There were no error messages on startup, also (Hey!) I no longer get that annoying popup that started this whole mess in the first place.
PC is still running slower than ever though.
Please remember, the ask.com toolbar and My Web Search (My Web Face) are still there. I still don’t know how to go into administrator mode or whatever it is you asked me to do. (remember, I right clicked everywhere and couldn’t figure out how to do it?) So, maybe things are still running slow because of that. I don’t know.
Thank you,
Merlin1963
Here’s the requested info.
Results of screen317's Security Check version 0.99.1
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check: Windows Firewall Disabled!
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check: Spy Sweeper Core
HijackThis 2.0.2
Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check: Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?) `````````End of Log```````````Logfile of random's system information tool 1.06 (written by random/random)
Run by merlin at 2009-12-18 21:20:45
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 188 GB (64%) free of 294 GB
Total RAM: 2942 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:51 PM, on 12/18/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\taskeng.exe
C:\Users\merlin\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\merlin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndtR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndtR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndtR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpsysdrv] "c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] "c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [HPADVISOR] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=DOCKVIEW,SYSTRAY
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Search Protection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpeedItUpEX] "C:\Program Files\SpeedItup Free\SpeedItUp.exe" -MINI
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: PictureMover.lnk = C:\Program Files\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote -
res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) -
https://h20364.www2.hp.com/CSMWeb/Custo ... anager.CABO16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} (HP Product Detection Control) -
https://www.hpwindows7upgrade.arvato.co ... Detect.cabO16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader2.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (
http://www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 10707 bytes
======Scheduled tasks folder======
C:\Windows\tasks\PCDRScheduledMaintenance.job
C:\Windows\tasks\wrSpySweeper_LE235E389FA7540F8BF94FFE877FC3355.job
C:\Windows\tasks\wrSpySweeper_LE86C0AE2941B4D2BA8ACF2447ED725AC.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2009-08-21 4139912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-24 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-22 762864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL [2009-08-17 564624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-24 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Microsoft Live Search Toolbar Helper - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22 82768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-02-09 764296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files\MSN\Toolbar\3.0.0552.0\msneshellx.dll [2009-01-22 82768]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask.com Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-02-09 764296]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-24 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"hpsysdrv"=c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe [2008-11-20 62768]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-03-08 13687328]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-03-08 92704]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-12-04 75016]
"UpdateP2GoShortCut"=c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-12-04 218408]
"UpdateLBPShortCut"=c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-12-04 218408]
"UpdatePDIRShortCut"=c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-04 218408]
"UpdatePSTShortCut"=c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe [2009-02-02 210216]
"HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"Microsoft Default Manager"=c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-06 224616]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"DVDAgent"=c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-09-09 1148200]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2009-08-17 85888]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-11-06 6515784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-08-05 1644088]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2009-11-10 5244216]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2009-02-23 111856]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-03-17 2387968]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"SpeedItUpEX"=C:\Program Files\SpeedItup Free\SpeedItUp.exe -MINI []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
PictureMover.lnk - C:\Program Files\PictureMover\Bin\PictureMover.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL [2009-08-21 4139912]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e55f07c8-bba2-11de-9f19-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-12-18 21:20:45 ----D---- C:\rsit
2009-12-17 22:56:44 ----N---- C:\Windows\system32\MpSigStub.exe
2009-12-12 22:33:25 ----D---- C:\Users\merlin\AppData\Roaming\AnvSoft
2009-12-12 22:33:17 ----D---- C:\Program Files\AnvSoft
2009-12-11 08:01:55 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-11 08:01:52 ----A---- C:\Windows\system32\httpapi.dll
2009-12-11 06:54:38 ----A---- C:\Windows\system32\winhttp.dll
2009-12-11 06:54:23 ----A---- C:\Windows\system32\mshtml.dll
2009-12-11 06:54:22 ----A---- C:\Windows\system32\ieframe.dll
2009-12-11 06:54:21 ----A---- C:\Windows\system32\wininet.dll
2009-12-11 06:54:21 ----A---- C:\Windows\system32\urlmon.dll
2009-12-11 06:54:21 ----A---- C:\Windows\system32\iertutil.dll
2009-12-11 06:54:20 ----A---- C:\Windows\system32\occache.dll
2009-12-11 06:54:20 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-11 06:54:20 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-11 06:54:19 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-11 06:54:19 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-11 06:54:19 ----A---- C:\Windows\system32\ieui.dll
2009-12-11 06:54:19 ----A---- C:\Windows\system32\iepeers.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-11 06:54:18 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\iesetup.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\iernonce.dll
2009-12-11 06:54:18 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-11 06:52:41 ----A---- C:\Windows\system32\rastls.dll
2009-12-08 22:34:12 ----D---- C:\Program Files\Trend Micro
2009-12-04 13:21:11 ----D---- C:\Windows\system32\vi-VN
2009-12-04 13:21:11 ----D---- C:\Windows\system32\eu-ES
2009-12-04 13:21:11 ----D---- C:\Windows\system32\ca-ES
2009-12-04 13:02:10 ----D---- C:\Windows\system32\EventProviders
2009-12-04 13:02:06 ----A---- C:\Windows\system32\jscript.dll
2009-12-04 12:50:22 ----A---- C:\Windows\system32\mshtmled.dll
2009-12-04 12:50:21 ----A---- C:\Windows\system32\mshtmler.dll
2009-12-04 12:50:21 ----A---- C:\Windows\system32\icardie.dll
2009-12-04 12:50:21 ----A---- C:\Windows\system32\admparse.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\msls31.dll
2009-12-04 12:50:20 ----A---- C:\Windows\system32\corpol.dll
2009-12-04 12:50:19 ----A---- C:\Windows\system32\imgutil.dll
2009-12-04 12:50:19 ----A---- C:\Windows\system32\ieakeng.dll
2009-12-04 12:50:19 ----A---- C:\Windows\system32\dxtrans.dll
2009-12-04 12:50:19 ----A---- C:\Windows\system32\dxtmsft.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\webcheck.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\msrating.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\licmgr10.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\inseng.dll
2009-12-04 12:50:18 ----A---- C:\Windows\system32\ieaksie.dll
2009-12-04 12:50:17 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-12-04 12:50:17 ----A---- C:\Windows\system32\wextract.exe
2009-12-04 12:50:17 ----A---- C:\Windows\system32\mstime.dll
2009-12-04 12:50:17 ----A---- C:\Windows\system32\ieakui.dll
2009-12-04 12:50:16 ----A---- C:\Windows\system32\vbscript.dll
2009-12-04 12:50:16 ----A---- C:\Windows\system32\pngfilt.dll
2009-12-04 12:50:16 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-04 12:50:16 ----A---- C:\Windows\system32\advpack.dll
2009-12-04 12:50:15 ----A---- C:\Windows\system32\url.dll
2009-12-04 12:50:13 ----A---- C:\Windows\system32\mshta.exe
2009-12-04 12:50:13 ----A---- C:\Windows\system32\iexpress.exe
2009-12-04 12:50:12 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-12-04 12:50:12 ----A---- C:\Windows\system32\SetDepNx.exe
2009-12-04 12:50:12 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-12-04 12:50:12 ----A---- C:\Windows\system32\PDMSetup.exe
2009-12-02 22:48:24 ----D---- C:\Users\merlin\AppData\Roaming\vlc
2009-12-02 22:45:05 ----D---- C:\Program Files\VideoLAN
2009-12-01 12:52:07 ----A---- C:\Windows\system32\javaws.exe
2009-12-01 12:52:07 ----A---- C:\Windows\system32\javaw.exe
2009-12-01 12:52:07 ----A---- C:\Windows\system32\java.exe
2009-11-28 20:18:02 ----D---- C:\ProgramData\Adobe Systems
2009-11-28 20:17:07 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-11-28 19:50:39 ----D---- C:\Windows\system32\Adobe
2009-11-27 20:55:28 ----A---- C:\Windows\vbaddin.ini
2009-11-27 20:51:39 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2008
2009-11-27 20:51:39 ----D---- C:\Program Files\Microsoft Visual Studio .NET 2005
2009-11-27 20:51:04 ----D---- C:\Program Files\Microsoft Synchronization Services
2009-11-27 20:50:56 ----D---- C:\Program Files\Common Files\DESIGNER
2009-11-27 20:49:45 ----D---- C:\Program Files\Microsoft.NET
2009-11-27 20:49:45 ----D---- C:\Program Files\Microsoft Sync Framework
2009-11-27 20:49:45 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-11-27 20:47:48 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-11-27 20:45:54 ----D---- C:\Program Files\Microsoft Analysis Services
2009-11-27 19:48:26 ----D---- C:\Users\merlin\AppData\Roaming\Usenet.nl
2009-11-27 19:48:13 ----D---- C:\Program Files\Usenet.nl
2009-11-26 04:34:58 ----A---- C:\Windows\system32\tzres.dll
2009-11-25 05:25:29 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 05:25:29 ----A---- C:\Windows\system32\msxml3.dll
2009-11-23 10:39:04 ----A---- C:\FINIS_IT.TXT
2009-11-23 10:33:58 ----D---- C:\Users\merlin\AppData\Roaming\WinBatch
2009-11-21 08:54:05 ----D---- C:\ProgramData\LightScribe
======List of files/folders modified in the last 1 months======
2009-12-18 21:20:51 ----D---- C:\Windows\Prefetch
2009-12-18 21:20:47 ----D---- C:\Windows\Temp
2009-12-18 20:47:26 ----D---- C:\Windows\System32
2009-12-18 20:47:26 ----D---- C:\Windows\inf
2009-12-18 20:47:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-18 02:13:15 ----SD---- C:\ProgramData\Microsoft
2009-12-18 00:10:14 ----RD---- C:\Program Files
2009-12-18 00:10:11 ----D---- C:\ProgramData\Symantec
2009-12-18 00:08:52 ----SHD---- C:\System Volume Information
2009-12-18 00:07:42 ----SHD---- C:\Windows\Installer
2009-12-17 23:18:12 ----D---- C:\Windows\system32\catroot2
2009-12-17 23:08:17 ----D---- C:\Program Files\Common Files
2009-12-17 23:06:31 ----SD---- C:\Windows\Downloaded Program Files
2009-12-17 22:55:32 ----D---- C:\Windows\system32\drivers
2009-12-17 22:55:32 ----D---- C:\ProgramData\Norton
2009-12-17 22:55:28 ----D---- C:\Windows\Tasks
2009-12-17 22:54:36 ----D---- C:\Windows\system32\catroot
2009-12-17 13:54:42 ----D---- C:\Windows\Minidump
2009-12-17 13:54:38 ----D---- C:\Windows
2009-12-16 21:32:54 ----D---- C:\Program Files\Mozilla Firefox
2009-12-15 21:22:31 ----D---- C:\Users\merlin\AppData\Roaming\Vso
2009-12-11 10:10:19 ----D---- C:\Windows\rescache
2009-12-11 09:51:30 ----D---- C:\Windows\system32\migration
2009-12-11 09:51:29 ----D---- C:\Program Files\Internet Explorer
2009-12-11 09:51:27 ----D---- C:\Windows\system32\en-US
2009-12-11 08:03:28 ----D---- C:\Windows\winsxs
2009-12-07 09:19:23 ----SD---- C:\Users\merlin\AppData\Roaming\Microsoft
2009-12-06 06:01:40 ----D---- C:\ProgramData\Webroot
2009-12-05 03:58:10 ----D---- C:\Windows\Microsoft.NET
2009-12-05 03:57:55 ----RSD---- C:\Windows\assembly
2009-12-05 00:20:26 ----HD---- C:\Program Files\Temp
2009-12-04 13:28:31 ----D---- C:\ProgramData\NVIDIA
2009-12-04 13:27:36 ----SHD---- C:\Boot
2009-12-04 13:24:45 ----HD---- C:\ProgramData
2009-12-04 13:21:29 ----D---- C:\Program Files\Windows Mail
2009-12-04 13:21:29 ----D---- C:\Program Files\Windows Calendar
2009-12-04 13:21:29 ----D---- C:\Program Files\Movie Maker
2009-12-04 13:21:28 ----D---- C:\Windows\servicing
2009-12-04 13:21:28 ----D---- C:\Windows\ehome
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Sidebar
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Photo Gallery
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Media Player
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Journal
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Defender
2009-12-04 13:21:28 ----D---- C:\Program Files\Windows Collaboration
2009-12-04 13:21:28 ----D---- C:\Program Files\Common Files\System
2009-12-04 13:21:26 ----D---- C:\Windows\system32\XPSViewer
2009-12-04 13:21:26 ----D---- C:\Windows\system32\sk-SK
2009-12-04 13:21:26 ----D---- C:\Windows\system32\lv-LV
2009-12-04 13:21:26 ----D---- C:\Windows\system32\ko-KR
2009-12-04 13:21:26 ----D---- C:\Windows\system32\hr-HR
2009-12-04 13:21:26 ----D---- C:\Windows\system32\et-EE
2009-12-04 13:21:26 ----D---- C:\Windows\system32\da-DK
2009-12-04 13:21:26 ----D---- C:\Windows\IME
2009-12-04 13:21:25 ----D---- C:\Windows\system32\oobe
2009-12-04 13:21:25 ----D---- C:\Windows\system32\it-IT
2009-12-04 13:21:25 ----D---- C:\Windows\system32\el-GR
2009-12-04 13:21:25 ----D---- C:\Windows\system32\de-DE
2009-12-04 13:21:24 ----D---- C:\Windows\system32\zh-TW
2009-12-04 13:21:24 ----D---- C:\Windows\system32\zh-CN
2009-12-04 13:21:24 ----D---- C:\Windows\system32\uk-UA
2009-12-04 13:21:24 ----D---- C:\Windows\system32\tr-TR
2009-12-04 13:21:24 ----D---- C:\Windows\system32\th-TH
2009-12-04 13:21:24 ----D---- C:\Windows\system32\sv-SE
2009-12-04 13:21:24 ----D---- C:\Windows\system32\sr-Latn-CS
2009-12-04 13:21:24 ----D---- C:\Windows\system32\SLUI
2009-12-04 13:21:24 ----D---- C:\Windows\system32\sl-SI
2009-12-04 13:21:24 ----D---- C:\Windows\system32\setup
2009-12-04 13:21:24 ----D---- C:\Windows\system32\ru-RU
2009-12-04 13:21:24 ----D---- C:\Windows\system32\ro-RO
2009-12-04 13:21:24 ----D---- C:\Windows\system32\pt-PT
2009-12-04 13:21:24 ----D---- C:\Windows\system32\pl-PL
2009-12-04 13:21:24 ----D---- C:\Windows\system32\manifeststore
2009-12-04 13:21:24 ----D---- C:\Windows\system32\ja-JP
2009-12-04 13:21:24 ----D---- C:\Windows\system32\hu-HU
2009-12-04 13:21:24 ----D---- C:\Windows\system32\he-IL
2009-12-04 13:21:24 ----D---- C:\Windows\system32\fr-FR
2009-12-04 13:21:24 ----D---- C:\Windows\system32\fi-FI
2009-12-04 13:21:24 ----D---- C:\Windows\system32\es-ES
2009-12-04 13:21:24 ----D---- C:\Windows\system32\en
2009-12-04 13:21:24 ----D---- C:\Windows\system32\cs-CZ
2009-12-04 13:21:24 ----D---- C:\Windows\system32\bg-BG
2009-12-04 13:21:24 ----D---- C:\Windows\system32\AdvancedInstallers
2009-12-04 13:21:23 ----D---- C:\Windows\system32\wbem
2009-12-04 13:21:23 ----D---- C:\Windows\system32\nl-NL
2009-12-04 13:21:23 ----D---- C:\Windows\system32\nb-NO
2009-12-04 13:21:23 ----D---- C:\Windows\system32\lt-LT
2009-12-04 13:21:23 ----D---- C:\Windows\system32\ar-SA
2009-12-04 13:21:22 ----D---- C:\Windows\system32\pt-BR
2009-12-04 13:21:22 ----D---- C:\Windows\system32\migwiz
2009-12-04 13:21:14 ----RSD---- C:\Windows\Fonts
2009-12-04 13:21:14 ----D---- C:\Windows\AppPatch
2009-12-04 13:21:11 ----D---- C:\Windows\system32\Boot
2009-12-04 13:19:47 ----D---- C:\Windows\system32\RTCOM
2009-12-04 12:53:41 ----D---- C:\Windows\PolicyDefinitions
2009-12-03 18:38:51 ----D---- C:\Windows\system32\Tasks
2009-12-03 18:36:00 ----A---- C:\Windows\DIFxAPI.dll
2009-12-01 15:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-12-01 12:51:58 ----D---- C:\Program Files\Java
2009-11-29 18:35:45 ----HD---- C:\Windows\system32\GroupPolicy
2009-11-28 20:19:16 ----D---- C:\Users\merlin\AppData\Roaming\Adobe
2009-11-28 20:16:47 ----D---- C:\Program Files\Common Files\Adobe
2009-11-28 20:13:49 ----D---- C:\ProgramData\Adobe
2009-11-28 20:13:48 ----D---- C:\Program Files\Adobe
2009-11-27 20:57:32 ----D---- C:\ProgramData\Microsoft Help
2009-11-27 20:52:55 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-27 20:52:31 ----D---- C:\Program Files\MSBuild
2009-11-27 20:51:03 ----D---- C:\Windows\ShellNew
2009-11-27 20:49:50 ----D---- C:\Program Files\Microsoft Office
2009-11-27 20:46:19 ----A---- C:\Windows\win.ini
2009-11-27 16:53:58 ----D---- C:\Program Files\DVDFab Platinum 3
2009-11-27 16:50:51 ----A---- C:\Users\merlin\AppData\Roaming\ezpinst.exe
2009-11-23 10:46:45 ----HD---- C:\hp
2009-11-23 10:46:21 ----D---- C:\ProgramData\Hewlett-Packard
2009-11-23 10:45:49 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-23 10:44:33 ----D---- C:\Program Files\Hewlett-Packard
2009-11-23 10:44:06 ----D---- C:\ProgramData\Temp
2009-11-23 10:38:18 ----RD---- C:\Program Files\Online Services
2009-11-23 10:37:38 ----RD---- C:\Users
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 pwipf6;Privacyware Filter Driver; C:\Windows\system32\DRIVERS\pwipf6.sys [2009-11-21 102224]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-10-22 279712]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-10-22 25888]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-01-20 1205312]
R3 athrusb;Atheros Wireless LAN USB device driver; C:\Windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-03-08 7764960]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-10-27 47360]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 PCDSRVC{4F253FFC-7957E8FC-06000000}_0;PCDSRVC{4F253FFC-7957E8FC-06000000}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\pc-doctor for windows\pcdsrvc.pkms [2009-02-02 20848]
S3 rcmirror;rcmirror; C:\Windows\system32\DRIVERS\rcmirror.sys [2008-10-08 3328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2008-11-12 133152]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2008-05-22 15360]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-20 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-12-04 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-03-08 207392]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-06 4048240]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-11-21 1201640]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-08-21 4639136]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-11-28 72704]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe [2008-12-08 242424]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-22 182768]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2009-08-21 30510960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-08-21 149352]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-12-18 21:20:53
======Uninstall list======
-->"C:\Program Files\HP Games\18 Wheels of Steel - American Long Haul\Uninstall.exe"
-->"C:\Program Files\HP Games\4 Elements\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled Twist\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Bus Driver\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash Hometown Hero\Uninstall.exe"
-->"C:\Program Files\HP Games\Dream Chronicles 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Farm Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE Undiscovered Realms\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjongg Artifacts\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery P.I. - The Vegas Heist\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars III\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\The Hidden Object Game Show\Uninstall.exe"
-->"C:\Program Files\HP Games\The Price is Right\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune 2\Uninstall.exe"
-->"C:\Program Files\HP Games\World of Goo\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Agere Systems PCI-SV92EX Soft Modem-->C:\Windows\agrsmdel
Any Video Converter 3.0.1-->"C:\Program Files\AnvSoft\Any Video Converter\unins000.exe"
Ask.com Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Belkin Wireless USB Utility-->C:\Program Files\InstallShield Installation Information\{A6359CCF-215D-43D9-8366-479D231F2A72}\setup.exe -runfromtemp -l0x0409
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
CyberLink DVD Suite Deluxe-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" /z-uninstall
Default Manager-->MsiExec.exe /I{AE469025-08BA-4B2A-915D-CC7765132419}
DVDFab Platinum 3.0.1.3-->"C:\Program Files\DVDFab Platinum 3\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor for Windows\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{0295F89F-F698-4101-9A7D-49F407EC2D82}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B84739A3-F943-47E4-95D8-96381EF5AC48}\setup.exe" -l0x9 -removeonly
HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP Recovery Manager RSS-->MsiExec.exe /X{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
HP Total Care Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{784BEA84-FA66-4B19-BB80-7B545F248AC6}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{47F36D92-E58E-456D-B73C-3382737E4C42}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Live Search Toolbar-->c:\Program Files\MSN\Toolbar\3.0.0552.0\OEMSetup.exe /Uninstall
Microsoft Live Search Toolbar-->MsiExec.exe /X{25A9983D-4BE4-4B25-B66A-1434ECB926A7}
Microsoft Office Access MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office InfoPath MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0044-0409-0000-0000000FF1CE}
Microsoft Office Mondo 2010 (Beta)-->MsiExec.exe /X{20140000-000F-0000-0000-0000000FF1CE}
Microsoft Office Mondo 2010-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall MONDO /dll OSETUP.DLL
Microsoft Office MondoOnly MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0102-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Project MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010 (Beta)-->MsiExec.exe /X{20140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010 (Beta)-->MsiExec.exe /X{20140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0115-0409-0000-0000000FF1CE}
Microsoft Office SharePoint Designer MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0017-0409-0000-0000000FF1CE}
Microsoft Office Visio MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-0054-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010 (Beta)-->MsiExec.exe /X{20140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.5.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
My Web Search (My Web Face)-->rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsbar.dll,O
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
PictureMover-->MsiExec.exe /X{1896E712-2B3D-45eb-BCE9-542742A51032}
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.6 pywin32-212-->"C:\program files\Python\Removepywin32.exe" -u "C:\program files\Python\pywin32-wininst.log"
Python 2.6.1-->MsiExec.exe /I{9CC89170-000B-457D-91F1-53691F85B223}
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
The Witcher Enhanced Edition-->"C:\Program Files\InstallShield Installation Information\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}\setup.exe" -runfromtemp -l0x0009 -removeonly
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Usenet.nl-->"C:\Program Files\Usenet.nl\unins000.exe"
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Webroot Internet Security Essentials-->"C:\Program Files\Webroot\WebrootSecurity\unins001.exe" /Log="C:\Users\merlin\AppData\Local\Temp\Uninstall.txt"
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
=====HijackThis Backups=====
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file) [2009-12-17]
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredi ... p=GRfox000 [2009-12-17]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab [2009-12-17]
O15 - Trusted Zone:
http://www.nexusradio.com [2009-12-17]
O4 - HKLM\..\Run: [MyWebSearch Plugin] "rundll32" C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF [2009-12-17]
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe" [2009-12-17]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-12-17]
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=2 /w /h [2009-12-17]
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) [2009-12-17]
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 11567
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018060759.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 11535
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018060759.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 11530
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018060759.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 11527
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018060759.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: merlin-PC
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB948610(Update) into Install Requested(Install Requested) state
Record Number: 11523
Source Name: Microsoft-Windows-Servicing
Time Written: 20091018060759.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: merlin-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 822
Source Name: Microsoft-Windows-WMI
Time Written: 20091018054057.000000-000
Event Type: Error
User:
Computer Name: merlin-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 796
Source Name: Microsoft-Windows-WMI
Time Written: 20091018053242.000000-000
Event Type: Error
User:
Computer Name: merlin-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {91bd61cb-2475-4bbc-a819-a9ad70ccb58f}
Record Number: 744
Source Name: VSS
Time Written: 20091018052201.000000-000
Event Type: Error
User:
Computer Name: merlin-PC
Event Code: 0
Message: The remote name could not be resolved: 'www.rssx.hp.com' at System.Net.HttpWebRequest.GetResponse()
at TotalCareSetup.Common.InternetDetector.HttpUtility.GetIsNetworkUseful()
Record Number: 415
Source Name: Network not useful. Exception. HP AdvisorUpdate
Time Written: 20091018051645.000000-000
Event Type: Error
User:
Computer Name: WIN-NBORAZN3YX1
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.
Record Number: 316
Source Name: Microsoft-Windows-Search
Time Written: 20091018050117.000000-000
Event Type: Warning
User:
=====Security event log=====
Computer Name: WIN-NBORAZN3YX1
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: WIN-NBORAZN3YX1$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x264
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 233
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090518205509.979936-000
Event Type: Audit Success
User:
Computer Name: WIN-NBORAZN3YX1
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 232
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090518205509.823936-000
Event Type: Audit Success
User:
Computer Name: WIN-NBORAZN3YX1
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: WIN-NBORAZN3YX1$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x264
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 231
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090518205509.823936-000
Event Type: Audit Success
User:
Computer Name: WIN-NBORAZN3YX1
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: WIN-NBORAZN3YX1$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x264
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 230
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090518205509.823936-000
Event Type: Audit Success
User:
Computer Name: WIN-NBORAZN3YX1
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-1162322507-2519668355-3147520138-500
Account Name: Administrator
Domain Name: WIN-NBORAZN3YX1
Logon ID: 0x2ed2d
Record Number: 229
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090518205503.381136-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Python
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 2 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=0203
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=HPD
"PCBRAND"=Presario
"MSWorksProductCode"={15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
-----------------EOF-----------------
Please remember, the ask.com toolbar and My Web Search (My Web Face) are still there. I still don’t know how to go into administrator mode or whatever it is you asked me to do. (remember, I right clicked everywhere and couldn’t figure out how to do it?) So, maybe things are still running slow because of that. I don’t know.
Thank you,
Merlin1963