSoft\unins000.exe"

 
Update for Microsoft .NET Framework 3.5 SP1 
(KB963707)-->C:\Windows\system32\msiexec.exe /package 
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall 
{B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

 
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe 
/X{F333A33D-125C-32A2-8DCE-5C5D14231E27}

 
Visual C++ 2008 x86 Runtime - 
v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x 
{F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""

 
VLC media player 1.1.10-->C:\Program Files\VideoLAN\VLC\uninstall.exe

 
Windows Live Communications Platform-->MsiExec.exe 
/I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

 
Windows Live Essentials-->C:\Program Files\Windows 
Live\Installer\wlarp.exe

 
Windows Live Essentials-->MsiExec.exe 
/I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

 
Windows Live Family Safety-->MsiExec.exe 
/I{759142E8-25B0-42AE-B408-4215065D3F4B}

 
Windows Live Family Safety-->MsiExec.exe 
/X{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}

 
Windows Live ID Sign-in Assistant-->MsiExec.exe 
/I{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}

 
Windows Live Installer-->MsiExec.exe 
/I{0B0F231F-CE6A-483D-AA23-77B364F75917}

 
Windows Live Mail-->MsiExec.exe 
/I{9D56775A-93F3-44A3-8092-840E3826DE30}

 
Windows Live Mail-->MsiExec.exe 
/I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

 
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe 
/I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}

 
Windows Live Mesh-->MsiExec.exe 
/I{A0C91188-C88F-4E86-93E6-CD7C9A266649}

 
Windows Live Mesh-->MsiExec.exe 
/I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

 
Windows Live Messenger Companion Core-->MsiExec.exe 
/I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}

 
Windows Live Messenger-->MsiExec.exe 
/X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}

 
Windows Live Messenger-->MsiExec.exe 
/X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}

 
Windows Live MIME IFilter-->MsiExec.exe 
/I{AF844339-2F8A-4593-81B3-9F4C54038C4E}

 
Windows Live Movie Maker-->MsiExec.exe 
/X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

 
Windows Live Movie Maker-->MsiExec.exe 
/X{92EA4134-10D1-418A-91E1-5A0453131A38}

 
Windows Live Photo Common-->MsiExec.exe 
/X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

 
Windows Live Photo Common-->MsiExec.exe 
/X{D436F577-1695-4D2F-8B44-AC76C99E0002}

 
Windows Live Photo Gallery-->MsiExec.exe 
/X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

 
Windows Live Photo Gallery-->MsiExec.exe 
/X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

 
Windows Live PIMT Platform-->MsiExec.exe 
/I{83C292B7-38A5-440B-A731-07070E81A64F}

 
Windows Live Remote Client Resources-->MsiExec.exe 
/I{464B3406-A4D0-4914-910F-7CA4380DCC13}

 
Windows Live Remote Client-->MsiExec.exe 
/I{19A4A990-5343-4FF7-B3B5-6F046C091EDF}

 
Windows Live Remote Service Resources-->MsiExec.exe 
/I{17504ED4-DB08-40A8-81C2-27D8C01581DA}

 
Windows Live Remote Service-->MsiExec.exe 
/I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}

 
Windows Live SOXE Definitions-->MsiExec.exe 
/I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

 
Windows Live SOXE-->MsiExec.exe 
/I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

 
Windows Live UX Platform Language Pack-->MsiExec.exe 
/I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

 
Windows Live UX Platform-->MsiExec.exe 
/I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

 
Windows Live Writer Resources-->MsiExec.exe 
/X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

 
Windows Live Writer-->MsiExec.exe 
/X{A726AE06-AAA3-43D1-87E3-70F510314F04}

 
Windows Live Writer-->MsiExec.exe 
/X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

 
Windows Live Writer-->MsiExec.exe 
/X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

 
Windows Movie Maker 2.6-->MsiExec.exe 
/X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}

 
WinRAR 4.00 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

 
======Security center information======

 
AS: Windows Defender

 
======System event log======

 
Computer Name: Kids-HP

 
Event Code: 4376

 
Message: Servicing has required reboot to complete the operation of setting 
package KB938371_2(Update) into Uninstall Requested(Uninstall Requested) 
state

 
Record Number: 17960

 
Source Name: Microsoft-Windows-Servicing

 
Time Written: 20110326215748.000000-000

 
Event Type: Warning

 
User: Kids-HP\Jake

 
Computer Name: Kids-HP

 
Event Code: 4376

 
Message: Servicing has required reboot to complete the operation of setting 
package KB938371(Update) into Install Requested(Install Requested) state

 
Record Number: 17956

 
Source Name: Microsoft-Windows-Servicing

 
Time Written: 20110326215748.000000-000

 
Event Type: Warning

 
User: Kids-HP\Jake

 
Computer Name: Kids-HP

 
Event Code: 4376

 
Message: Servicing has required reboot to complete the operation of setting 
package KB938371(Update) into Install Requested(Install Requested) state

 
Record Number: 17952

 
Source Name: Microsoft-Windows-Servicing

 
Time Written: 20110326215748.000000-000

 
Event Type: Warning

 
User: Kids-HP\Jake

 
Computer Name: Kids-HP

 
Event Code: 4376

 
Message: Servicing has required reboot to complete the operation of setting 
package KB938371(Update) into Install Requested(Install Requested) state

 
Record Number: 17949

 
Source Name: Microsoft-Windows-Servicing

 
Time Written: 20110326215748.000000-000

 
Event Type: Warning

 
User: Kids-HP\Jake

 
Computer Name: Kids-HP

 
Event Code: 4376

 
Message: Servicing has required reboot to complete the operation of setting 
package KB938371(Update) into Install Requested(Install Requested) state

 
Record Number: 17943

 
Source Name: Microsoft-Windows-Servicing

 
Time Written: 20110326215748.000000-000

 
Event Type: Warning

 
User: Kids-HP\Jake

 
=====Application event log=====

 
Computer Name: Kids-HP

 
Event Code: 1534

 
Message: Profile notification of event Delete for component 
{DE3F3560-3032-41B4-B6CF-F703B1B95640} failed, error code is -2147024875. 

 
 

 
Record Number: 36

 
Source Name: Microsoft-Windows-User Profiles Service

 
Time Written: 20110326200305.000000-000

 
Event Type: Warning

 
User: NT AUTHORITY\SYSTEM

 
Computer Name: Kids-HP

 
Event Code: 2

 
Message: Unable to remove Windows Search Service indexed data for user 
'Kids-HP\Administrator' in response to user profile deletion.  Error code 
0x80070015.

 
The device is not ready.

 
.

 
Record Number: 35

 
Source Name: Microsoft-Windows-Search-ProfileNotify

 
Time Written: 20110326200305.000000-000

 
Event Type: Error

 
User: 

 
Computer Name: Kids-HP

 
Event Code: 10

 
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent 
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND 
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace 
"//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through 
this filter until the problem is corrected.

 
Record Number: 26

 
Source Name: Microsoft-Windows-WMI

 
Time Written: 20110326220240.000000-000

 
Event Type: Error

 
User: 

 
Computer Name: Kids-HP

 
Event Code: 1008

 
Message: The Windows Search Service is attempting to remove the old catalog. 


 
Record Number: 22

 
Source Name: Microsoft-Windows-Search

 
Time Written: 20110326220231.000000-000

 
Event Type: Warning

 
User: 

 
Computer Name: 26L2233B1-13

 
Event Code: 1036

 
Message: InitializePrintProvider failed for provider inetpp.dll. This can 
occur because of system instability or a lack of system resources.

 
Record Number: 13

 
Source Name: Microsoft-Windows-SpoolerSpoolss

 
Time Written: 20110326205009.000000-000

 
Event Type: Warning

 
User: NT AUTHORITY\SYSTEM

 
=====Security event log=====

 
Computer Name: 26L2233B1-13

 
Event Code: 4648

 
Message: A logon was attempted using explicit credentials.

 
Subject:

 
 Security ID:  S-1-5-18

 
 Account Name:  26L2233B1-13$

 
 Account Domain:  WORKGROUP

 
 Logon ID:  0x3e7

 
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

 
Account Whose Credentials Were Used:

 
 Account Name:  SYSTEM

 
 Account Domain:  NT AUTHORITY

 
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

 
Target Server:

 
 Target Server Name: localhost

 
 Additional Information: localhost

 
Process Information:

 
 Process ID:  0x218

 
 Process Name:  C:\Windows\System32\services.exe

 
Network Information:

 
 Network Address: -

 
 Port:   -

 
This event is generated when a process attempts to log on an account by 
explicitly specifying that account’s credentials.  This most commonly occurs in 
batch-type configurations such as scheduled tasks, or when using the RUNAS 
command.

 
Record Number: 5

 
Source Name: Microsoft-Windows-Security-Auditing

 
Time Written: 20110326204724.890625-000

 
Event Type: Audit Success

 
User: 

 
Computer Name: 26L2233B1-13

 
Event Code: 4902

 
Message: The Per-user audit policy table was created.

 
Number of Elements: 0

 
Policy ID: 0xdff9a

 
Record Number: 4

 
Source Name: Microsoft-Windows-Security-Auditing

 
Time Written: 20110326204713.187500-000

 
Event Type: Audit Success

 
User: 

 
Computer Name: 26L2233B1-13

 
Event Code: 4624

 
Message: An account was successfully logged on.

 
Subject:

 
 Security ID:  S-1-0-0

 
 Account Name:  -

 
 Account Domain:  -

 
 Logon ID:  0x0

 
Logon Type:   0

 
New Logon:

 
 Security ID:  S-1-5-18

 
 Account Name:  SYSTEM

 
 Account Domain:  NT AUTHORITY

 
 Logon ID:  0x3e7

 
 Logon GUID:  {00000000-0000-0000-0000-000000000000}

 
Process Information:

 
 Process ID:  0x4

 
 Process Name:  

 
Network Information:

 
 Workstation Name: -

 
 Source Network Address: -

 
 Source Port:  -

 
Detailed Authentication Information:

 
 Logon Process:  -

 
 Authentication Package: -

 
 Transited Services: -

 
 Package Name (NTLM only): -

 
 Key Length:  0

 
This event is generated when a logon session is created. It is generated on 
the computer that was accessed.

 
The subject fields indicate the account on the local system which requested 
the logon. This is most commonly a service such as the Server service, or a 
local process such as Winlogon.exe or Services.exe.

 
The logon type field indicates the kind of logon that occurred. The most 
common types are 2 (interactive) and 3 (network).

 
The New Logon fields indicate the account for whom the new logon was created, 
i.e. the account that was logged on.

 
The network fields indicate where a remote logon request originated. 
Workstation name is not always available and may be left blank in some 
cases.

 
The authentication information fields provide detailed information about this 
specific logon request.

 
 - Logon GUID is a unique identifier that can be used to correlate this event 
with a KDC event.

 
 - Transited services indicate which intermediate services have participated 
in this logon request.

 
 - Package name indicates which sub-protocol was used among the NTLM 
protocols.

 
 - Key length indicates the length of the generated session key. This will be 
0 if no session key was requested.

 
Record Number: 3

 
Source Name: Microsoft-Windows-Security-Auditing

 
Time Written: 20110326204709.046875-000

 
Event Type: Audit Success

 
User: 

 
Computer Name: 26L2233B1-13

 
Event Code: 4608

 
Message: Windows is starting up.

 
This event is logged when LSASS.EXE starts and the auditing subsystem is 
initialized.

 
Record Number: 2

 
Source Name: Microsoft-Windows-Security-Auditing

 
Time Written: 20110326204709.000000-000

 
Event Type: Audit Success

 
User: 

 
Computer Name: 26L2233B1-13

 
Event Code: 4634

 
Message: An account was logged off.

 
Subject:

 
 Security ID:  S-1-5-7

 
 Account Name:  ANONYMOUS LOGON

 
 Account Domain:  NT AUTHORITY

 
 Logon ID:  0x1f2f0

 
Logon Type:   3

 
This event is generated when a logon session is destroyed. It may be 
positively correlated with a logon event using the Logon ID value. Logon IDs are 
only unique between reboots on the same computer.

 
Record Number: 1

 
Source Name: Microsoft-Windows-Security-Auditing

 
Time Written: 20080121025830.171200-000

 
Event Type: Audit Success

 
User: 

 
======Environment variables======

 
"ComSpec"=%SystemRoot%\system32\cmd.exe

 
"FP_NO_HOST_CHECK"=NO

 
"OS"=Windows_NT

 
"Path"=C:\Program Files\AMD APP\bin\x86;C:\Program Files\Common 
Files\Microsoft Shared\Windows 
Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program 
Files\QuickTime\QTSystem\;C:\Program Files\Windows Live\Shared

 
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

 
"PROCESSOR_ARCHITECTURE"=x86

 
"TEMP"=%SystemRoot%\TEMP

 
"TMP"=%SystemRoot%\TEMP

 
"USERNAME"=SYSTEM

 
"windir"=%SystemRoot%

 
"PROCESSOR_LEVEL"=15

 
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel

 
"PROCESSOR_REVISION"=0401

 
"NUMBER_OF_PROCESSORS"=1

 
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

 
"DFSTRACINGON"=FALSE

 
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

 
"asl.log"=Destination=file

 
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

 
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

 
"AMDAPPSDKROOT"=C:\Program Files\AMD APP\

 
-----------------EOF-----------------
There Ya Go!!! :cool:
 
Last edited by a moderator:

My Computer

System One

  • Manufacturer/Model
    HP pavilion a1224n
    CPU
    Pentium 4 3.6 GHz
    Motherboard
    ASUS
    Memory
    3 GB
    Graphics Card(s)
    ATi Radeon
    Sound Card
    None
    Monitor(s) Displays
    HP L1706
Hello for security issue's like the one you are having this site is the best to go to for uninstallers...

Antivirus Uninstallers
 

My Computer

System One

  • Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics Card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Keyboard
    HP Multimedia Keyboard
    Mouse
    Microsoft Wireless Mouse 5000
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz)

    Modem: 56K WinModem/

    Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive

    Menory Card Reader: 15-in-1 Multimedia Card Reader

    Media Drive
nice thread! wish i hadnt takn a nap! very good info, glad the problm is fixed! off to work i go!
 

My Computer

System One

  • Manufacturer/Model
    toshiba satellite
    CPU
    Intel Pentium T2080 @ 1.73GHz 66 °C Yonah 65nm Technology
    Motherboard
    TOSHIBA ISRAE (U2E1)
    Graphics Card(s)
    Generic PnP Monitor (1440x900@60Hz) Mobile Intel(R) 945 Expr
If the problem is fixed then I will report it as solved..
 

My Computer

System One

  • Manufacturer/Model
    a6530f Desktop
    CPU
    HP-PAVILION
    Motherboard
    M2N68-LA (Narra3)
    Memory
    8 Gigs of Ram/DDR2 PC2-6400 MB/sec
    Graphics Card(s)
    NVIDIA GeForce 6150SE nForce 430
    Sound Card
    Intergrated Realtex ALC888S Audio
    Monitor(s) Displays
    LG W40 series widescreen
    Screen Resolution
    1600 X 900
    Hard Drives
    1 640 GB Sata transfer rating: 3.0 Gb/sec speed: 7200 RPM
    PSU
    300W
    Case
    Mid-Size ATX
    Keyboard
    HP Multimedia Keyboard
    Mouse
    Microsoft Wireless Mouse 5000
    Other Info
    Processor: AMD Phenom X3 8450 Operating speed: Up to 2.1 GHz, Number of cores: 3, Socket: AM2+, Bus speed: 3600 MHz HT3 (clocked down to 2000 MHz)

    Modem: 56K WinModem/

    Supermulti: 16X DVD(+/-)R/RW 12X Ram (+/-)R DL Lightscribe SATA Drive

    Menory Card Reader: 15-in-1 Multimedia Card Reader

    Media Drive
You must log in or register to reply here.
Back
Top