Thanks turtledove. I have gotten rid of the Bitorrent. I've followed the other steps and here are the logs:
pLogfile of random's system information tool 1.08 (written by random/random)
Run by Owner at 2010-12-23 09:11:55
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 183 GB (62%) free of 296 GB
Total RAM: 1918 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:12:15 AM, on 23/12/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Process Lasso\ProcessLasso.exe
C:\Program Files\Process Lasso\ProcessGovernor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows SteadyState\Bubble.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Norton Utilities 14\nu.exe
F:\Most Recent Downloads\RSIT.exe
C:\Program Files\trend micro\Owner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://news.google.com/?ned=us&topic=nR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ProcessLassoManagementConsole] C:\Program Files\Process Lasso\processlasso.exe
O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Logoff] C:\Program Files\Windows SteadyState\SCTUINotify.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Bubble] C:\Program Files\Windows SteadyState\Bubble.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote Table Of Contents.onetoc2
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager -
file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com/get/f ... wflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GFI Backup 2009 - Home Edition Attendant Service (GFIBckHAtt) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
O23 - Service: GFI Backup 2009 - Home Edition Scheduler Service (GFIBckHSched) - GFI Software Ltd. - C:\PROGRA~1\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxba_device - Unknown owner - C:\Windows\system32\lxbacoms.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10122 bytes
======Scheduled tasks folder======
C:\Windows\tasks\AWC AutoSweep.job
C:\Windows\tasks\AWC Update.job
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\ParetoLogic Registration3.job
C:\Windows\tasks\ParetoLogic Update Version3.job
C:\Windows\tasks\PC Health Advisor Defrag.job
C:\Windows\tasks\PC Health Advisor.job
C:\Windows\tasks\SmartDefrag.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
QuickStores-Toolbar - C:\Windows\system32\mscoree.dll [2009-11-08 297808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll [2010-09-03 396144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL [2010-05-13 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2010-07-28 109568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-24 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll [2010-09-03 396144]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - QuickStores-Toolbar - C:\Windows\system32\mscoree.dll [2009-11-08 297808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"ProcessLassoManagementConsole"=C:\Program Files\Process Lasso\processlasso.exe [2010-05-18 414736]
"ProcessGovernor"=C:\Program Files\Process Lasso\processgovernor.exe [2010-05-18 252944]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-05-22 92704]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-05-22 13539872]
"Norton Ghost 14.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2009-08-03 2250088]
"Logoff"=C:\Program Files\Windows SteadyState\SCTUINotify.exe [2008-05-30 163856]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Bubble"=C:\Program Files\Windows SteadyState\Bubble.exe [2008-05-30 182288]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe [2007-08-23 152952]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Taskbar Shuffle"=C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe [2008-04-17 818176]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GroupManager]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Codec Update Service]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote Table Of Contents.onetoc2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-10-29 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Windows SteadyState]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"HideFastUserSwitching"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"DisallowCpl"=1
"NoToolbarCustomize"=0
"DisallowRun"=0
"StartMenuLogoff"=0
"MaxRecentDocs"=11
"NoStartMenuMFUprogramsList"=0
"NoDrives"=0x00000000
"NoDesktop"=0
"NoActiveDesktop"=0
"NoViewContextMenu"=0
"NoStartMenuMyMusic"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2010-12-23 09:11:59 ----D---- C:\Program Files\trend micro
2010-12-23 09:11:55 ----D---- C:\rsit
2010-12-23 01:35:09 ----D---- C:\Users\Owner\AppData\Roaming\ParetoLogic
2010-12-23 01:35:09 ----D---- C:\Users\Owner\AppData\Roaming\DriverCure
2010-12-23 01:34:57 ----D---- C:\Program Files\Common Files\ParetoLogic
2010-12-23 01:34:56 ----D---- C:\ProgramData\ParetoLogic
2010-12-23 01:34:56 ----D---- C:\Program Files\ParetoLogic
2010-12-22 15:19:49 ----D---- C:\Program Files\Microsoft ATS
2010-12-22 10:51:40 ----RASH---- C:\MSDOS.SYS
2010-12-22 10:51:40 ----RASH---- C:\IO.SYS
2010-12-22 10:28:03 ----D---- C:\Users\Owner\AppData\Roaming\HP
2010-12-22 09:57:45 ----A---- C:\ProgramData\Ament.ini
2010-12-22 09:54:31 ----HD---- C:\Config.Msi
2010-12-21 16:29:27 ----A---- C:\Windows\system32\javaws.exe
2010-12-21 16:29:27 ----A---- C:\Windows\system32\javaw.exe
2010-12-21 16:29:27 ----A---- C:\Windows\system32\java.exe
2010-12-21 16:29:27 ----A---- C:\Windows\system32\deployJava1.dll
2010-12-21 12:58:55 ----A---- C:\Windows\is-4CR4U.exe
2010-12-17 09:40:51 ----D---- C:\ProgramData\Google
2010-12-14 21:20:19 ----A---- C:\Windows\system32\win32k.sys
2010-12-14 21:20:16 ----A---- C:\Windows\system32\taskschd.dll
2010-12-14 21:20:16 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-14 21:20:14 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-14 21:20:14 ----A---- C:\Windows\system32\taskeng.exe
2010-12-14 21:20:14 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-14 21:20:11 ----A---- C:\Windows\system32\consent.exe
2010-12-14 21:20:09 ----A---- C:\Windows\system32\atmlib.dll
2010-12-14 21:20:09 ----A---- C:\Windows\system32\atmfd.dll
2010-12-14 21:20:08 ----A---- C:\Windows\system32\fontsub.dll
2010-12-14 21:20:05 ----A---- C:\Windows\system32\mshtml.dll
2010-12-14 21:20:05 ----A---- C:\Windows\system32\iertutil.dll
2010-12-14 21:20:04 ----A---- C:\Windows\system32\mstime.dll
2010-12-14 21:20:04 ----A---- C:\Windows\system32\ieframe.dll
2010-12-14 21:20:03 ----A---- C:\Windows\system32\wininet.dll
2010-12-14 21:20:03 ----A---- C:\Windows\system32\urlmon.dll
2010-12-14 21:20:03 ----A---- C:\Windows\system32\msfeedssync.exe
2010-12-14 21:20:03 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-14 21:20:03 ----A---- C:\Windows\system32\iedkcs32.dll
2010-12-14 21:20:03 ----A---- C:\Windows\system32\ie4uinit.exe
2010-12-14 21:20:01 ----A---- C:\Windows\system32\ieui.dll
2010-12-14 21:20:00 ----A---- C:\Windows\system32\occache.dll
2010-12-14 21:20:00 ----A---- C:\Windows\system32\ieUnatt.exe
2010-12-14 21:19:59 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-14 21:19:59 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-12-14 21:19:59 ----A---- C:\Windows\system32\licmgr10.dll
2010-12-14 21:19:59 ----A---- C:\Windows\system32\iesysprep.dll
2010-12-14 21:19:59 ----A---- C:\Windows\system32\iesetup.dll
2010-12-14 21:19:59 ----A---- C:\Windows\system32\iepeers.dll
2010-12-14 21:19:58 ----A---- C:\Windows\system32\jsproxy.dll
2010-12-14 21:19:58 ----A---- C:\Windows\system32\iernonce.dll
2010-12-14 21:19:52 ----A---- C:\Windows\system32\tzres.dll
2010-11-29 00:12:00 ----D---- C:\ProgramData\SlySoft
2010-11-29 00:06:14 ----D---- C:\Program Files\SlySoft
2010-11-28 23:51:01 ----D---- C:\ProgramData\1click dvd copy pro
2010-11-28 23:33:01 ----D---- C:\Users\Owner\AppData\Roaming\Vso
2010-11-28 23:33:01 ----A---- C:\Windows\system32\drivers\pcouffin.sys
2010-11-28 23:33:01 ----A---- C:\Users\Owner\AppData\Roaming\pcouffin.sys
2010-11-28 23:33:01 ----A---- C:\Users\Owner\AppData\Roaming\inst.exe
======List of files/folders modified in the last 1 months======
2010-12-23 09:12:12 ----D---- C:\Windows\Prefetch
2010-12-23 09:11:59 ----D---- C:\Program Files
2010-12-23 09:11:58 ----D---- C:\Windows\Temp
2010-12-23 09:10:51 ----D---- C:\Users\Owner\AppData\Roaming\BitTorrent
2010-12-23 09:10:20 ----D---- C:\Users\Owner\AppData\Roaming\Free Download Manager
2010-12-23 09:04:11 ----SHD---- C:\Windows\Installer
2010-12-23 09:02:53 ----SHD---- C:\System Volume Information
2010-12-23 02:06:06 ----AD---- C:\ProgramData\TEMP
2010-12-23 01:56:03 ----D---- C:\Program Files\Norton Utilities 14
2010-12-23 01:35:20 ----D---- C:\Windows\Tasks
2010-12-23 01:35:20 ----D---- C:\Windows\system32\Tasks
2010-12-23 01:34:57 ----D---- C:\Program Files\Common Files
2010-12-23 01:34:56 ----HD---- C:\ProgramData
2010-12-22 21:50:32 ----D---- C:\Windows\tracing
2010-12-22 18:11:05 ----D---- C:\Windows\registration
2010-12-22 15:24:04 ----D---- C:\Windows\AppPatch
2010-12-22 15:19:59 ----SD---- C:\Windows\Downloaded Program Files
2010-12-22 11:01:42 ----D---- C:\Program Files\Mozilla Firefox
2010-12-22 10:53:04 ----D---- C:\Windows
2010-12-22 10:52:14 ----D---- C:\Windows\System32
2010-12-22 09:26:30 ----D---- C:\Program Files\SpeedBit Video Accelerator
2010-12-22 09:11:52 ----D---- C:\Users\Owner\AppData\Roaming\vlc
2010-12-22 00:56:55 ----D---- C:\Program Files\HP
2010-12-22 00:33:15 ----D---- C:\Windows\system32\wbem
2010-12-22 00:31:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-22 00:31:13 ----D---- C:\Windows\system32\spool
2010-12-22 00:31:13 ----D---- C:\Windows\system32\drivers\etc
2010-12-22 00:31:13 ----D---- C:\Windows\system32\drivers
2010-12-22 00:31:13 ----D---- C:\Windows\system32\catroot2
2010-12-22 00:31:13 ----D---- C:\Windows\inf
2010-12-22 00:31:13 ----D---- C:\Program Files\Glary Utilities
2010-12-22 00:31:12 ----D---- C:\Users\Owner\AppData\Roaming\uTorrent
2010-12-22 00:27:48 ----D---- C:\Windows\system32\catroot
2010-12-21 16:29:23 ----D---- C:\Program Files\Java
2010-12-21 12:42:30 ----D---- C:\Program Files\Driver Magician
2010-12-21 12:39:43 ----D---- C:\Windows\Debug
2010-12-21 12:38:29 ----D---- C:\Program Files\CCleaner
2010-12-21 12:27:28 ----D---- C:\Program Files\Registry Defragmentation
2010-12-21 12:26:52 ----D---- C:\Windows\system32\config
2010-12-19 08:13:15 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-17 14:29:36 ----D---- C:\Program Files\RapidShareManager
2010-12-17 10:37:33 ----D---- C:\Downloads
2010-12-17 08:55:48 ----D---- C:\Program Files\SUPERAntiSpyware
2010-12-17 03:02:26 ----D---- C:\ProgramData\Microsoft Help
2010-12-14 22:09:13 ----D---- C:\Windows\rescache
2010-12-14 22:02:01 ----D---- C:\Windows\winsxs
2010-12-14 21:43:11 ----D---- C:\Program Files\Windows Mail
2010-12-14 21:43:07 ----D---- C:\Windows\system32\migration
2010-12-14 21:43:07 ----D---- C:\Program Files\Internet Explorer
2010-12-14 21:38:09 ----D---- C:\Windows\system32\en-US
2010-12-14 21:30:36 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-10-26 110624]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-05-07 43528]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-03-09 717296]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2010-02-03 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-21 173104]
R0 symsnap;Symantec Volume Snap Shot Driver; C:\Windows\system32\DRIVERS\symsnap.sys [2009-07-01 138464]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [2010-11-22 691248]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-25 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-07-20 371248]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-09-30 30376]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20101222.001\IDSvix86.sys [2010-11-08 353912]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-28 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2010-10-03 67656]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1108000.005\SRTSP.SYS [2010-04-21 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS [2010-04-21 43696]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-05 339504]
R2 v2imount;Symantec V2i Mount Driver; C:\Windows\system32\DRIVERS\v2imount.sys [2008-08-13 38112]
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2010-09-14 108480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-20 102448]
R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service; C:\Windows\system32\DRIVERS\dlkfet5b.sys [2007-05-16 43008]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-12-11 15464]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-11 2324512]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101222.025\NAVENG.SYS [2010-12-16 86008]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20101222.025\NAVEX15.SYS [2010-12-16 1360760]
R3 NCHSSVAD;SoundTap Recorder; C:\Windows\system32\drivers\nchssvad.sys [2008-07-16 27136]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-05-22 7465312]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-07-20 124976]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 73216]
S0 ntcdrdrv;ntcdrdrv; C:\Windows\system32\DRIVERS\ntcdrdrv.sys []
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
S3 grmnusb;Garmin USB Driver; C:\Windows\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
S3 moufiltr;Mouse Filter; C:\Windows\system32\DRIVERS\moufiltr.sys [2007-01-09 6144]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NVENETFD;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
S3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-11-28 47360]
S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2008-10-27 7808]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-28 12872]
S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS []
S3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\Windows\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-01-19 128104]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]
S3 wrssweep;Webroots Volume Access Driver; \??\C:\Program Files\Webroot\Washer\wrssweep.sys [2007-11-26 21832]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 a2AntiMalware;a-squared Anti-Malware Service; C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe [2009-10-01 1858144]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-31 243064]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-08-10 387616]
R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service; C:\PROGRA~1\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe [2009-05-13 440616]
R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service; C:\PROGRA~1\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe [2009-05-13 1012520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-25 126392]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2009-08-03 4322656]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-08-10 178720]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-22 118784]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [2006-11-02 7168]
R2 Windows SteadyState;Windows SteadyState Service; C:\Program Files\Windows SteadyState\SCTSvc.exe [2008-05-30 115728]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-07-01 1562096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 lxba_device;lxba_device; C:\Windows\system32\lxbacoms.exe -service []
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-28 386560]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 NtmsSvc;@%SystemRoot%\system32\ntmssvc.dll,-2; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.08 2010-12-23 09:12:17
======Uninstall list======
-->"C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Advanced Optimization Addestination-->C:\Windows\system32\24011b48-a7ba-d032-94ea-c7309eba22a0.exe
Advanced Registry Doctor-->C:\Program Files\Advanced Registry Doctor\uninst.exe
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Aimersoft Video to DVD Converter(Build 1.0.8.3)-->"C:\Program Files\Aimersoft\Video to DVD Converter\unins000.exe"
ALTools Update-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
Anti-Malware Toolkit 1.13.326-->"C:\Program Files\Lunarsoft\Anti-Malware Toolkit\unins000.exe"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Bit Che-->"C:\Program Files\Bit Che\unins000.exe"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CD Trustee-->C:\Windows\uninst.exe -f"C:\Program Files\CDTrustee\DeIsL4.isu" -cC:\PROGRA~1\CDTRUS~1\_ISREG32.DLL
CoreWavPack DirectShow Filters (remove only)-->"C:\Windows\System32\CoreWavPack-uninstall.exe"
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Data Doctor-Audio Splitter-->C:\Program Files\Data Doctor-Audio Splitter\Uninstall.exe
dBpoweramp CD Writer-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp CD Writer.dat
dBpoweramp DSP Effects-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
dBpoweramp FLAC Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp m4a Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Monkeys Audio Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBpoweramp Musepack Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Musepack Codec.dat
dBpoweramp Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
dBPowerAMP Real Audio (Helix) Encoder-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat
dBpoweramp Shorten Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Shorten Codec.dat
dBpoweramp WavPack Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
dBpoweramp Windows Media Audio 10 Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
dBpowerAMP-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpowerAMP.dat
D-Link PCI Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $D-Link
dMC Power Pack-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dMC Power Pack.dat
Driver Magician 3.48-->"C:\Program Files\Driver Magician\unins000.exe"
EasyGPS 4.15-->"C:\Program Files\EasyGPS\unins000.exe"
eMusic Download Manager 4.1.1-->C:\Program Files\eMusic Download Manager\uninst.exe
eMusic Remote 1.0-->C:\Program Files\eMusic Remote\uninst.exe
FormatFactory 2.30-->C:\Program Files\FreeTime\FormatFactory\uninst.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
Freecorder Toolbar 3.0 Application-->"C:\Windows\Freecorder Toolbar\uninstall.exe" "/U:C:\Program Files\Freecorder Toolbar\Uninstall\uninstall.xml"
Garmin Communicator Plugin-->MsiExec.exe /X{C7DD94A8-F775-426C-B56C-8E555A59F9E2}
Garmin Trip and Waypoint Manager v4-->MsiExec.exe /X{67B9AF41-C0B9-4960-84D9-A61D23DE85D8}
Garmin Trip and Waypoint Manager v5-->MsiExec.exe /X{414A373B-59DF-4102-94CA-9FE9A74CBDDA}
Garmin USB Drivers-->MsiExec.exe /X{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}
Garmin WebUpdater-->MsiExec.exe /X{D17111CB-C992-42A9-9D56-C19395102AAA}
Glary Utilities Pro 2.18.0.786-->"C:\Program Files\Glary Utilities\unins000.exe"
HijackThis 2.0.2-->"C:\Users\Owner\Desktop\Disk Cleaners\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Deskjet 2050 J510 series Basic Device Software-->MsiExec.exe /I{5033F411-4848-49D6-BAC2-DAA06AFA0AFC}
HP Deskjet 2050 J510 series Help-->MsiExec.exe /I{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photo Creations-->C:\Program Files\HP Photo Creations\uninst.exe
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
I.I.I. Home Inventory 3.08-->C:\Program Files\Insurance Information Institute\HomeInventory\uninst.exe
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
K-Lite Codec Pack 3.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LightScribe Applications-->MsiExec.exe /X{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}
LightScribe System Software-->MsiExec.exe /X{7EACD74C-147F-478C-9389-F9F52EE3C88A}
LightScribe Template Designs - Music Pack 1-->MsiExec.exe /X{4ECA4128-8B48-44A0-90E8-B93C6A69CE4B}
LightScribe Template Designs - Street Style Pack 1-->MsiExec.exe /X{F82E9B29-EE4B-418F-9CA4-A70DA610553D}
LightScribe Template Designs - With The Band-->MsiExec.exe /X{7495F8B4-6F73-496C-AC48-FE7F8867FF59}
LightScribe Template Labeler-->MsiExec.exe /X{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
MediaMonkey 3.2-->"C:\Program Files\MediaMonkey\unins000.exe"
Mega Manager-->"C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe" -runfromtemp -l0x0409 -removeonly
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.5-->MsiExec.exe /I{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook Connector-->MsiExec.exe /X{95140000-007A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mkw Audio Compression Toolkit-->C:\Windows\IsUninst.exe -f"C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\Uninst.isu"
Moo0 RightClicker 1.26-->C:\Program Files\Moo0\RightClicker 1.26\uninstaller.exe
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton Ghost-->MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930014}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\2454B0AB\17.8.0.5\InstStub.exe /X
Norton Utilities-->"C:\Program Files\Norton Utilities 14\unins000.exe" /Log
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->"C:\Program Files\InstallShield Installation Information\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}\setup.exe" -runfromtemp -l0x0409 -removeonly
NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenWith.org 1.0.1-->"C:\Program Files\OpenWith.org Desktop Tool\unins000.exe"
ParetoLogic PC Health Advisor-->C:\Program Files\ParetoLogic\PCHA\uninstall.exe
Process Lasso-->"C:\Program Files\Process Lasso\uninstall.exe"
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickStores-Toolbar 1.0.0-->"C:\Users\Owner\AppData\Roaming\QuickStoresToolbar\unins000.exe"
RapidShare Manager-->C:\Program Files\RapidShareManager\uninstall.exe
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Registry Defragmentation-->C:\Program Files\Registry Defragmentation\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Secunia PSI (RC4)-->"C:\Program Files\Secunia\PSI (RC4)\uninstall.exe"
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2289158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {210B16C0-CEBD-4DE9-B474-04A7E8735E16}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2344875)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office Excel 2007 (KB2345035)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B23002DD-34EC-4988-B810-A5E2A0BF04F1}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3DED0A62-44C8-4E00-A785-5212F297A9D9}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Smart Defrag-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Snapfish Media Detector-->MsiExec.exe /X{4EF6FDB0-3B11-4820-9860-8E08E9965195}
Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
SoulSeek Client 156c-->C:\Program Files\AntiTwin\uninstall.exe
SoundTap Streaming Audio Recorder-->C:\Program Files\NCH Swift Sound\SoundTap\uninst.exe
SpeedBit Video Accelerator-->"C:\Program Files\SpeedBit Video Accelerator\VARemove.exe" temp
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Taskbar Shuffle version 2.5-->"C:\Program Files\Taskbar Shuffle\unins000.exe"
TidySongs-->msiexec /qb /x {6AEFD7CD-474E-EE83-458C-8482DB488DD0}
TidySongs-->MsiExec.exe /I{6AEFD7CD-474E-EE83-458C-8482DB488DD0}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB2412171)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7961E819-93A5-40A8-8469-4BE2FBBFACEF}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (KB2466076)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EE71630C-C756-4343-B620-DB5958609E3D}
Visual C++ 8.0 ATL (x86) WinSXS MSM-->MsiExec.exe /I{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}
Visual C++ 8.0 CRT (x86) WinSXS MSM-->MsiExec.exe /I{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}
VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wave Corrector DeClick version 1.0-->"C:\Program Files\WaveCorDC\unins000.exe"
Window Washer-->C:\Windows\Unwash6.exe
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_0efc767c\grmnusb.inf
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows NT Backup - Restore Utility-->MsiExec.exe /I{B3E699B5-7EEE-4AB1-A7BB-A43B7B4D94ED}
Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
Windows SteadyState-->MsiExec.exe /X{D3880A64-6112-47b7-8BFE-70EEA07B43E0}
WinPatrol 2009-->C:\PROGRA~1\BillP Studios\WinPatrol\Setup.exe /remove /q0
Youtube Downloader HD v. 1.6-->"C:\Program Files\Youtube Downloader HD\unins000.exe"
ZEN Vision:M Series Media Explorer-->"C:\Program Files\Creative Installation Information\ZEN_VISION_M_SERIES_MEDIA_EXPLORER\Setup.exe" /remove /l0x0009
======Security center information======
AS: Windows Defender (disabled)
AS: SUPERAntiSpyware (disabled)
======System event log======
Computer Name: Owner-PC
Event Code: 15021
Message: An error occured while using SSL configuration for socket address 192.168.100.2:6331. The error status code is contained within the returned data.
Record Number: 269652
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20100222031519.983590-000
Event Type: Error
User:
Computer Name: Owner-PC
Event Code: 15021
Message: An error occured while using SSL configuration for socket address 169.254.131.252:6331. The error status code is contained within the returned data.
Record Number: 269651
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20100222031519.983590-000
Event Type: Error
User:
Computer Name: Owner-PC
Event Code: 46
Message: Crash dump initialization failed!
Record Number: 269648
Source Name: volmgr
Time Written: 20100222031512.338546-000
Event Type: Error
User:
Computer Name: Owner-PC
Event Code: 46
Message: Crash dump initialization failed!
Record Number: 269641
Source Name: volmgr
Time Written: 20100222031500.232868-000
Event Type: Error
User:
Computer Name: Owner-PC
Event Code: 10010
Message: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Record Number: 269626
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100222031214.000000-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Owner-PC
Event Code: 4197
Message: Could not locate the MS DTC XA Transaction Manager contact object.
Record Number: 62768
Source Name: Microsoft-Windows-MSDTC
Time Written: 20090315125027.000000-000
Event Type: Error
User:
Computer Name: Owner-PC
Event Code: 4198
Message: Could not locate the MS DTC TIP Gateway contact object.
Record Number: 62767
Source Name: Microsoft-Windows-MSDTC
Time Written: 20090315125027.000000-000
Event Type: Error
User:
Computer Name: Owner-PC
Event Code: 4879
Message: MSDTC encountered an error (HR=0x80000171) while attempting to establish a secure connection with system OWNER-PC.
Record Number: 62652
Source Name: Microsoft-Windows-MSDTC Client 2
Time Written: 20090314104111.000000-000
Event Type: Warning
User:
Computer Name: Owner-PC
Event Code: 4197
Message: Could not locate the MS DTC XA Transaction Manager contact object.
Record Number: 62637
Source Name: Microsoft-Windows-MSDTC
Time Written: 20090314103641.000000-000
Event Type: Error
User:
Computer Name: Owner-PC
Event Code: 4198
Message: Could not locate the MS DTC TIP Gateway contact object.
Record Number: 62636
Source Name: Microsoft-Windows-MSDTC
Time Written: 20090314103641.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Owner-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 79942
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090727025911.530108-000
Event Type: Audit Success
User:
Computer Name: Owner-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: OWNER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x2a4
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 79941
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090727025911.530108-000
Event Type: Audit Success
User:
Computer Name: Owner-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: OWNER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x2a4
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 79940
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090727025911.530108-000
Event Type: Audit Success
User:
Computer Name: Owner-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 79939
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090727025909.996108-000
Event Type: Audit Success
User:
Computer Name: Owner-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: OWNER-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x2a4
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 79938
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090727025909.996108-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Windows Live\Shared;C:\Program Files\ESTsoft\ALZip
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"SCTPath"=C:\Program Files\Windows SteadyState\
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
-----------------EOF-----------------
Okay - here's the problem and I'm sure it was my fault. While the Rootkit Scan was happening, I was surfing the net and found a blog that I rediscovered. So, stupid me, I clicked on the hyperlink for the RSS feed. My computer crashed and came back up. I started the Rootkit scan again and it stops working shortly after beginning. It stops at \Device\harddiskvolumeshadowcopy5. I will download a fresh copy of the program and try again. Just thought I'd keep you updated. And I promise that I'll keep my grubby little fingers off the keyboard if I can get it running again.
Sorry for the bonehead move. And also thanks for having a look during the busy time of the year. I'll be back.