Logfile of random's system information tool 1.05 (written by random/random)
Run by Julia at 2008-12-28 12:05:58
Microsoft® Windows Vista™ Ultimate
System drive C: has 25 GB (49%) free of 50 GB
Total RAM: 2038 MB (41% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:59, on 28/12/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
F:\Users\Julia\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Julia.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Windows logon process] C:\Users\Julia\AppData\Roaming\Microsoft\Windows\winlogon.exe
O4 - HKCU\..\Run: [Internet Antivirus Pro] "c:\program files\Internet Antivirus Pro\IAPro.exe" /s
O4 - HKCU\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/binFrameWork/v10/St ... b55579.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) -
http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cabO16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/binframework/v10/ZP ... b55579.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cabO16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) -
http://zone.msn.com/bingame/zpagames/GA ... b60096.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) -
http://zone.msn.com/binframework/v10/St ... b55579.cabO22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Guard Service (ITGrdEngine) - Unknown owner - C:\Users\Julia\AppData\Local\Microsoft\Windows\services.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
--
End of file - 8281 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
C:\Windows\tasks\Norton Security Scan for Julia.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll [2008-09-02 398768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-12-09 2403392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{B7D3E479-CC68-42B5-A338-938ECE35F419} - iMesh MediaBar - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll [2008-09-02 529840]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-12-09 2403392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-10-26 1006264]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-10-26 1232896]
"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2006-11-02 2159104]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-06-20 451872]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ares"=C:\Program Files\Ares\Ares.exe -h []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-12-09 171448]
"Microsoft Windows logon process"=C:\Users\Julia\AppData\Roaming\Microsoft\Windows\winlogon.exe []
"Internet Antivirus Pro"=c:\program files\Internet Antivirus Pro\IAPro.exe [2008-12-12 1477120]
"MsgCenterExe"=C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe -osboot []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll [2008-10-26 233888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2008-12-28 12:05:58 ----D---- C:\rsit
2008-12-26 22:23:45 ----D---- C:\ProgramData\2D2AB
2008-12-26 02:41:33 ----D---- C:\ProgramData\21244
2008-12-25 15:26:41 ----D---- C:\ProgramData\293BF
2008-12-25 12:52:40 ----D---- C:\Program Files\Trend Micro
2008-12-24 19:22:33 ----D---- C:\Windows\de-DE
2008-12-24 19:22:07 ----D---- C:\Windows\system32\0407
2008-12-24 19:21:59 ----D---- C:\Windows\system32\de
2008-12-24 17:55:01 ----A---- C:\Windows\system32\msvcr71.dll
2008-12-24 17:55:01 ----A---- C:\Windows\system32\msvcp71.dll
2008-12-24 16:08:33 ----D---- C:\ProgramData\21F0
2008-12-23 15:01:13 ----D---- C:\ProgramData\D15
2008-12-23 11:58:38 ----D---- C:\ProgramData\26A6
2008-12-22 18:45:19 ----D---- C:\ProgramData\13186
2008-12-21 00:28:24 ----D---- C:\ProgramData\186C
2008-12-21 00:25:52 ----D---- C:\ProgramData\341AF
2008-12-20 03:12:48 ----D---- C:\Windows\system32\appmgmt
2008-12-19 22:16:02 ----A---- C:\Windows\system32\mshtml.dll
2008-12-18 10:33:21 ----D---- C:\ProgramData\1511C
2008-12-15 13:32:28 ----D---- C:\Users\Julia\AppData\Roaming\WinRAR
2008-12-15 13:07:01 ----D---- C:\Program Files\WinRAR
2008-12-12 09:07:55 ----D---- C:\ProgramData\Symantec
2008-12-12 08:28:42 ----A---- C:\Windows\system32\log.txt
2008-12-12 08:28:31 ----D---- C:\Users\Julia\AppData\Roaming\Internet Antivirus Pro
2008-12-12 08:28:28 ----D---- C:\Program Files\Internet Antivirus Pro
2008-12-10 19:02:16 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 11:30:10 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 11:30:06 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 11:30:06 ----A---- C:\Windows\system32\gameux.dll
2008-12-10 11:30:06 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 11:29:58 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 11:29:44 ----A---- C:\Windows\explorer.exe
2008-12-10 11:29:39 ----A---- C:\Windows\system32\wininet.dll
2008-12-10 11:29:39 ----A---- C:\Windows\system32\urlmon.dll
2008-12-10 11:29:39 ----A---- C:\Windows\system32\mshtmled.dll
2008-12-10 11:29:39 ----A---- C:\Windows\system32\ieframe.dll
2008-12-10 11:29:38 ----A---- C:\Windows\system32\pngfilt.dll
2008-12-10 11:29:38 ----A---- C:\Windows\system32\mstime.dll
2008-12-10 11:29:38 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-10 11:29:38 ----A---- C:\Windows\system32\ieUnatt.exe
2008-12-10 11:29:38 ----A---- C:\Windows\system32\ieui.dll
2008-12-10 11:29:38 ----A---- C:\Windows\system32\iesetup.dll
2008-12-10 11:29:38 ----A---- C:\Windows\system32\iertutil.dll
2008-12-10 11:29:38 ----A---- C:\Windows\system32\iernonce.dll
2008-12-10 11:29:38 ----A---- C:\Windows\system32\ieapfltr.dll
2008-12-10 11:29:38 ----A---- C:\Windows\system32\ie4uinit.exe
2008-12-10 11:29:38 ----A---- C:\Windows\system32\icardie.dll
2008-12-10 11:29:38 ----A---- C:\Windows\system32\dxtrans.dll
2008-12-10 11:29:38 ----A---- C:\Windows\system32\dxtmsft.dll
2008-12-10 11:29:38 ----A---- C:\Windows\system32\advpack.dll
2008-12-10 11:29:33 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 11:29:33 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 11:29:33 ----A---- C:\Windows\system32\rrinstaller.exe
2008-12-10 11:29:33 ----A---- C:\Windows\system32\mfps.dll
2008-12-10 11:29:33 ----A---- C:\Windows\system32\mf.dll
2008-12-10 11:29:33 ----A---- C:\Windows\system32\logagent.exe
2008-12-10 11:29:32 ----A---- C:\Windows\system32\mfpmp.exe
2008-12-10 11:29:32 ----A---- C:\Windows\system32\mferror.dll
2008-12-10 01:09:32 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-10 01:09:27 ----D---- C:\Program Files\Norton Security Scan
2008-12-09 23:27:05 ----D---- C:\Program Files\PICgrabber G2
2008-12-09 22:08:38 ----D---- C:\Windows\system32\Adobe
2008-12-09 01:44:55 ----D---- C:\Users\Julia\AppData\Roaming\Google
2008-12-09 01:44:44 ----A---- C:\Windows\cdplayer.ini
2008-12-09 01:41:15 ----D---- C:\Users\Julia\AppData\Roaming\Real
2008-12-09 01:41:15 ----D---- C:\Program Files\Common Files\Real
2008-12-09 01:40:47 ----D---- C:\ProgramData\Google
2008-12-09 01:40:42 ----D---- C:\Program Files\Google
2008-12-07 00:33:45 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-01 21:49:18 ----D---- C:\ProgramData\127A
2008-11-29 01:17:08 ----D---- C:\Program Files\PhotoScape
======List of files/folders modified in the last 1 months======
2008-12-28 12:05:59 ----D---- C:\Windows\Prefetch
2008-12-28 12:05:53 ----D---- C:\Windows\Temp
2008-12-28 02:10:06 ----RD---- C:\Program Files
2008-12-28 02:09:45 ----D---- C:\Program Files\iMesh Applications
2008-12-28 02:03:22 ----SHD---- C:\System Volume Information
2008-12-26 22:23:45 ----HD---- C:\ProgramData
2008-12-25 19:01:41 ----D---- C:\Windows\winsxs
2008-12-25 19:01:30 ----D---- C:\Windows\system32\de-DE
2008-12-25 19:01:27 ----D---- C:\Windows\system32\catroot
2008-12-24 19:29:58 ----D---- C:\Windows\system32\catroot2
2008-12-24 19:29:20 ----D---- C:\Windows\rescache
2008-12-24 19:23:53 ----D---- C:\Windows\System32
2008-12-24 19:23:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-24 19:23:14 ----D---- C:\Windows
2008-12-24 19:22:36 ----D---- C:\Program Files\Windows Sidebar
2008-12-24 19:22:36 ----D---- C:\Program Files\Windows Mail
2008-12-24 19:22:36 ----D---- C:\Program Files\Windows Calendar
2008-12-24 19:22:36 ----D---- C:\Program Files\Movie Maker
2008-12-24 19:22:34 ----D---- C:\Program Files\Windows Photo Gallery
2008-12-24 19:22:34 ----D---- C:\Program Files\Windows Media Player
2008-12-24 19:22:34 ----D---- C:\Program Files\Windows Journal
2008-12-24 19:22:34 ----D---- C:\Program Files\Windows Collaboration
2008-12-24 19:22:34 ----D---- C:\Program Files\Internet Explorer
2008-12-24 19:22:34 ----D---- C:\Program Files\Common Files\System
2008-12-24 19:22:33 ----D---- C:\Windows\servicing
2008-12-24 19:22:33 ----D---- C:\Program Files\Windows Defender
2008-12-24 19:22:31 ----D---- C:\Windows\WindowsMobile
2008-12-24 19:22:31 ----D---- C:\Windows\MSAgent
2008-12-24 19:22:31 ----D---- C:\Windows\inf
2008-12-24 19:22:31 ----D---- C:\Windows\IME
2008-12-24 19:22:31 ----D---- C:\Windows\ehome
2008-12-24 19:22:31 ----D---- C:\Windows\DigitalLocker
2008-12-24 19:22:30 ----D---- C:\Windows\system32\winrm
2008-12-24 19:22:30 ----D---- C:\Windows\system32\oobe
2008-12-24 19:22:30 ----D---- C:\Windows\system32\migwiz
2008-12-24 19:22:30 ----D---- C:\Windows\system32\Branding
2008-12-24 19:22:30 ----D---- C:\Windows\PolicyDefinitions
2008-12-24 19:22:07 ----D---- C:\Windows\system32\XPSViewer
2008-12-24 19:22:07 ----D---- C:\Windows\system32\sysprep
2008-12-24 19:22:07 ----D---- C:\Windows\system32\slmgr
2008-12-24 19:22:07 ----D---- C:\Windows\system32\setup
2008-12-24 19:22:07 ----D---- C:\Windows\system32\migration
2008-12-24 19:22:07 ----D---- C:\Windows\system32\Boot
2008-12-24 19:22:05 ----D---- C:\Windows\system32\WCN
2008-12-24 19:22:05 ----D---- C:\Windows\system32\MUI
2008-12-24 19:22:05 ----D---- C:\Windows\system32\drivers
2008-12-24 19:21:59 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2008-12-24 19:21:59 ----D---- C:\Windows\system32\DriverStore
2008-12-24 19:21:58 ----D---- C:\Windows\system32\wbem
2008-12-24 19:21:49 ----D---- C:\Windows\system32\com
2008-12-24 19:21:48 ----D---- C:\Windows\AppPatch
2008-12-24 18:49:24 ----SD---- C:\Users\Julia\AppData\Roaming\Microsoft
2008-12-24 18:30:49 ----D---- C:\Program Files\Common Files
2008-12-24 17:53:28 ----SD---- C:\Windows\Downloaded Program Files
2008-12-20 12:31:16 ----SHD---- C:\Windows\Installer
2008-12-20 03:11:50 ----D---- C:\Windows\system32\Macromed
2008-12-16 23:58:24 ----D---- C:\Windows\system32\WDI
2008-12-12 08:30:07 ----D---- C:\Windows\system32\Tasks
2008-12-10 19:40:10 ----D---- C:\Windows\Tasks
2008-12-10 19:39:51 ----ASH---- C:\Program Files\desktop.ini
2008-12-10 19:10:04 ----D---- C:\Windows\system32\en-US
2008-12-10 19:04:43 ----D---- C:\ProgramData\Microsoft Help
2008-12-10 00:24:37 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-10-26 320000]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-10-26 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-10-26 29184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-10-26 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-19 2251776]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-01-15 70144]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 62464]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-10-26 11264]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-10-26 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-26 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-26 151297]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 ITGrdEngine;Guard Service; C:\Users\Julia\AppData\Local\Microsoft\Windows\services.exe [2008-12-12 201216]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-09 138168]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2008-12-28 12:06:01
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IC4xVenza.INF
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MediaBar 2.0-->C:\Program Files\iMesh Applications\iMesh MediaBar\Uninstall.exe
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Nero 7 Essentials-->MsiExec.exe /X{BC61F51E-8AF7-46B9-AF20-B33B5EE81033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{3FADAA19-E595-44CA-A072-58B6B0851768}
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Ultimate Extras sounds from Microsoft® Tinker™-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound2.inf,Uninstall
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
Windows Vista Battery Sidebar Gadget-->MsiExec.exe /I{F2996FC2-47B9-409E-9442-C89390D49D8E}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
======Security center information======
AV: Avira AntiVir PersonalEdition
AS: Windows Defender
System event log
Computer Name: Julia-PC
Event Code: 104
Message: The service is publishing to the network.
Record Number: 32073
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20081228110315.076400-000
Event Type: Information
User: NT AUTHORITY\LOCAL SERVICE
Computer Name: Julia-PC
Event Code: 6013
Message: The system uptime is 150291 seconds.
Record Number: 32074
Source Name: EventLog
Time Written: 20081228110324.000000-000
Event Type: Information
User:
Computer Name: Julia-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 32075
Source Name: Service Control Manager
Time Written: 20081228110328.000000-000
Event Type: Information
User:
Computer Name: Julia-PC
Event Code: 10029
Message: DCOM started the service TrustedInstaller with arguments "" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 32076
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20081228110334.000000-000
Event Type: Information
User:
Computer Name: Julia-PC
Event Code: 7036
Message: The Windows Modules Installer service entered the running state.
Record Number: 32077
Source Name: Service Control Manager
Time Written: 20081228110334.000000-000
Event Type: Information
User:
Application event log
Computer Name: Julia-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b9e3cf34-2715-4be4-a21b-cb14e8bf91fb}
Record Number: 4378
Source Name: VSS
Time Written: 20081228010052.000000-000
Event Type: Error
User:
Computer Name: Julia-PC
Event Code: 8194
Message: Successfully created restore point (Process = C:\Windows\System32\svchost.exe -k secsvcs; Description = Windows Defender Checkpoint).
Record Number: 4379
Source Name: System Restore
Time Written: 20081228010117.000000-000
Event Type: Information
User:
Computer Name: Julia-PC
Event Code: 8194
Message: Successfully created restore point (Process = C:\Windows\System32\svchost.exe -k secsvcs; Description = Windows Defender Checkpoint).
Record Number: 4380
Source Name: System Restore
Time Written: 20081228010117.000000-000
Event Type: Information
User:
Computer Name: Julia-PC
Event Code: 103
Message: msnmsgr (5228) \\.\C:\Users\Julia\AppData\Local\Microsoft\Messenger\julia_ellul@hotmail.com\SharingMetadata\Working\database_6696_E8EF_96E8_C123\dfsr.db: The database engine stopped the instance (0).
Record Number: 4381
Source Name: ESENT
Time Written: 20081228014954.000000-000
Event Type: Information
User:
Computer Name: Julia-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 4382
Source Name: LightScribeService
Time Written: 20081228110600.000000-000
Event Type: Information
User:
Security event log
Computer Name: Julia-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Error Code: 2
Record Number: 9994
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081228110306.621200-000
Event Type: Audit Failure
User:
Computer Name: Julia-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Error Code: 2
Record Number: 9995
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081228110306.621200-000
Event Type: Audit Failure
User:
Computer Name: Julia-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: JULIA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x27c
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 9996
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081228110334.467200-000
Event Type: Audit Success
User:
Computer Name: Julia-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: JULIA-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x27c
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 9997
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081228110334.467200-000
Event Type: Audit Success
User:
Computer Name: Julia-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 9998
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081228110334.467200-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
-----------------EOF-----------------