Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Extremely Sluggish, Blue Screens and more

Started by princessss , Jun 30 2011 07:13 AM

  • This topic is locked This topic is locked

#1
princessss
Posted 30 June 2011 - 07:13 AM

princessss

    Member

  • Member
  • PipPip
  • 95 posts
I have been having a lot of problems with this computer. It acts as though it has no memory and yet there is 1 GB installed. Not sure if it is the operating system itself or malware or possibly a hardware glitch. I get blue screened now and then, the system is quite sluggish, cannot have windows live messenger open and use any other software, actually cant use any two software together , for instance, Firefox and anything else, ie and anything else, live and anything else. Utilizing a browser with another software makes it time out and not connect to the internet. The mouse stalls when trying to run any games or the whole computer hangs... any help will be appreciated...

about this computer

Windows Vista Home Premium
Service Pack 2
Processor is intel pentium dual cpu E2140@ 1.60 GHz 1.60 GHz
Memory 1 GB
32-bit Operating system

Here is an OTL log

OTL Extras logfile created on: 30/06/2011 7:47:22 AM - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\ADMINISTRATOR(DANNE)\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

894.83 Mb Total Physical Memory | 158.57 Mb Available Physical Memory | 17.72% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153.92 Gb Total Space | 72.68 Gb Free Space | 47.22% Space Free | Partition Type: NTFS
Drive D: | 144.16 Gb Total Space | 116.33 Gb Free Space | 80.70% Space Free | Partition Type: NTFS

Computer Name: DANNE | User Name: ADMINISTRATOR(DANNE) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049C961A-2958-46A2-8D11-6D16E81BCE9D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{0FFF0419-E8AB-4C1F-A0C8-7839E6175E20}" = lport=49167 | protocol=6 | dir=in | name=akamai netsession interface |
"{1599DF50-F5EF-462F-8DC7-2AE4870D8A33}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{489F5287-58C8-4379-A68B-13496816A17B}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{535AB711-3113-449A-813E-09CEFF4F593C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6B38F0AE-B53C-43E1-90BB-D56BC0843CE7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{72E28627-8EFF-422D-9743-8019ECA56802}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{81EEFFA1-45A0-4419-8F6D-175AC5CF964E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{91A968FE-5476-4FB7-A2FA-E0C85DA64C4A}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{95D20786-B29C-4B7F-BDDD-3B833302F930}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{DB1A1045-B130-403F-B8E1-01CB9D5B24F7}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005E1970-03C1-445B-BFD9-F5ACA053E622}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{17DEC3BE-4332-4D48-8F6D-659AB7BE1ECB}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{20261D85-2723-42D1-986A-37E3A2E01FBD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{21067274-540D-49F0-8D0F-797D81A613C9}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{23707316-6B75-44C7-A1A6-709F9D8593E3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{27A49896-4350-47D1-9247-7FE5AEFFF312}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{32EAB429-30B9-4715-A518-7D9D8798E397}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{3E2E76AD-6727-415E-B7D0-7538C21859D4}" = protocol=6 | dir=in | app=c:\programdata\kingsisle entertainment\wizard101\wizard101.exe |
"{548E82D9-38A3-476E-BD5A-BF84079FEB15}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{57B7DA33-7D77-41B9-9D50-DC01E64CFCAC}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{66AC670B-B68F-4371-A5FB-F5893102EA73}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7A8EC981-66E1-4C4F-8E15-013280CEF48A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7F020AE3-6423-417B-800E-01E71F7BC02D}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{811C0954-FE14-4D95-BF8F-E83E9517C20C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{91F96EDE-AA92-4AAB-B239-316308F32B5D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9F8813B5-86EB-4AEC-BD4D-967D0DBF01DC}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{A3D68B3E-F422-4951-A1C9-1F4CE752DEA1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{AA056E5B-36FD-4364-8424-C8955811541F}" = protocol=17 | dir=in | app=c:\programdata\kingsisle entertainment\wizard101\wizard101.exe |
"{BD19FA99-3DC4-4A78-9011-22903FEAA7DB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D3BF8762-4333-4974-85EF-25E2B37307F2}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{D6E23540-63D8-4F10-994B-4C6A909E31A8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{EB4B9699-BFA3-402E-A48E-B41E347D7ECA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F0545EC2-969E-48C6-9488-714A3C7D52F8}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F341DF61-C0A2-4394-9CD6-C6F0284520C3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"TCP Query User{0BDC5131-8621-4492-8C98-09531CF2F4CC}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{1F31BD74-2EB3-409C-83A3-794860E1AD7D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{365867A4-3BE5-4AAF-A48D-5F1943AC4093}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{25D726F3-24E5-4F9B-AE84-33A144FAAEE8}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{6755C70A-5615-4116-8035-FCCA48415350}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{C772A9CF-A006-424E-949D-18A453C4BCE7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39600969-41C3-4658-876E-16F108FC5C92}" = ISO Recorder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CD7F90C-303D-4836-BC91-DDEB574C0D1D}" = LeapFrog Leapster Explorer Plugin
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E23819E-8AF4-4D25-A7FE-7756C9E3DBB9}" = LeapFrog Connect
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1C131CA-5956-4515-9435-6CC33E5D781F}" = Swypeout Battle Racing
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C356AE79-463B-48C4-B7C4-E08800799284}_is1" = XPS Annotator 1.22
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3A3816-7E48-4556-8614-654377EDE1B5}" = BlackBerry App World Browser Plugin
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"BFGC" = Big Fish Games: Game Manager
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"Free PDF Tablet" = Free PDF Tablet 0.1
"Grand Fantasia" = Grand Fantasia
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"Logitech Vid" = Logitech Vid HD
"Magic ISO Maker v5.5 (build 0265)" = Magic ISO Maker v5.5 (build 0265)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PC Matic_is1" = PC Matic 1.1.0.33
"SiS VGA Utilities" = SiS VGA Utilities
"Swypeout Battle Racing" = Swypeout Battle Racing
"UPCShell" = LeapFrog Connect
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.9
"What's Running_is1" = What's Running 3.0
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for ADMINISTRATOR(DANNE)
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/06/2011 2:17:01 PM | Computer Name = DANNE | Source = WinMgmt | ID = 10
Description =

Error - 29/06/2011 5:53:18 PM | Computer Name = DANNE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module Flash10l.ocx, version 10.1.102.64, time stamp 0x4cc0fef8,
exception code 0xc0000005, fault offset 0x0016f4d1, process id 0x664, application
start time 0x01cc36a45c1c1a7c.

Error - 29/06/2011 8:22:46 PM | Computer Name = DANNE | Source = WinMgmt | ID = 10
Description =

Error - 29/06/2011 9:57:56 PM | Computer Name = DANNE | Source = WinMgmt | ID = 10
Description =

Error - 29/06/2011 11:38:06 PM | Computer Name = DANNE | Source = WinMgmt | ID = 10
Description =

Error - 30/06/2011 12:08:54 AM | Computer Name = DANNE | Source = WinMgmt | ID = 10
Description =

Error - 30/06/2011 4:30:35 AM | Computer Name = DANNE | Source = WinMgmt | ID = 10
Description =

Error - 30/06/2011 7:52:04 AM | Computer Name = DANNE | Source = WinMgmt | ID = 10
Description =

Error - 30/06/2011 8:04:18 AM | Computer Name = DANNE | Source = WinMgmt | ID = 10
Description =

Error - 30/06/2011 8:17:33 AM | Computer Name = DANNE | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 08/03/2011 9:13:43 AM | Computer Name = DANNE | Source = DCOM | ID = 10001
Description =

Error - 10/03/2011 2:44:05 PM | Computer Name = DANNE | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:06:14 PM on 10/03/2011 was unexpected.

Error - 10/03/2011 8:09:48 PM | Computer Name = DANNE | Source = DCOM | ID = 10016
Description =

Error - 12/03/2011 7:13:56 AM | Computer Name = DANNE | Source = Service Control Manager | ID = 7011
Description =

Error - 12/03/2011 11:41:47 PM | Computer Name = DANNE | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:27:53 PM on 12/03/2011 was unexpected.

Error - 13/03/2011 8:53:09 PM | Computer Name = DANNE | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:45:16 PM on 13/03/2011 was unexpected.

Error - 15/03/2011 2:27:45 PM | Computer Name = DANNE | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:19:59 PM on 15/03/2011 was unexpected.

Error - 19/03/2011 11:04:53 PM | Computer Name = DANNE | Source = Service Control Manager | ID = 7011
Description =

Error - 20/03/2011 3:17:27 PM | Computer Name = DANNE | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:27:46 PM on 20/03/2011 was unexpected.

Error - 22/03/2011 4:00:31 AM | Computer Name = DANNE | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Should I get an axe??
  • 0

Advertisements

#2
princessss
Posted 30 June 2011 - 07:35 AM

princessss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Not sure how I got to malware forum, did post this in the vista forum so sorry if I hit something wrong.
  • 0

#3
SpySentinel
Posted 04 July 2011 - 09:20 AM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi princessss,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your malware problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.


There should have also been a log file called OTL.txt. Can you please post that as well.
If you need to, do a search for the file and it should be easily found.
  • 0

#4
princessss
Posted 04 July 2011 - 09:27 AM

princessss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
thank you spysentinel. It was the OTL file that I posted above but will post it again .

OTL logfile created on: 30/06/2011 7:47:22 AM - Run 1
OTL by OldTimer - Version 3.2.24.2 Folder = C:\Users\ADMINISTRATOR(DANNE)\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

894.83 Mb Total Physical Memory | 158.57 Mb Available Physical Memory | 17.72% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153.92 Gb Total Space | 72.68 Gb Free Space | 47.22% Space Free | Partition Type: NTFS
Drive D: | 144.16 Gb Total Space | 116.33 Gb Free Space | 80.70% Space Free | Partition Type: NTFS

Computer Name: DANNE | User Name: ADMINISTRATOR(DANNE) | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 07:46:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ADMINISTRATOR(DANNE)\Downloads\OTL.exe
PRC - [2011/06/15 23:17:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/06/06 14:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/20 16:56:16 | 000,552,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Program Files\SiS VGA Utilities\SiSTray.exe
PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe


========== Modules (SafeList) ==========

MOD - [2011/06/30 07:46:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\ADMINISTRATOR(DANNE)\Downloads\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/29 23:10:11 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/20 20:17:53 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 14:26:54 | 006,132,576 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/02/02 11:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/10/13 12:18:30 | 000,090,864 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/08/24 06:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/06/30 07:21:01 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AE9A51F3-0432-4CC9-9C48-1FFAADF5E8AC}\MpKslf6f65608.sys -- (MpKslf6f65608)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/01/20 15:18:26 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV - [2009/11/20 16:49:30 | 000,465,408 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 23:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/04/23 12:21:08 | 000,058,416 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2007/01/22 17:09:08 | 000,046,592 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 66 A4 21 31 B7 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://search.babylo...rc=toolbar2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/30 00:06:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/24 23:25:03 | 000,000,000 | ---D | M]

[2011/03/25 08:37:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Mozilla\Extensions
[2011/06/29 23:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Mozilla\Firefox\Profiles\6s2sxyi8.default\extensions
[2011/06/22 15:44:48 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Mozilla\Firefox\Profiles\6s2sxyi8.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/06/29 23:04:58 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Mozilla\Firefox\Profiles\6s2sxyi8.default\extensions\[email protected]
[2011/06/30 00:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/06/29 23:04:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/01/18 15:57:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/15 23:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/04/16 20:38:09 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SiSTray] C:\Program Files\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsec...r/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.254
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/30 07:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/29 23:59:12 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{CC2FAE6B-DF0C-4473-9A74-6E8CC91BEA39}
[2011/06/29 19:53:16 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{273AE2C2-0B89-4481-AD77-9666040199F4}
[2011/06/29 06:38:47 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{9A7388C9-C3ED-44A7-BCF5-FF7F212A89F4}
[2011/06/28 09:18:52 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{EB8770E2-3D0C-4196-9B14-5666EB163F0D}
[2011/06/26 23:16:46 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{3CAE7AC0-FC73-483C-97D5-82C0A0A44E56}
[2011/06/26 11:16:38 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{5AEEC0CE-B17F-41B4-A404-85F4FC413B5F}
[2011/06/25 23:16:29 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{741A0741-678E-4CB1-83CA-08F083FE2527}
[2011/06/24 23:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/24 21:13:00 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{5AE2A5C2-AA27-4D0C-A48E-149F7C20C5B8}
[2011/06/23 13:00:36 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{F007E898-A18D-4E24-9AEA-F72CD8DB89AD}
[2011/06/22 00:16:03 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{92C4DE7A-EACF-4FA2-8855-81AE6B1F7673}
[2011/06/21 07:12:10 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{56C19ED5-79AC-4173-B1CB-E0CF657AF64F}
[2011/06/20 20:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011/06/20 20:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/06/20 20:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2011/06/20 20:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers
[2011/06/20 20:07:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/06/19 10:00:18 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{A5CC7E97-BA89-478F-BFEF-157860D7B30A}
[2011/06/18 19:15:56 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{D1A351E5-D3F8-445C-963F-B5F14F3935EB}
[2011/06/18 07:16:00 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{A3CD71DE-C8DF-4147-BDD6-D7E0AA141057}
[2011/06/17 18:24:31 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{75838739-D730-4D6A-A22B-D781D7F0075D}
[2011/06/17 13:03:20 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\Desktop\tammys
[2011/06/16 18:24:15 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{25836550-A30B-4D2C-8A6D-7885EC094660}
[2011/06/16 06:23:17 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{46D66E6D-E893-4A2C-8A51-96043920F59D}
[2011/06/15 08:46:14 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{63854F13-20D1-41B3-8A23-43D5033C40E3}
[2011/06/13 15:03:58 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{B79AC92F-3990-4D25-8466-750DC9B5DB11}
[2011/06/11 03:58:00 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{33256B75-034C-4993-928A-E03A1E11EB61}
[2011/06/10 09:56:47 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{53716E85-ED5D-4047-87F0-9D6D1942D2A2}
[2011/06/10 06:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Annotator
[2011/06/10 06:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\XPS Annotator
[2011/06/08 02:37:22 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{8B02AE2A-B538-4937-B84C-336ADFA3884B}
[2011/06/07 14:37:14 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{24A65437-12BC-4087-ADEF-5765D7EBE081}
[2011/06/07 02:36:51 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{1110470E-FA99-4E63-A797-B361CA595873}
[2011/06/06 14:36:42 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{6AA57267-8944-4381-A7B4-A10DFB658732}
[2011/06/05 18:51:47 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{FCACCE87-ADC1-4B7C-9AC4-B7C8889A0611}
[2011/06/05 10:33:20 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\Documents\Wild At Heart
[2011/06/05 10:24:17 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\Documents\Wild.Orchid[1989]Dvdrip[Eng][Alb-sub]ML
[2011/06/04 00:27:33 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{3B4B8C5A-265A-4F6C-9CC5-956E4A782701}
[2011/06/02 13:04:00 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\3DVIA
[2011/06/02 03:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/01 18:44:25 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{6683422D-C320-4A23-A0F2-450BE7038EF9}
[2011/06/01 06:51:27 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/06/01 06:43:54 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{ED32335E-0418-4EB2-B7ED-88582A7A6B31}
[2011/05/31 22:07:47 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\{77703FCB-DA4B-432D-B675-9D46E924E8B1}
[2011/05/31 15:02:44 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Roxio
[2011/05/31 14:54:14 | 000,000,000 | ---D | C] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\InstallShield
[2011/05/31 14:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2011/05/31 14:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2011/05/31 14:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2011/05/31 14:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2011/05/31 14:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2011/05/31 14:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2011/05/31 14:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2011/05/31 14:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2011/01/21 17:04:34 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/06/30 07:49:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{670B39B0-4A35-4595-B047-C44BD25E01FA}.job
[2011/06/30 07:18:37 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 07:16:12 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/30 07:16:12 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/30 07:16:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/30 07:10:43 | 000,597,898 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/30 07:10:43 | 000,104,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/30 06:56:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/30 03:29:22 | 000,414,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/06/30 00:06:16 | 000,000,870 | ---- | M] () -- C:\Users\ADMINISTRATOR(DANNE)\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/30 00:06:16 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/29 10:07:35 | 000,010,947 | ---- | M] () -- C:\Users\ADMINISTRATOR(DANNE)\Desktop\designall.dll.png
[2011/06/22 19:42:34 | 123,612,740 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/20 20:27:36 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/06/20 20:05:59 | 001,588,224 | ---- | M] () -- C:\Users\ADMINISTRATOR(DANNE)\Desktop\SteamInstall.msi
[2011/06/10 06:58:09 | 000,044,032 | ---- | M] () -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 06:57:26 | 000,122,357 | ---- | M] () -- C:\Users\ADMINISTRATOR(DANNE)\Documents\skinny cow.Page0.jpeg
[2011/06/10 06:56:15 | 000,000,000 | ---- | M] () -- C:\Users\ADMINISTRATOR(DANNE)\Documents\coupon.xps.annotations.xml
[2011/06/10 06:56:14 | 000,638,505 | ---- | M] () -- C:\Users\ADMINISTRATOR(DANNE)\Documents\coupon.xps
[2011/06/10 06:56:14 | 000,122,357 | ---- | M] () -- C:\Users\ADMINISTRATOR(DANNE)\Documents\coupon.Page0.jpeg
[2011/06/05 10:56:12 | 733,339,648 | ---- | M] () -- C:\Users\ADMINISTRATOR(DANNE)\Documents\Cruel Intentions[1999]DvDrip[Eng]-Stealthmaster.avi
[2011/05/31 22:11:18 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2011/05/31 14:42:52 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk

========== Files Created - No Company Name ==========

[2011/06/30 07:10:22 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/30 00:06:16 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/29 10:07:10 | 000,010,947 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\Desktop\designall.dll.png
[2011/06/22 19:42:34 | 123,612,740 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/20 20:10:04 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011/06/20 20:05:57 | 001,588,224 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\Desktop\SteamInstall.msi
[2011/06/10 06:57:26 | 000,122,357 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\Documents\skinny cow.Page0.jpeg
[2011/06/10 06:56:15 | 000,000,000 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\Documents\coupon.xps.annotations.xml
[2011/06/10 06:56:14 | 000,122,357 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\Documents\coupon.Page0.jpeg
[2011/06/10 06:28:16 | 000,638,505 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\Documents\coupon.xps
[2011/06/05 10:28:22 | 733,339,648 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\Documents\Cruel Intentions[1999]DvDrip[Eng]-Stealthmaster.avi
[2011/05/31 22:11:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/31 14:42:51 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2011/02/25 12:23:23 | 000,000,036 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\housecall.guid.cache
[2011/02/08 10:32:14 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/02/07 09:15:51 | 000,000,552 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\d3d8caps.dat
[2011/01/21 18:16:48 | 000,044,032 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/21 17:04:34 | 000,087,608 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\inst.exe
[2011/01/21 17:04:34 | 000,007,887 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\pcouffin.cat
[2011/01/21 17:04:34 | 000,001,144 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\pcouffin.inf
[2011/01/18 14:40:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/18 14:38:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/01/18 12:08:12 | 000,000,033 | ---- | C] () -- C:\Windows\System32\VGAunistlog.ini
[2011/01/18 11:02:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/18 09:59:56 | 000,005,216 | ---- | C] () -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\d3d9caps.dat
[2009/10/07 02:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 02:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/04/30 23:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/01/20 21:24:38 | 000,023,554 | ---- | C] () -- C:\Windows\System32\nkmrins.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,414,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,597,898 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/06/29 15:47:28 | 000,003,072 | ---- | C] () -- C:\Windows\WinIo.sys

========== LOP Check ==========

[2011/02/25 17:03:49 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\.minecraft
[2011/01/18 13:07:04 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\AVG10
[2011/06/29 23:04:53 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Blackberry Desktop
[2011/01/19 11:53:32 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Free PDF Tablet
[2011/04/18 12:26:11 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\FrostWire
[2011/01/19 13:45:29 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\GetRightToGo
[2011/04/16 21:47:41 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\ImgBurn
[2011/01/18 09:37:51 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Leadertech
[2011/06/23 00:09:47 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\QuickScan
[2011/06/29 23:04:52 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Research In Motion
[2011/05/13 17:39:40 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Unity
[2011/06/05 11:18:54 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\uTorrent
[2011/06/13 15:03:31 | 000,000,000 | ---D | M] -- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Vso
[2011/06/30 07:15:03 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/06/30 07:49:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{670B39B0-4A35-4595-B047-C44BD25E01FA}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0459F5AC

< End of report >
  • 0

#5
SpySentinel
Posted 04 July 2011 - 09:31 AM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi princessss,

You're welcome :)


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:0459F5AC

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

  • 0

#6
princessss
Posted 04 July 2011 - 10:27 AM

princessss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
thank you... this is what i got when it was done

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
ADS C:\ProgramData\TEMP:0459F5AC deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: ADMINISTRATOR(DANNE)
->Temp folder emptied: 79260476 bytes
->Temporary Internet Files folder emptied: 481358253 bytes
->Java cache emptied: 89591 bytes
->FireFox cache emptied: 496729659 bytes
->Flash cache emptied: 28645 bytes

User: All Users

User: Ashton
->Temp folder emptied: 13766949 bytes
->Temporary Internet Files folder emptied: 65172319 bytes
->Java cache emptied: 102603 bytes
->Flash cache emptied: 5877 bytes

User: Chase
->Temp folder emptied: 11727569 bytes
->Temporary Internet Files folder emptied: 85868314 bytes
->Flash cache emptied: 26404 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1603910749 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,707.00 mb


[EMPTYFLASH]

User: ADMINISTRATOR(DANNE)
->Flash cache emptied: 0 bytes

User: All Users

User: Ashton
->Flash cache emptied: 0 bytes

User: Chase
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.24.2 log created on 07042011_110126

Files\Folders moved on Reboot...
C:\Users\ADMINISTRATOR(DANNE)\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TXEEXLLT\ADSAdClient31[10].htm moved successfully.
File\Folder C:\Windows\temp\logishrd\LVPrcInj09.dll not found!

Registry entries deleted on Reboot...
  • 0

#7
princessss
Posted 04 July 2011 - 10:29 AM

princessss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Is MSE supposed to be disabled?

never mind it enabled

Edited by princessss, 04 July 2011 - 10:36 AM.

  • 0

#8
SpySentinel
Posted 04 July 2011 - 12:10 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi princessss,


Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked , and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.
  • 0

#9
princessss
Posted 04 July 2011 - 03:49 PM

princessss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7020

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

04/07/2011 1:43:52 PM
mbam-log-2011-07-04 (13-43-52).txt

Scan type: Quick scan
Objects scanned: 187681
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB AND VBA PROGRAM SETTINGS\Micronsoft (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.666.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.666.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\administrator(danne)\downloads\iwonglobal.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_hpk.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
c:\program files\clickpotatolite\bin\10.0.666.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.


_______________________________________________________________________________________________________________________
SETScan

C:\Program Files\Steam\bin\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\ADMINISTRATOR(DANNE)\Downloads\Netflix Code Activator.zip Win32/AutoRun.VB.YN worm deleted - quarantined
C:\Users\ADMINISTRATOR(DANNE)\Downloads\NetflixCodeActivator.zip Win32/AutoRun.VB.YN worm deleted - quarantined
  • 0

#10
princessss
Posted 04 July 2011 - 03:51 PM

princessss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
hope i posted those right , first is the mbam second is the second one you asked me to do...since i did these scans MSE has been fining some sort of hacktool keygen.exe?
  • 0

Advertisements

#11
princessss
Posted 06 July 2011 - 05:07 AM

princessss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
I'm confused , was that everything?
  • 0

#12
SpySentinel
Posted 06 July 2011 - 04:17 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#13
princessss
Posted 06 July 2011 - 04:45 PM

princessss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
That didn't take long at all , but I kept wanting to reply with that's so random lol. Here are the logs

Logfile of random's system information tool 1.08 (written by random/random)
Run by ADMINISTRATOR(DANNE) at 2011-07-06 17:38:25
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 60 GB (38%) free of 158 GB
Total RAM: 895 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:39:39 PM, on 06/07/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\wpcumi.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\ADMINISTRATOR(DANNE)\Downloads\RSIT.exe
C:\Program Files\trend micro\ADMINISTRATOR(DANNE).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} (RIM AxLoader) - http://mobileapps.bl...re/AxLoader.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsec...r/cascanner.cab
O18 - Protocol: intu-tt2010 - {97A0575E-2309-4E75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9063 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-04 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-04 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-03-24 7289376]
"SiSTray"=C:\Program Files\SiS VGA Utilities\SiSTray.exe [2009-11-20 552960]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"RIMBBLaunchAgent.exe"=C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-02-18 79192]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-26 39408]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2010-03-10 648536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HBLiteSA]
C:\Program Files\HBLite\bin\11.0.363.0\HBLiteSA.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-12-13 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
C:\Program Files\Logitech\Vid HD\Vid.exe [2010-10-29 5915480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2009-10-14 2793304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2011-05-29 1047656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [2011-06-06 251744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSWUpdate]
C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\smss.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2010-01-16 717696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop PC Matic Reminder]
C:\Program Files\PCPitstop\PC Matic\Reminder-PCMatic.exe [2010-10-13 324848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-02-18 79192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2011-04-12 1985880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2009-07-08 236016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2011-06-20 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-26 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
C:\PROGRA~1\RESEAR~1\BLACKB~2\DESKTO~1.EXE [2010-03-10 1819992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^ADMINISTRATOR(DANNE)^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft SharePoint Workspace.lnk]
C:\PROGRA~1\MICROS~2\Office14\GROOVE.EXE [2010-01-21 30963576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-07-06 17:38:25 ----D---- C:\rsit
2011-07-06 17:38:25 ----D---- C:\Program Files\trend micro
2011-07-04 13:56:48 ----D---- C:\Program Files\ESET
2011-07-04 13:30:34 ----D---- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Malwarebytes
2011-07-04 13:30:24 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2011-07-04 13:30:23 ----D---- C:\ProgramData\Malwarebytes
2011-07-04 13:30:19 ----A---- C:\Windows\system32\drivers\mbam.sys
2011-07-04 13:30:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-04 11:01:26 ----D---- C:\_OTL
2011-06-30 07:09:55 ----D---- C:\Program Files\Microsoft Security Client
2011-06-30 07:09:26 ----A---- C:\Windows\system32\drivers\netio.sys
2011-06-29 23:17:02 ----A---- C:\Windows\system32\schannel.dll
2011-06-24 23:25:37 ----D---- C:\Program Files\Common Files\Java
2011-06-24 23:25:02 ----A---- C:\Windows\system32\javaws.exe
2011-06-24 23:25:02 ----A---- C:\Windows\system32\javaw.exe
2011-06-24 23:25:02 ----A---- C:\Windows\system32\java.exe
2011-06-20 20:10:19 ----D---- C:\Program Files\Common Files\Steam
2011-06-20 20:10:02 ----D---- C:\Program Files\Steam
2011-06-20 20:07:07 ----D---- C:\Program Files\Yontoo Layers
2011-06-20 20:07:06 ----D---- C:\ProgramData\Tarma Installer
2011-06-16 03:03:18 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-16 03:03:17 ----A---- C:\Windows\system32\iertutil.dll
2011-06-16 03:03:16 ----A---- C:\Windows\system32\jscript9.dll
2011-06-16 03:03:16 ----A---- C:\Windows\system32\jscript.dll
2011-06-16 03:03:16 ----A---- C:\Windows\system32\ieui.dll
2011-06-16 03:03:13 ----A---- C:\Windows\system32\mshtml.dll
2011-06-16 03:03:12 ----A---- C:\Windows\system32\ieframe.dll
2011-06-16 03:03:10 ----A---- C:\Windows\system32\urlmon.dll
2011-06-15 17:33:45 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-06-15 17:33:37 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-15 17:33:35 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-15 17:33:35 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-15 17:33:33 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-15 17:33:09 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-15 17:33:06 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-15 17:33:06 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-15 17:33:06 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-10 06:54:44 ----D---- C:\Program Files\XPS Annotator

======List of files/folders modified in the last 1 months======

2011-07-06 17:38:26 ----D---- C:\Windows\Prefetch
2011-07-06 17:38:25 ----RD---- C:\Program Files
2011-07-06 17:38:14 ----D---- C:\Windows\Temp
2011-07-06 16:00:21 ----SHD---- C:\System Volume Information
2011-07-05 15:55:29 ----D---- C:\Program Files\Common Files\Akamai
2011-07-05 09:41:25 ----SD---- C:\Windows\Downloaded Program Files
2011-07-05 09:25:52 ----SHD---- C:\Windows\Installer
2011-07-05 08:49:11 ----A---- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\BBMS_EXCEPTION.txt
2011-07-05 08:24:47 ----D---- C:\Windows\System32
2011-07-05 08:24:47 ----D---- C:\Windows\inf
2011-07-05 08:24:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-04 17:50:20 ----D---- C:\Windows\system32\Tasks
2011-07-04 13:45:25 ----D---- C:\Windows\system32\drivers
2011-07-04 13:43:51 ----HD---- C:\ProgramData
2011-07-04 11:01:33 ----D---- C:\Windows\system32\drivers\etc
2011-06-30 07:10:41 ----D---- C:\Windows\system32\catroot
2011-06-30 07:10:36 ----SD---- C:\ProgramData\Microsoft
2011-06-30 07:09:54 ----D---- C:\Windows
2011-06-30 07:09:49 ----D---- C:\Windows\winsxs
2011-06-30 07:02:29 ----D---- C:\ProgramData\AVG10
2011-06-30 06:57:15 ----D---- C:\ProgramData\MFAData
2011-06-30 03:44:26 ----D---- C:\Windows\Microsoft.NET
2011-06-30 03:43:29 ----RSD---- C:\Windows\assembly
2011-06-30 03:27:27 ----RSD---- C:\Windows\Fonts
2011-06-30 00:06:12 ----D---- C:\Program Files\Mozilla Firefox
2011-06-29 23:17:10 ----D---- C:\Windows\system32\catroot2
2011-06-29 23:07:14 ----D---- C:\Windows\system32\Msdtc
2011-06-29 23:07:10 ----D---- C:\Windows\system32\wbem
2011-06-29 23:06:31 ----D---- C:\Windows\system32\config
2011-06-29 23:05:37 ----D---- C:\Windows\ehome
2011-06-29 23:05:36 ----HD---- C:\Windows\system32\GroupPolicy
2011-06-29 23:05:36 ----D---- C:\Windows\Tasks
2011-06-29 23:05:36 ----D---- C:\Windows\system32\spool
2011-06-29 23:05:36 ----D---- C:\Windows\system32\RTCOM
2011-06-29 23:05:02 ----D---- C:\Windows\registration
2011-06-29 23:04:58 ----D---- C:\Program Files\Common Files\Roxio Shared
2011-06-29 23:04:57 ----D---- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\InstallShield
2011-06-29 23:04:57 ----D---- C:\ProgramData\Roxio
2011-06-29 23:04:57 ----D---- C:\Program Files\Roxio
2011-06-29 23:04:57 ----D---- C:\Program Files\Common Files\Sonic Shared
2011-06-29 23:04:56 ----D---- C:\Program Files\Common Files\Research In Motion
2011-06-29 23:04:55 ----D---- C:\Program Files\Research In Motion
2011-06-29 23:04:53 ----D---- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Blackberry Desktop
2011-06-29 23:04:52 ----D---- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Research In Motion
2011-06-29 23:04:45 ----D---- C:\ProgramData\InstallShield
2011-06-29 23:04:36 ----D---- C:\Program Files\Research In Motion Limited
2011-06-24 23:25:37 ----D---- C:\Program Files\Common Files
2011-06-24 23:24:44 ----D---- C:\Program Files\Java
2011-06-23 00:09:47 ----D---- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\QuickScan
2011-06-22 19:42:40 ----D---- C:\Windows\Minidump
2011-06-16 03:18:45 ----D---- C:\Program Files\Microsoft Silverlight
2011-06-16 03:16:44 ----D---- C:\Program Files\Internet Explorer
2011-06-16 03:08:51 ----A---- C:\Windows\system32\mrt.exe
2011-06-16 03:02:39 ----D---- C:\Program Files\Windows Mail
2011-06-13 15:03:31 ----D---- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Vso
2011-06-10 08:35:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-06-10 06:29:19 ----SD---- C:\Users\ADMINISTRATOR(DANNE)\AppData\Roaming\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-05-01 43528]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKsl2316f4fd;MpKsl2316f4fd; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5315C870-FD95-4824-9E0B-87B8E9D1B959}\MpKsl2316f4fd.sys [2011-07-06 28752]
R1 MpKslee135c97;MpKslee135c97; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{072907FB-C514-400D-9F45-941A151E45DE}\MpKslee135c97.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-03-24 2346016]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2009-10-07 25752]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-01-21 47360]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2009-04-30 2687512]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-20 8192]
R3 SiS6350;SiS6350; C:\Windows\system32\DRIVERS\SISGRKMD.sys [2009-11-20 465408]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-01-22 46592]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S1 MpKsl74db18cf;MpKsl74db18cf; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{756575A3-3834-4AC9-BDCF-004640371A88}\MpKsl74db18cf.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN; C:\Windows\system32\DRIVERS\btblan.sys [2010-01-20 33792]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2011-02-16 64000]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2010-09-28 41984]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Akamai;Akamai NetSession Interface; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-10-16 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service; C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe [2011-06-06 6132576]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 154136]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2009-07-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2009-07-08 170480]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-26 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-12-13 820008]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 nosGetPlusHelper;getPlus® Helper 3004; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 PCPitstop Scheduling;PCPitstop Scheduling; C:\Program Files\PCPitstop\PCPitstopScheduleService.exe [2010-10-13 90864]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2009-07-08 1108464]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-06-20 403240]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2011-07-06 17:39:45

======Uninstall list======

-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3DVIA player 5.0-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10u_Plugin.exe -maintain plugin
Adobe Reader X (10.0.1)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}
Akamai NetSession Interface-->C:\Program Files\Common Files\Akamai\uninstall.exe
Apple Application Support-->MsiExec.exe /I{EE6097DD-05F4-4178-9719-D3170BF098E8}
Apple Mobile Device Support-->MsiExec.exe /I{308B6AEA-DE50-4666-996D-0FA461719D6B}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Big Fish Games: Game Manager-->C:\Program Files\bfgclient\Uninstall.exe
BlackBerry App World Browser Plugin-->MsiExec.exe /X{CF3A3816-7E48-4556-8614-654377EDE1B5}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /i{CE86E2F5-850C-4207-94A3-A58D647B1733}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /I{CE86E2F5-850C-4207-94A3-A58D647B1733}
BlackBerry Desktop Software 6.0.2-->MsiExec.exe /i{87DF5956-A327-4304-8338-8E2B0AAB843E}
BlackBerry Desktop Software 6.0.2-->MsiExec.exe /I{87DF5956-A327-4304-8338-8E2B0AAB843E}
BlackBerry® Media Sync-->MsiExec.exe /X{40A594D0-1490-4979-9382-D2B764F949C6}
Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8}
ConvertXtoDVD 2.2.3.258-->"C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Definition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{2FD3FD50-4D6B-433B-9AB8-83F04675DA44}" "1033" "0"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Free PDF Tablet 0.1-->C:\Program Files\FreePDFTablet\uninstall.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_EAA6E347FFC35CC8.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Fantasia-->C:\AeriaGames\GrandFantasia\Uninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ISO Recorder-->MsiExec.exe /I{39600969-41C3-4658-876E-16F108FC5C92}
iTunes-->MsiExec.exe /I{881F5DE8-9367-4B81-A325-E91BBC6472F9}
Java™ 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF}
LeapFrog Connect-->C:\Program Files\LeapFrog\LeapFrog Connect\uninst.exe
LeapFrog Connect-->MsiExec.exe /X{9E23819E-8AF4-4D25-A7FE-7756C9E3DBB9}
LeapFrog Leapster Explorer Plugin-->MsiExec.exe /I{8CD7F90C-303D-4836-BC91-DDEB574C0D1D}
Logitech Vid HD-->C:\Program Files\Logitech\Vid HD\uninst.exe
Logitech Webcam Software-->MsiExec.exe /I{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}
Magic ISO Maker v5.5 (build 0265)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware version 1.51.0.1200-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Messenger Companion-->MsiExec.exe /I{50816F92-1652-4A7C-B9BC-48F682742C4B}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Antimalware-->MsiExec.exe /X{05BFB060-4F22-4710-B0A2-2801A1B606C5}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Security Client-->MsiExec.exe /I{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Mozilla Firefox 5.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
PC Matic 1.1.0.33-->"C:\Program Files\PCPitstop\PC Matic\unins000.exe"
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Roxio Media Manager-->MsiExec.exe /X{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
SiS VGA Utilities-->C:\Program Files\SiS VGA Utilities\Setup.exe -u
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Swypeout Battle Racing-->"C:\ProgramData\{80BB79BD-6CC7-4C1C-B3AE-0CBEB22623FD}\swypeout.exe" REMOVE=TRUE MODIFY=FALSE
TurboTax 2010-->MsiExec.exe /X{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1033" "0"
Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)-->MsiExec.exe /X{8CD7F90C-303D-4836-BC91-DDEB574C0D1D}
VLC media player 1.1.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
What's Running 3.0-->"C:\Program Files\WhatsRunning\unins000.exe"
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)-->C:\PROGRA~1\DIFX\507DAFEF8EE1D9B8\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\leapfrog-02-03-05-012-1373324.inf_eda876fd\leapfrog-02-03-05-012-1373324.inf
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger Companion Core-->MsiExec.exe /I{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{464B3406-A4D0-4914-910F-7CA4380DCC13}
Windows Live Remote Client-->MsiExec.exe /I{19A4A990-5343-4FF7-B3B5-6F046C091EDF}
Windows Live Remote Service Resources-->MsiExec.exe /I{17504ED4-DB08-40A8-81C2-27D8C01581DA}
Windows Live Remote Service-->MsiExec.exe /I{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Wizard101-->"C:\Program Files\InstallShield Installation Information\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}\setup.exe" -runfromtemp -l0x0009 -removeonly
XPS Annotator 1.22-->"C:\Program Files\XPS Annotator\unins000.exe"
Yontoo Layers 1.10.01-->C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe /remove /q0

======Hosts File======

::1 localhost

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: DANNE
Event Code: 4374
Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system
Record Number: 26563
Source Name: Microsoft-Windows-Servicing
Time Written: 20110118201139.000000-000
Event Type: Warning
User: DANNE\ADMINISTRATOR(DANNE)

Computer Name: DANNE
Event Code: 4374
Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system
Record Number: 26562
Source Name: Microsoft-Windows-Servicing
Time Written: 20110118201139.000000-000
Event Type: Warning
User: DANNE\ADMINISTRATOR(DANNE)

Computer Name: DANNE
Event Code: 4374
Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system
Record Number: 26561
Source Name: Microsoft-Windows-Servicing
Time Written: 20110118201139.000000-000
Event Type: Warning
User: DANNE\ADMINISTRATOR(DANNE)

Computer Name: DANNE
Event Code: 4374
Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system
Record Number: 26560
Source Name: Microsoft-Windows-Servicing
Time Written: 20110118201138.000000-000
Event Type: Warning
User: DANNE\ADMINISTRATOR(DANNE)

Computer Name: DANNE
Event Code: 4374
Message: Windows Servicing identified that package KB948465(Service Pack) is not applicable for this system
Record Number: 26559
Source Name: Microsoft-Windows-Servicing
Time Written: 20110118201138.000000-000
Event Type: Warning
User: DANNE\ADMINISTRATOR(DANNE)

=====Application event log=====

Computer Name: DANNE
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 63
Source Name: Microsoft-Windows-WMI
Time Written: 20110117222851.000000-000
Event Type: Error
User:

Computer Name: DANNE
Event Code: 3086
Message: The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Windows Application, SystemIndex Catalog

Record Number: 44
Source Name: Microsoft-Windows-Search
Time Written: 20110117222720.000000-000
Event Type: Warning
User:

Computer Name: DANNE
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 27
Source Name: Microsoft-Windows-WMI
Time Written: 20110118002306.000000-000
Event Type: Error
User:

Computer Name: DANNE
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 23
Source Name: Microsoft-Windows-Search
Time Written: 20110118002304.000000-000
Event Type: Warning
User:

Computer Name: 26L2233B1-13
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 13
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20110118000439.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 26L2233B1-13
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: 26L2233B1-13$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x250
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110118000209.345663-000
Event Type: Audit Success
User:

Computer Name: 26L2233B1-13
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0xffe64
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110118000206.662445-000
Event Type: Audit Success
User:

Computer Name: 26L2233B1-13
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110118000204.977635-000
Event Type: Audit Success
User:

Computer Name: 26L2233B1-13
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110118000204.962035-000
Event Type: Audit Success
User:

Computer Name: 26L2233B1-13
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1f2f0

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080121025830.171200-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Windows Live\Shared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------
  • 0

#14
SpySentinel
Posted 10 July 2011 - 10:08 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Sorry for the delay.

How is your computer running?
  • 0

#15
princessss
Posted 10 July 2011 - 10:50 PM

princessss

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
not so great.. thinking its a software/hardware problem
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP