hello
here is the info you requested.
MGADiag.txt Diagnostic Report (1.9.0019.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: 0x0
Windows Product Key: *****-*****-CHXJV-9XGG6-RVMPJ
Windows Product Key Hash: gkcRh+5kGah2JLCUA9UMv+Syu3A=
Windows Product ID: 89578-OEM-7318853-14070
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.0.6000.2.00010300.0.0.003
ID: {C38EB430-CD2A-4FC7-BB6A-42735FE7B146}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6000.vista_gdr.090805-0102
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398
WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
2007 Microsoft Office system - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_B4D0AA8B-920-80070057
Browser Data-->
Proxy settings: http=127.0.0.1:5555
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{C38EB430-CD2A-4FC7-BB6A-42735FE7B146}</UGUID><Version>1.9.0019.0</Version><OS>6.0.6000.2.00010300.0.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-RVMPJ</PKey><PID>89578-OEM-7318853-14070</PID><PIDType>3</PIDType><SID>S-1-5-21-1924072367-3181390333-750806620</SID><SYSTEM><Manufacturer>To Be Filled By O.E.M.</Manufacturer><Model>Z96JS</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080012 </Version><SMBIOSVersion major="2" minor="4"/><Date>20060714000000.000000+000</Date></BIOS><HWID>4D323507018400EA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>30A73EDE1A8F714</Val><Hash>qJ7abq7x9e+9P9SCcAk14n3U1DQ=</Hash><Pid>81602-906-7124824-68232</Pid><PidType>1</PidType></Product><Product GUID="{91120000-0031-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>2007 Microsoft Office system</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.0.6000.16509
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_COA_NSLP channel
Activation ID: f3acdd3c-119a-4932-a3d7-0b6f33a1dca9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-188-514070-02-1033-6000.0000-0322007
Installation ID: 235893073970615502378806411081749944501845314382356742
Processor Certificate URL:
http://go.microsoft.com/fwlink/?LinkId=57201Machine Certificate URL:
http://go.microsoft.com/fwlink/?LinkId=57203Use License URL:
http://go.microsoft.com/fwlink/?LinkId=57205Product Key Certificate URL:
http://go.microsoft.com/fwlink/?LinkId=57204Partial Product Key: RVMPJ
License Status: Licensed
Windows Activation Technologies-->
N/A
HWID Data-->
HWID Hash Current: OgAAAAEABQABAAEAAQABAAAABAABAAEAnJ+CxNz8YqdQr8ItkJTqTky+whXy9NQVwfW4geYArFYqhQ==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC A M I OEMAPIC
FACP A M I OEMFACP
MCFG A M I OEMMCFG
OEMB A M I AMI_OEM
TCPA A M I TBLOEMID
Log.txtLogfile of random's system information tool 1.06 (written by random/random)
Run by Margie at 2010-02-03 22:01:47
Microsoft® Windows Vista™ Home Premium
System drive C: has 52 GB (45%) free of 114 GB
Total RAM: 1023 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:18 PM, on 2/3/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16982)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\ATK0100\HControl.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ATK0100\ATKOSD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Users\Margie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Margie.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HControl] C:\Windows\ATK0100\HControl.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US
ee://aol/imAppO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpzrcv01.LNK = C:\Program Files\HP\Temp\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzstub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6149 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-03-02 501384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-04-11 1006264]
"HControl"=C:\Windows\ATK0100\HControl.exe [2006-04-17 110592]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-01 4186112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0\bin\jusched.exe [2007-03-02 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-22 107112]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-11-28 134808]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-09 1232896]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2007-10-04 50528]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2008-07-21 2752512]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
hpzrcv01.LNK - C:\Program Files\HP\Temp\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzstub.exe
C:\Users\Margie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\SAV/setup.exe -q
======File associations======
.scr - open - "%1" %*
======List of files/folders created in the last 1 months======
2010-02-03 22:01:47 ----D---- C:\rsit
2010-02-03 21:57:40 ----D---- C:\MGADiagToolOutput
2010-02-03 21:56:41 ----D---- C:\ProgramData\Office Genuine Advantage
2010-01-28 21:29:36 ----D---- C:\Boot
2010-01-28 18:32:58 ----SHD---- C:\$RECYCLE.BIN
2010-01-28 16:37:09 ----D---- C:\$UPGRADE.~OS
2010-01-22 14:32:15 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 14:32:13 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 14:32:10 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 14:32:07 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 14:32:03 ----A---- C:\Windows\system32\mstime.dll
2010-01-22 14:32:03 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-22 14:32:02 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 14:32:02 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 14:32:02 ----A---- C:\Windows\system32\dxtmsft.dll
2010-01-22 14:32:01 ----A---- C:\Windows\system32\occache.dll
2010-01-22 14:32:01 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 14:32:00 ----A---- C:\Windows\system32\mshtmled.dll
2010-01-22 14:32:00 ----A---- C:\Windows\system32\ieencode.dll
2010-01-22 14:32:00 ----A---- C:\Windows\system32\ieaksie.dll
2010-01-22 14:32:00 ----A---- C:\Windows\system32\icardie.dll
2010-01-22 14:32:00 ----A---- C:\Windows\system32\dxtrans.dll
2010-01-22 14:31:59 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 14:31:58 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 14:31:58 ----A---- C:\Windows\system32\advpack.dll
2010-01-22 14:31:58 ----A---- C:\Windows\system32\admparse.dll
2010-01-22 14:31:57 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 14:31:57 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 14:31:57 ----A---- C:\Windows\system32\iernonce.dll
2010-01-22 14:31:57 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-22 14:31:56 ----A---- C:\Windows\system32\pngfilt.dll
2010-01-22 14:31:55 ----A---- C:\Windows\system32\mshtmler.dll
2010-01-22 14:31:55 ----A---- C:\Windows\system32\ieakui.dll
2010-01-13 03:09:36 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 03:09:34 ----A---- C:\Windows\system32\lpk.dll
2010-01-13 03:09:34 ----A---- C:\Windows\system32\fontsub.dll
2010-01-13 03:09:33 ----A---- C:\Windows\system32\dciman32.dll
2010-01-13 03:09:33 ----A---- C:\Windows\system32\atmfd.dll
2010-01-13 03:09:32 ----A---- C:\Windows\system32\atmlib.dll
======List of files/folders modified in the last 1 months======
2010-02-03 22:02:00 ----D---- C:\Windows\Temp
2010-02-03 22:01:59 ----D---- C:\Windows\Prefetch
2010-02-03 21:56:41 ----HD---- C:\ProgramData
2010-02-03 19:15:55 ----D---- C:\Windows
2010-02-03 19:15:39 ----SHD---- C:\System Volume Information
2010-02-02 00:01:14 ----D---- C:\Windows\system32\catroot2
2010-01-28 21:29:22 ----D---- C:\Windows\system32\Tasks
2010-01-28 21:29:22 ----D---- C:\Windows\Registration
2010-01-28 21:29:06 ----D---- C:\Users\Margie\AppData\Roaming\Winamp
2010-01-28 21:29:06 ----D---- C:\Users\Margie\AppData\Roaming\Ventrilo
2010-01-28 21:29:06 ----D---- C:\Users\Margie\AppData\Roaming\SPORE Creature Creator
2010-01-28 21:29:05 ----D---- C:\Users\Margie\AppData\Roaming\SPORE
2010-01-28 21:28:29 ----D---- C:\Windows\Tasks
2010-01-28 21:28:29 ----D---- C:\Windows\system32\zh-TW
2010-01-28 21:28:29 ----D---- C:\Windows\system32\zh-CN
2010-01-28 21:28:29 ----D---- C:\Windows\system32\wfp
2010-01-28 21:28:29 ----D---- C:\Windows\system32\tr-TR
2010-01-28 21:28:29 ----D---- C:\Windows\system32\sysprep
2010-01-28 21:28:29 ----D---- C:\Windows\system32\sv-SE
2010-01-28 21:28:26 ----D---- C:\Windows\system32\spool
2010-01-28 21:28:26 ----D---- C:\Windows\system32\ru-RU
2010-01-28 21:28:26 ----D---- C:\Windows\system32\pt-PT
2010-01-28 21:28:26 ----D---- C:\Windows\system32\pt-BR
2010-01-28 21:28:26 ----D---- C:\Windows\system32\pl-PL
2010-01-28 21:28:26 ----D---- C:\Windows\system32\nl-NL
2010-01-28 21:28:26 ----D---- C:\Windows\system32\NDF
2010-01-28 21:28:26 ----D---- C:\Windows\system32\nb-NO
2010-01-28 21:28:26 ----D---- C:\Windows\system32\ko-KR
2010-01-28 21:28:26 ----D---- C:\Windows\system32\ja-JP
2010-01-28 21:28:26 ----D---- C:\Windows\system32\it-IT
2010-01-28 21:28:26 ----D---- C:\Windows\system32\hu-HU
2010-01-28 21:28:26 ----D---- C:\Windows\system32\he-IL
2010-01-28 21:28:26 ----D---- C:\Windows\system32\fr-FR
2010-01-28 21:28:26 ----D---- C:\Windows\system32\fi-FI
2010-01-28 21:28:26 ----D---- C:\Windows\system32\es-ES
2010-01-28 21:28:26 ----D---- C:\Windows\system32\en-US
2010-01-28 21:28:25 ----D---- C:\Windows\system32\el-GR
2010-01-28 21:28:25 ----D---- C:\Windows\system32\drivers
2010-01-28 21:28:25 ----D---- C:\Windows\system32\de-DE
2010-01-28 21:28:25 ----D---- C:\Windows\system32\da-DK
2010-01-28 21:28:25 ----D---- C:\Windows\system32\cs-CZ
2010-01-28 21:28:25 ----D---- C:\Windows\system32\CodeIntegrity
2010-01-28 21:28:25 ----D---- C:\Windows\system32\ar-SA
2010-01-28 21:28:25 ----D---- C:\Windows\System32
2010-01-28 21:28:23 ----D---- C:\Windows\ShellNew
2010-01-28 21:28:22 ----D---- C:\Windows\MSAgent
2010-01-28 21:28:21 ----RSD---- C:\Windows\Media
2010-01-28 21:28:21 ----D---- C:\Windows\Logs
2010-01-28 21:28:20 ----SHD---- C:\Windows\Installer
2010-01-28 21:28:20 ----D---- C:\Windows\inf
2010-01-28 21:28:19 ----RSD---- C:\Windows\Fonts
2010-01-28 21:28:19 ----D---- C:\Windows\IME
2010-01-28 21:28:17 ----SD---- C:\Windows\Downloaded Program Files
2010-01-28 21:28:17 ----D---- C:\Windows\en-US
2010-01-28 21:28:17 ----D---- C:\Windows\ehome
2010-01-28 21:28:04 ----D---- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2010-01-28 21:28:01 ----D---- C:\ProgramData\SiteAdvisor
2010-01-28 21:28:01 ----D---- C:\ProgramData\Microsoft Help
2010-01-28 21:27:50 ----D---- C:\Program Files\wlkbuddy
2010-01-28 21:27:50 ----D---- C:\Program Files\Windows Media Player
2010-01-28 21:27:44 ----D---- C:\Program Files\Winamp
2010-01-28 21:27:43 ----D---- C:\Program Files\Ventrilo
2010-01-28 21:27:43 ----D---- C:\Program Files\TGA Convert
2010-01-28 21:27:43 ----D---- C:\Program Files\Symantec AntiVirus
2010-01-28 21:27:43 ----D---- C:\Program Files\Symantec
2010-01-28 21:27:40 ----D---- C:\Program Files\Microsoft Works
2010-01-28 21:27:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-28 21:27:12 ----D---- C:\Program Files\DivX
2010-01-28 21:27:12 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-28 21:27:11 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-01-28 21:27:11 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-01-28 21:27:07 ----D---- C:\Program Files\Common Files\DESIGNER
2010-01-28 21:27:04 ----D---- C:\Program Files\CCleaner
2010-01-28 21:27:02 ----D---- C:\Program Files\ATI Technologies
2010-01-28 21:26:56 ----D---- C:\Program Files\AIM6
2010-01-28 21:26:52 ----D---- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2010-01-28 21:26:51 ----D---- C:\Windows\system32\Msdtc
2010-01-28 21:19:04 ----D---- C:\Program Files\Trend Micro
2010-01-28 21:05:34 ----RAS---- C:\BOOTSECT.BAK
2010-01-28 20:41:24 ----D---- C:\Windows\system32\config
2010-01-28 20:07:12 ----D---- C:\Program Files\Mozilla Firefox
2010-01-28 20:06:13 ----D---- C:\Windows\system32\LogFiles
2010-01-28 20:06:07 ----D---- C:\Windows\Minidump
2010-01-28 20:06:07 ----D---- C:\Windows\Debug
2010-01-28 17:33:36 ----D---- C:\OEMLOGO
2010-01-23 03:19:47 ----D---- C:\Windows\system32\migration
2010-01-23 03:19:47 ----D---- C:\Program Files\Internet Explorer
2010-01-23 03:19:41 ----D---- C:\Windows\AppPatch
2010-01-23 03:03:43 ----D---- C:\Windows\winsxs
2010-01-22 14:24:28 ----D---- C:\Windows\system32\catroot
2010-01-14 22:22:15 ----D---- C:\Program Files\Windows Mail
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-04 19:17:46 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-27 371248]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2006-10-06 406672]
R1 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2006-11-22 247144]
R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2006-11-22 25448]
R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2006-10-26 185744]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-06-11 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-06-11 29184]
R3 Cam5603D;BisonCam, NB Pro; C:\Windows\System32\Drivers\BisonCam.sys [2006-11-30 811440]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2007-11-14 14208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-12-01 1655464]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100201.009\NAVENG.SYS [2009-08-27 84912]
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100201.009\NAVEX15.SYS [2009-08-27 1323568]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-18 2314752]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-09-16 28672]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-09-13 50560]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2005-09-29 310016]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2007-06-13 82432]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-02-25 109744]
R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2006-10-26 26384]
R3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2006-11-02 41064]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-06-11 220160]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2006-11-02 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2006-11-02 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2006-11-02 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2006-11-22 274328]
S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\Windows\system32\DRIVERS\Sacm2A.sys [2004-06-10 15429]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2006-11-02 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-22 611664]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-01-18 561152]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2006-11-22 107624]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-11-28 30872]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2006-11-28 1962136]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-10-31 2541248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
-----------------EOF-----------------
info.txtinfo.txt logfile of random's system information tool 1.06 2010-02-03 22:02:24
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
AIM 6-->C:\Program Files\AIM6\uninst.exe
ATK0100 ACPI UTILITY-->C:\Windows\ATK0100\XPunin.exe
BisonCam-->C:\Program Files\InstallShield Installation Information\{4A57592C-FF92-4083-97A9-92783BD5AFB4}\SETUP.exe -runfromtemp -l0x0009 -removeonly
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Symantec AntiVirus-->MsiExec.exe /I{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}
TGA Convert 1.3-->C:\Program Files\TGA Convert\uninst.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
======Security center information======
AV: Symantec AntiVirus
AS: Symantec AntiVirus
AS: Windows Defender
======System event log======
Computer Name: Margie-PC
Event Code: 4374
Message: Windows Servicing identified that package KB958483(Update) is not applicable for this system
Record Number: 206761
Source Name: Microsoft-Windows-Servicing
Time Written: 20100204001905.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Margie-PC
Event Code: 4374
Message: Windows Servicing identified that package KB958483(Update) is not applicable for this system
Record Number: 206762
Source Name: Microsoft-Windows-Servicing
Time Written: 20100204001905.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Margie-PC
Event Code: 4374
Message: Windows Servicing identified that package KB958483(Update) is not applicable for this system
Record Number: 206763
Source Name: Microsoft-Windows-Servicing
Time Written: 20100204001905.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Margie-PC
Event Code: 4374
Message: Windows Servicing identified that package KB958483(Update) is not applicable for this system
Record Number: 206764
Source Name: Microsoft-Windows-Servicing
Time Written: 20100204001905.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Margie-PC
Event Code: 4374
Message: Windows Servicing identified that package KB958483(Update) is not applicable for this system
Record Number: 206765
Source Name: Microsoft-Windows-Servicing
Time Written: 20100204001905.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: Margie-PC
Event Code: 42
Message:
Auto-Protect Error: Auto-Protect loaded the default configuration
Record Number: 79930
Source Name: Symantec AntiVirus
Time Written: 20100203034411.000000-000
Event Type: Warning
User:
Computer Name: Margie-PC
Event Code: 42
Message:
Auto-Protect Error: Auto-Protect loaded the default configuration
Record Number: 79932
Source Name: Symantec AntiVirus
Time Written: 20100203034411.000000-000
Event Type: Warning
User:
Computer Name: Margie-PC
Event Code: 42
Message:
Auto-Protect Error: Auto-Protect loaded the default configuration
Record Number: 79961
Source Name: Symantec AntiVirus
Time Written: 20100204000935.000000-000
Event Type: Warning
User:
Computer Name: Margie-PC
Event Code: 42
Message:
Auto-Protect Error: Auto-Protect loaded the default configuration
Record Number: 79962
Source Name: Symantec AntiVirus
Time Written: 20100204000935.000000-000
Event Type: Warning
User:
Computer Name: Margie-PC
Event Code: 1000
Message: Faulting application sidebar.exe, version 6.0.6000.16615, time stamp 0x4764fba1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x001282e0, process id 0xe9c, application start time 0x01caa52e706599e6.
Record Number: 79977
Source Name: Application Error
Time Written: 20100204002410.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Margie-PC
Event Code: 4904
Message: An attempt was made to register a security event source.
Subject :
Security ID: S-1-5-18
Account Name: MARGIE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Process:
Process ID: 0x520
Process Name: C:\Windows\System32\VSSVC.exe
Event Source:
Source Name: VSSAudit
Event Source ID: 0x206532
Record Number: 66090
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100204001728.050369-000
Event Type: Audit Success
User:
Computer Name: Margie-PC
Event Code: 4905
Message: An attempt was made to unregister a security event source.
Subject
Security ID: S-1-5-18
Account Name: MARGIE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Process:
Process ID: 0x520
Process Name: C:\Windows\System32\VSSVC.exe
Event Source:
Source Name: VSSAudit
Event Source ID: 0x206532
Record Number: 66091
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100204001728.050369-000
Event Type: Audit Success
User:
Computer Name: Margie-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: MARGIE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x24c
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 66092
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100204002456.629470-000
Event Type: Audit Success
User:
Computer Name: Margie-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: MARGIE-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x24c
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 66093
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100204002456.629470-000
Event Type: Audit Success
User:
Computer Name: Margie-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 66094
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100204002456.629470-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
-----------------EOF-----------------
Gmer.txtWhen I scanned with GMER in safe mode all I got was a message that said "GMER hasn't found any system modifications."
So I have no file to show you for this program.