Logfile of random's system information tool 1.09 (written by
random/random)
Run by Jake at 2011-08-09 17:53:56
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 92 GB (51%) free of 183 GB
Total RAM: 2935 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:54:36 PM, on 8/9/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jake\Desktop\RSIT.exe
C:\Program Files\trend micro\Jake.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper -
{9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows
Live\Companion\companioncore.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
"C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program
Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program
Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security
Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common
Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
/MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe
oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows
Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk =
C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Free YouTube Download -
C:\Users\Jake\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter -
C:\Users\Jake\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows
Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} -
C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows
Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows
Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
[URL]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/URL]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [URL]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/URL]
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program
Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems
Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common
Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. -
C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. -
C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program
Files\Common Files\Steam\SteamService.exe
--
End of file - 6887 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath -
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6xo7hmmr.default
prefs.js - "browser.startup.homepage" - "[URL="http://www.google.com""{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows"]http://www.google.com"[/URL]
[URL="http://www.google.com""{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows"]
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows
[/URL]
Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla
browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google
Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google
Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
wikipedia.xml
yahoo.xml
C:\Users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\6xo7hmmr.default\extensions\
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows
Live\Companion\companioncore.dll [2011-05-13 393600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-02-28
1089288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll
[2011-04-07 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program
Files\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20
1008184]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-10-26
1458176]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29
421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-03-07
421160]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15
997920]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[2011-06-06 937920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Steam"=C:\Program Files\Steam\Steam.exe [2011-08-01 1242448]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-06-23 639352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupfolder\C:^Users^Jake^AppData^Roaming^Microsoft^Windows^Start
Menu^Programs^Startup^Shrink Pic.lnk]
C:\PROGRA~1\SHRINK~1\SHRINK~1.EXE []
C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup
Dropbox.lnk - C:\Users\Jake\AppData\Roaming\Dropbox\bin\Dropbox.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=serwvdrv.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-08-09 17:53:57 ----D---- C:\Program Files\trend micro
2011-08-09 17:53:56 ----D---- C:\rsit
2011-08-09 17:13:36 ----D---- C:\Program Files\AMD APP
2011-08-09 17:13:17 ----D---- C:\Program Files\ATI Technologies
2011-08-09 17:13:14 ----D---- C:\Program Files\ATI
2011-08-09 17:11:27 ----D---- C:\ATI
2011-08-09 12:55:32 ----D---- C:\Program Files\Common Files\InstallShield
2011-08-09 12:55:22 ----A---- C:\Windows\CoDUO.INI
2011-08-09 12:47:59 ----D---- C:\Program Files\Call of Duty
2011-08-09 12:46:55 ----A---- C:\Windows\CoD.INI
2011-08-09 10:16:07 ----D---- C:\Program Files\Microsoft Synchronization
Services
2011-08-09 10:02:45 ----D---- C:\Users\Jake\AppData\Roaming\Windows Live
Writer
2011-08-09 09:21:53 ----D---- C:\Windows\en
2011-08-09 09:12:32 ----D---- C:\Users\Jake\AppData\Roaming\inkscape
2011-08-08 21:22:22 ----A---- C:\Windows\ntbtlog.txt
2011-08-08 13:09:06 ----A---- C:\Windows\Operation.ini
2011-08-08 13:09:00 ----D---- C:\Program Files\Hasbro Interactive
2011-08-08 13:08:51 ----A---- C:\Windows\uninst.exe
2011-08-07 22:47:11 ----D---- C:\Users\Jake\AppData\Roaming\Real
2011-08-07 08:44:15 ----A---- C:\Windows\system32\imageres.dll
2011-08-07 08:43:31 ----D---- C:\ProgramData\Stardock
2011-08-07 08:43:13 ----D---- C:\Program Files\Stardock
2011-08-02 14:10:03 ----ASH---- C:\pagefile.sys
2011-07-25 19:48:45 ----D---- C:\Program Files\Common Files\Adobe
2011-07-25 19:46:04 ----D---- C:\Windows\system32\Adobe
2011-07-25 19:44:56 ----D---- C:\Program Files\Adobe
2011-07-25 19:44:54 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-07-24 18:27:50 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2011-07-24 18:27:42 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2011-07-12 14:18:49 ----A---- C:\Windows\system32\win32k.sys
2011-07-12 14:18:47 ----A---- C:\Windows\system32\kernel32.dll
2011-07-12 14:18:45 ----A---- C:\Windows\system32\winsrv.dll
2011-07-12 14:18:45 ----A---- C:\Windows\system32\csrsrv.dll
2011-07-11 11:16:05 ----ASH---- C:\hiberfil.sys
======List of files/folders modified in the last 1 month======
2011-08-09 17:54:33 ----D---- C:\Windows\Temp
2011-08-09 17:54:09 ----D---- C:\Windows\Prefetch
2011-08-09 17:53:57 ----RD---- C:\Program Files
2011-08-09 17:52:30 ----D---- C:\Users\Jake\AppData\Roaming\uTorrent
2011-08-09 17:38:20 ----D---- C:\Windows\System32
2011-08-09 17:38:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-09 17:33:08 ----D---- C:\Users\Jake\AppData\Roaming\Dropbox
2011-08-09 17:32:56 ----D---- C:\Program Files\Steam
2011-08-09 17:31:40 ----D---- C:\Windows\system32\catroot2
2011-08-09 17:13:39 ----SHD---- C:\Windows\Installer
2011-08-09 17:13:38 ----SHD---- C:\Config.Msi
2011-08-09 15:54:16 ----SHD---- C:\System Volume Information
2011-08-09 13:21:38 ----SD---- C:\ProgramData\Microsoft
2011-08-09 13:09:46 ----D---- C:\Program Files\InstallShield Installation
Information
2011-08-09 12:55:32 ----D---- C:\Program Files\Common Files
2011-08-09 12:55:22 ----D---- C:\Windows
2011-08-09 10:16:16 ----D---- C:\Windows\winsxs
2011-08-09 10:16:10 ----RSD---- C:\Windows\assembly
2011-08-09 10:16:06 ----D---- C:\Program Files\Microsoft SQL Server Compact
Edition
2011-08-09 09:28:45 ----D---- C:\Windows\Microsoft.NET
2011-08-09 09:17:59 ----D---- C:\Program Files\Windows Live
2011-08-09 09:17:12 ----D---- C:\Program Files\Common Files\microsoft
shared
2011-08-08 14:48:14 ----SD---- C:\Users\Jake\AppData\Roaming\Microsoft
2011-08-07 22:11:10 ----D---- C:\Windows\Branding
2011-08-07 19:41:02 ----D---- C:\Windows\pss
2011-08-07 08:46:01 ----D---- C:\Windows\Debug
2011-08-07 08:43:31 ----HD---- C:\ProgramData
2011-08-05 19:41:45 ----D---- C:\Program Files\Common Files\Steam
2011-07-25 19:48:49 ----D---- C:\ProgramData\Adobe
2011-07-25 19:45:10 ----D---- C:\Users\Jake\AppData\Roaming\Adobe
2011-07-24 18:28:01 ----DC---- C:\Windows\system32\DRVSTORE
2011-07-24 18:27:50 ----D---- C:\Windows\system32\drivers
2011-07-24 18:27:50 ----D---- C:\Windows\system32\catroot
2011-07-24 18:27:49 ----D---- C:\Windows\inf
2011-07-13 03:01:32 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,
3=Demand, 4=Disabled)======
R1 MpFilter;Microsoft Malware Protection Driver;
C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKslc634ad3a;MpKslc634ad3a; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{940BF723-E394-4D95-BD50-951F7176B414}\MpKslc634ad3a.sys [2011-08-09
28752]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys
[2011-07-19 158000]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;
C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2011-07-19 93488]
R3 ati2mtag;ati2mtag; C:\Windows\system32\DRIVERS\ati2mtag.sys [2006-11-02
1523200]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition
Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 ialm;ialm; C:\Windows\system32\DRIVERS\ialmnt5.sys [2006-11-02
1302492]
R3 MpNWMon;Microsoft Malware Protection Network Driver;
C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System;
C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver;
C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-10-29 43520]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20
83328]
S1 MpKsl0c78b795;MpKsl0c78b795; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{4B63F5DD-D772-4425-A978-FED6EFC7936D}\MpKsl0c78b795.sys []
S1 MpKsl2c6dcf1a;MpKsl2c6dcf1a; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{3F34AFE7-0A37-4C4B-A850-4D7EBDEB55A4}\MpKsl2c6dcf1a.sys []
S1 MpKsl2cc9f108;MpKsl2cc9f108; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{496CDFED-D8EE-4593-B9BC-62A472EFB8FD}\MpKsl2cc9f108.sys []
S1 MpKsl323ad76a;MpKsl323ad76a; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{21046753-5124-4A4D-AA17-439A9ABBCECA}\MpKsl323ad76a.sys []
S1 MpKsl3f1750e2;MpKsl3f1750e2; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{348960E3-20CF-4964-BD8E-436C0CDD9A3A}\MpKsl3f1750e2.sys []
S1 MpKsl501f013b;MpKsl501f013b; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{E5714DE8-996D-46B7-B3E5-E6F07697A54A}\MpKsl501f013b.sys []
S1 MpKsl5c31dce0;MpKsl5c31dce0; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{F94532FB-44D0-4A2D-BE24-3F70D9F02156}\MpKsl5c31dce0.sys []
S1 MpKsl6f21a356;MpKsl6f21a356; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{EFF98E8A-72AE-41F4-B86F-1407D8FD8A0D}\MpKsl6f21a356.sys []
S1 MpKsl7a8b8d21;MpKsl7a8b8d21; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{9AE2367B-0E74-4B06-B1D2-3DD1322C27E0}\MpKsl7a8b8d21.sys []
S1 MpKsl9233928e;MpKsl9233928e; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{F94532FB-44D0-4A2D-BE24-3F70D9F02156}\MpKsl9233928e.sys []
S1 MpKsl9d22f8ca;MpKsl9d22f8ca; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{313A7A11-5E2D-4F1E-B81D-31646E61001D}\MpKsl9d22f8ca.sys []
S1 MpKsla4f8b431;MpKsla4f8b431; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{313A7A11-5E2D-4F1E-B81D-31646E61001D}\MpKsla4f8b431.sys []
S1 MpKsla54878d9;MpKsla54878d9; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{313A7A11-5E2D-4F1E-B81D-31646E61001D}\MpKsla54878d9.sys []
S1 MpKslaa30deb9;MpKslaa30deb9; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{F94532FB-44D0-4A2D-BE24-3F70D9F02156}\MpKslaa30deb9.sys []
S1 MpKslae89c86c;MpKslae89c86c; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{D666D9F1-F0E7-4328-9B2C-A25F47690CFF}\MpKslae89c86c.sys []
S1 MpKslb8a61aec;MpKslb8a61aec; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{496CDFED-D8EE-4593-B9BC-62A472EFB8FD}\MpKslb8a61aec.sys []
S1 MpKsld46c0b73;MpKsld46c0b73; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{51B7CF04-8E50-413E-9676-BC90917F5AD5}\MpKsld46c0b73.sys []
S1 MpKsldf583e1e;MpKsldf583e1e; \??\c:\ProgramData\Microsoft\Microsoft
Antimalware\Definition
Updates\{313A7A11-5E2D-4F1E-B81D-31646E61001D}\MpKsldf583e1e.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler;
C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23
39272]
S3 MODEMCSA;Unimodem Streaming Filter Device;
C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-20 18432]
S3 MSKSSRV;Microsoft Streaming Service Proxy;
C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;
C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;
C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;
C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-10-26
1095936]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys
[2011-02-18 41984]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
[2011-04-21 122224]
S3 WinRing0_1_2_0;WinRing0_1_2_0;
\??\C:\Users\Jake\AppData\Local\Temp\tmp9CD1.tmp []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30
40448]
S4 ahcix86s;ahcix86s; C:\Windows\system32\drivers\ahcix86s.sys [2007-12-19
170000]
S4 ErrDev;Microsoft Hardware Error Device Driver;
C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20
386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys
[2007-12-08 131616]
S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-12-08
140320]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,
3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common
Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common
Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18
37664]
R2 Bonjour Service;Bonjour Service; C:\Program
Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100;
C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security
Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\BingBar\SeaPort.EXE
[2011-02-25 249648]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe
[2011-03-07 820520]
R3 NisSrv;@c:\Program Files\Microsoft Security
Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security
Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common
Files\Steam\SteamService.exe [2011-08-02 411432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN
v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
[2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program
Files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]
S3 BBSvc;Bing Bar Update Service; C:\Program
Files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows
Live\Family Safety\fsssvc.exe [2011-05-13 1492840]
S3 gupdatem;Google Update Service (gupdatem); C:\Program
Files\Google\Update\GoogleUpdate.exe [2011-03-26 136176]
S3
WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100;
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
[2010-03-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program
Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
-----------------EOF-----------------
info.txt
info.txt logfile of random's system information tool 1.09 2011-08-09
17:54:39
======Uninstall list======
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe AIR-->c:\Program Files\Common Files\Adobe
AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Flash Player 10
ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe
-maintain activex
Adobe Flash Player 10
Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe -maintain
plugin
Adobe Reader X (10.1.0)-->MsiExec.exe
/I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave
11\uninstaller.exe"
Advanced Uninstaller PRO 2006 - version 7-->"C:\Program Files\Innovative
Solutions\Advanced Uninstaller PRO 2006 version 7\unins000.exe"
AMD APP SDK Runtime-->MsiExec.exe
/I{A25FF1C0-80B6-4B8B-A551-DC525697A408}
Apple Application Support-->MsiExec.exe
/I{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}
Apple Mobile Device Support-->MsiExec.exe
/I{CACAEB5F-174D-4C7C-AC56-A33289A807CA}
Apple Software Update-->MsiExec.exe
/I{C41300B9-185D-475E-BFEC-39EF732F19B1}
ATI Catalyst Install Manager-->msiexec
/q/x{11661616-6C82-1CA6-874A-2C7A5A7BF72C} REBOOT=ReallySuppress
Bing Bar-->MsiExec.exe /X{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}
Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8}
Call of Duty - United
Offensive-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
/M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u
C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DiRT 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12840
Family Tree Maker 2008-->C:\Program Files\InstallShield Installation
Information\{15F53CD8-552B-40D3-BEB1-13E710CA6C3F}\setup.exe -runfromtemp
-l0x0409
Free Studio version 5.0.8-->"C:\Program Files\DVDVideoSoft\Free
Studio\unins000.exe"
Geekbench 2.1-->C:\Program Files\Geekbench 2.1\uninstall.exe
GIMP 2.6.11-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /X{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe
/I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1
(KB953595)-->C:\Windows\system32\msiexec.exe /package
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1
(KB958484)-->C:\Windows\system32\msiexec.exe /package
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall
{A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
InfraRecorder-->"C:\Program Files\InfraRecorder\uninstall.exe"
Inkscape 0.48.1 -->C:\Program Files\Inkscape\Uninstall.exe
iTunes-->MsiExec.exe /I{2A697B53-0DE3-42DA-B41D-C3F804B1C538}
Java(TM) 6 Update 13-->MsiExec.exe
/X{26A24AE4-039D-4CA4-87B4-2F83216013F0}
Java(TM) 6 Update 24-->MsiExec.exe
/X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
Junk Mail filter update-->MsiExec.exe
/I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
LibreOffice 3.3-->MsiExec.exe /I{CEE2613D-3B53-4447-BA2D-E88C08272581}
LogonStudio-->C:\PROGRA~1\Stardock\OBJECT~1\LOGONS~1\UNWISE.EXE
C:\PROGRA~1\Stardock\OBJECT~1\LOGONS~1\INSTALL.LOG
Make Your Own Browser-->"C:\Program
Files\MakeYourOwnBrowser\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe
/I{50816F92-1652-4A7C-B9BC-48F682742C4B}
Microsoft .NET Framework 3.5
SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5
SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe
/I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client
Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
/repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe
/X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Antimalware-->MsiExec.exe
/X{05BFB060-4F22-4710-B0A2-2801A1B606C5}
Microsoft Automated Troubleshooting Services
Shim-->%windir%\system32\sdbinst.exe -u
"C:\Windows\AppPatch\Custom\{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe
/X{F2508213-9989-4E85-A078-72BE483917EF}
Microsoft Games for Windows Marketplace-->MsiExec.exe
/X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe
/X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Security Client-->MsiExec.exe
/I{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security
Client\Setup.exe /x
Microsoft Silverlight-->MsiExec.exe
/X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe
/I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe
/I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86
8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe
/X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86
9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86
9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe
/X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86
9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft WSE 3.0-->MsiExec.exe
/I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}
Motorola SM56 Speakerphone Modem-->rundll32.exe
sm56co85.dll,SM56UnInstaller
Mozilla Firefox 5.0 (x86 en-US)-->C:\Program Files\Mozilla
Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
OpenAL-->"C:\Program Files\OpenAL\OpenALwEAX.exe" /U
Operation-->C:\Windows\uninst.exe -f"C:\Program Files\Hasbro
Interactive\Operation\DeIsL1.isu"
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Rapture3D 2.3.26 Game-->"C:\Program Files\BRS\unins000.exe"
Security Update for Microsoft .NET Framework 3.5 SP1
(KB2416473)-->C:\Windows\system32\msiexec.exe /package
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall
{A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
/uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder
Client
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
/uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder
Client
Security Update for Microsoft .NET Framework 4 Client Profile
(KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
/uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder
Client
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
soft Xpansion Perfect PDF 6 Reader-->"C:\Program Files\Common Files\soft
Xpansion\Uninstall\{06351084-D958-4981-BA7A-1F9EC231926D}.exe"
/X{06351084-D958-4981-BA7A-1F9EC231926D}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Uninstall 1.0.0.1-->"C:\Program Files\Common
Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1
(KB963707)-->C:\Windows\system32\msiexec.exe /package
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall
{B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe
/X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime -
v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x
{F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.1.10-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Communications Platform-->MsiExec.exe
/I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows
Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe
/I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Family Safety-->MsiExec.exe
/I{759142E8-25B0-42AE-B408-4215065D3F4B}
Windows Live Family Safety-->MsiExec.exe
/X{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}
Windows Live ID Sign-in Assistant-->MsiExec.exe
/I{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}
Windows Live Installer-->MsiExec.exe
/I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe
/I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe
/I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe
/I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe
/I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe
/I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe
/I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe
/X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe
/X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live MIME IFilter-->MsiExec.exe
/I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe
/X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe
/X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe
/X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe
/X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe
/X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe
/X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe
/I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe
/I{464B3406-A4D0-4914-910F-7CA4380DCC13}
Windows Live Remote Client-->MsiExec.exe
/I{19A4A990-5343-4FF7-B3B5-6F046C091EDF}
Windows Live Remote Service Resources-->MsiExec.exe
/I{17504ED4-DB08-40A8-81C2-27D8C01581DA}
Windows Live Remote Service-->MsiExec.exe
/I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}
Windows Live SOXE Definitions-->MsiExec.exe
/I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe
/I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe
/I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe
/I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe
/X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe
/X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe
/X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe
/X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Movie Maker 2.6-->MsiExec.exe
/X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}
WinRAR 4.00 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: Kids-HP
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting
package KB938371_2(Update) into Uninstall Requested(Uninstall Requested)
state
Record Number: 17960
Source Name: Microsoft-Windows-Servicing
Time Written: 20110326215748.000000-000
Event Type: Warning
User: Kids-HP\Jake
Computer Name: Kids-HP
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting
package KB938371(Update) into Install Requested(Install Requested) state
Record Number: 17956
Source Name: Microsoft-Windows-Servicing
Time Written: 20110326215748.000000-000
Event Type: Warning
User: Kids-HP\Jake
Computer Name: Kids-HP
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting
package KB938371(Update) into Install Requested(Install Requested) state
Record Number: 17952
Source Name: Microsoft-Windows-Servicing
Time Written: 20110326215748.000000-000
Event Type: Warning
User: Kids-HP\Jake
Computer Name: Kids-HP
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting
package KB938371(Update) into Install Requested(Install Requested) state
Record Number: 17949
Source Name: Microsoft-Windows-Servicing
Time Written: 20110326215748.000000-000
Event Type: Warning
User: Kids-HP\Jake
Computer Name: Kids-HP
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting
package KB938371(Update) into Install Requested(Install Requested) state
Record Number: 17943
Source Name: Microsoft-Windows-Servicing
Time Written: 20110326215748.000000-000
Event Type: Warning
User: Kids-HP\Jake
=====Application event log=====
Computer Name: Kids-HP
Event Code: 1534
Message: Profile notification of event Delete for component
{DE3F3560-3032-41B4-B6CF-F703B1B95640} failed, error code is -2147024875.
Record Number: 36
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110326200305.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Kids-HP
Event Code: 2
Message: Unable to remove Windows Search Service indexed data for user
'Kids-HP\Administrator' in response to user profile deletion. Error code
0x80070015.
The device is not ready.
.
Record Number: 35
Source Name: Microsoft-Windows-Search-ProfileNotify
Time Written: 20110326200305.000000-000
Event Type: Error
User:
Computer Name: Kids-HP
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND
TargetInstance.LoadPercentage > 99" could not be reactivated in namespace
"//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through
this filter until the problem is corrected.
Record Number: 26
Source Name: Microsoft-Windows-WMI
Time Written: 20110326220240.000000-000
Event Type: Error
User:
Computer Name: Kids-HP
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.
Record Number: 22
Source Name: Microsoft-Windows-Search
Time Written: 20110326220231.000000-000
Event Type: Warning
User:
Computer Name: 26L2233B1-13
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can
occur because of system instability or a lack of system resources.
Record Number: 13
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20110326205009.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: 26L2233B1-13
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: 26L2233B1-13$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x218
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by
explicitly specifying that account’s credentials. This most commonly occurs in
batch-type configurations such as scheduled tasks, or when using the RUNAS
command.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110326204724.890625-000
Event Type: Audit Success
User:
Computer Name: 26L2233B1-13
Event Code: 4902
Message: The Per-user audit policy table was created.
Number of Elements: 0
Policy ID: 0xdff9a
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110326204713.187500-000
Event Type: Audit Success
User:
Computer Name: 26L2233B1-13
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 0
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x4
Process Name:
Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on
the computer that was accessed.
The subject fields indicate the account on the local system which requested
the logon. This is most commonly a service such as the Server service, or a
local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most
common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created,
i.e. the account that was logged on.
The network fields indicate where a remote logon request originated.
Workstation name is not always available and may be left blank in some
cases.
The authentication information fields provide detailed information about this
specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event
with a KDC event.
- Transited services indicate which intermediate services have participated
in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This will be
0 if no session key was requested.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110326204709.046875-000
Event Type: Audit Success
User:
Computer Name: 26L2233B1-13
Event Code: 4608
Message: Windows is starting up.
This event is logged when LSASS.EXE starts and the auditing subsystem is
initialized.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110326204709.000000-000
Event Type: Audit Success
User:
Computer Name: 26L2233B1-13
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1f2f0
Logon Type: 3
This event is generated when a logon session is destroyed. It may be
positively correlated with a logon event using the Logon ID value. Logon IDs are
only unique between reboots on the same computer.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080121025830.171200-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\AMD APP\bin\x86;C:\Program Files\Common
Files\Microsoft Shared\Windows
Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program
Files\QuickTime\QTSystem\;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"AMDAPPSDKROOT"=C:\Program Files\AMD APP\
-----------------EOF-----------------