Free Malware Removal Forum

[helpintoledo]

Greetings,
I am attempting to help a friend who has been having extreme performance issue with a multiple user Windows system, with the worst symptoms on the Admin user. If there are details needed beyond the HJT log initially, let me know and I will provide them immediately. HJT Log follows:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:53:19 PM, on 7/28/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\program files\mapquest toolbar\MqTbServer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: MapQuest Toolbar Loader - {E34F0E11-AB79-487c-9773-36C594DFF5AA} - C:\Program Files\MapQuest Toolbar\mqtb.dll
O3 - Toolbar: MapQuest Toolbar - {57ABF0DD-577C-4ec6-855C-8DC29768C2B0} - C:\Program Files\MapQuest Toolbar\mqtb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_57E73FA0B01DF7F6.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca6bd597e4aa80) (gupdate1ca6bd597e4aa80) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe

--
End of file - 8256 bytes

[MWR 3 day Mod]

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

[Dakeyras]

Hi.

If I may enquire is their any particular reason your friend has not created a account here in Malware Removal and requested assistance on their own behalf?

[helpintoledo]

I am considered the goto guy for computer help among my friends and family. I thought it would be best if I helped them directly. If you prefer I can give them the URL and have them take over. I assure you I am not making a penny for this if that is the concern. If it is other concerns such as the risks involved I will make sure they are fully informed. As it is, I will likely be acting mostly in the capacity of the techie-to-layman translator. Please advise.

[Dakeyras]

Hi.

Thank you for the clarification, as I a rule I prefer to deal with the actual owner of the machine as what we do is hard enough via the written word without the added complications of a third party involved.

OK I am prepared to relent and still offer my assistance, however if the situation does prove not to be practicable I'm afraid I will have no other option but to close this topic and advise your friend join the forum themselves and create/post a topic requesting assistance.

Next:

Please take note of the below:-

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

• Right-click on SecurityCheck.exe and select Run as Administrator then follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt
• Please post the contents of that document in your next reply.

Scan with RSIT:

• Please download Random's System Information Tool by random/random from here and save it to your desktop.

Make sure that RSIT.exe is on the your Desktop before running the application!

• Right-click on RSIT.exe and select Run as Administrator to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

Note: Both logs can also be located within this folder rsit at the root of the installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

• How is your friends computer performing now, any further symptoms and or problems encountered?
• SecurityCheck Log.
• Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

[helpintoledo]

First, thank you for relenting. I do appreciate the job you all do, and as time allows I may soon request acceptance to your school so I may give back. And, I appreciate both the concerns you expressed and perhaps even ones that went unexpressed. That said, I now have their tower in my possession so hopefully we can keep this moving. Also, the machine is running much faster today on the admin user (it was basically crawling when I first looked at it and ran HJT). I ran MalwareBytes at that time also and left it running with him, and asked him not to make any changes, just to save the log file, but I'm not sure if he let it run fixes or not (my girlfriend got the PC from him). That's about it on the overall update. 3 requested log files to follow.

[helpintoledo]

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

``````````End of Log````````````

[helpintoledo]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Mark Young at 2010-08-04 22:43:09
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 87 GB (57%) free of 153 GB
Total RAM: 1021 MB (41% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-07-19 649168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-11 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL [2010-01-20 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-18 278128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-05-18 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [2008-12-04 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-28 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E34F0E11-AB79-487c-9773-36C594DFF5AA}]
MapQuest Toolbar Loader - C:\Program Files\MapQuest Toolbar\mqtb.dll [2008-03-18 1267040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{57ABF0DD-577C-4ec6-855C-8DC29768C2B0} - MapQuest Toolbar - C:\Program Files\MapQuest Toolbar\mqtb.dll [2008-03-18 1267040]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [2008-12-04 83800]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-18 278128]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-07-19 649168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-28 136600]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-04-13 47392]
"DLCXCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 []
"FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-11-03 312200]
"dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2007-01-12 292336]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-11-03 304008]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-04-14 13687328]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-04-14 92704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-11 202256]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-05-06 405504]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-17 68856]
"pjpjscti"=C:\Users\Mark Young\AppData\Local\swbjxyfqp\fdqvffktssd.exe []

C:\Users\Mark Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"legalnoticecaption"=
"legalnoticetext"=
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-04 22:43:09 ----D---- C:\rsit
2010-08-03 12:15:47 ----A---- C:\Windows\system32\shell32.dll
2010-07-28 19:22:34 ----D---- C:\Program Files\Trend Micro
2010-07-28 19:03:04 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-28 19:03:01 ----D---- C:\ProgramData\Malwarebytes
2010-07-28 19:03:01 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-28 19:03:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-28 18:54:23 ----ASH---- C:\hiberfil.sys
2010-07-28 18:46:27 ----A---- C:\Windows\ntbtlog.txt
2010-07-20 09:48:11 ----D---- C:\ProgramData\Sun
2010-07-17 17:19:38 ----AS---- C:\Windows\system32\drivers\TfSysMon.sys
2010-07-17 17:19:38 ----AS---- C:\Windows\system32\drivers\TfNetMon.sys
2010-07-17 17:19:38 ----AS---- C:\Windows\system32\drivers\TfFsMon.sys
2010-07-17 15:34:32 ----A---- C:\Windows\BDTSupport.dll.old
2010-07-17 15:34:32 ----A---- C:\Windows\BDTSupport.dll
2010-07-17 15:34:30 ----A---- C:\Windows\SGDetectionTool.dll
2010-07-17 15:34:30 ----A---- C:\Windows\PCTBDRes.dll
2010-07-17 15:34:30 ----A---- C:\Windows\PCTBDCore.dll.old
2010-07-17 15:34:30 ----A---- C:\Windows\PCTBDCore.dll
2010-07-17 15:31:06 ----A---- C:\Windows\system32\drivers\pctwfpfilter.sys
2010-07-17 15:31:06 ----A---- C:\Windows\system32\drivers\pctgntdi.sys
2010-07-17 15:30:17 ----A---- C:\Windows\system32\drivers\PCTCore.sys
2010-07-17 15:30:17 ----A---- C:\Windows\system32\drivers\PCTAppEvent.sys
2010-07-17 15:29:29 ----A---- C:\Windows\system32\drivers\pctplsg.sys
2010-07-17 15:29:08 ----D---- C:\ProgramData\PC Tools
2010-07-17 15:29:08 ----D---- C:\Program Files\Spyware Doctor
2010-07-17 15:29:08 ----D---- C:\Program Files\Common Files\PC Tools
2010-07-17 15:28:40 ----AD---- C:\ProgramData\TEMP
2010-07-15 10:54:34 ----D---- C:\ProgramData\Visan
2010-07-15 10:52:06 ----D---- C:\ProgramData\HP Photo Creations Meijer
2010-07-15 10:52:06 ----D---- C:\Program Files\HP Photo Creations Meijer
2010-07-14 17:48:03 ----RA---- C:\Windows\system32\drivers\SymIMV.sys
2010-07-14 17:47:53 ----D---- C:\Program Files\Symantec
2010-07-14 17:47:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-14 17:47:53 ----A---- C:\Windows\system32\drivers\SYMEVENT.SYS
2010-07-14 17:47:21 ----D---- C:\Windows\system32\drivers\NAV
2010-07-14 17:47:19 ----D---- C:\Program Files\Norton AntiVirus
2010-07-14 17:47:09 ----D---- C:\Program Files\NortonInstaller

======List of files/folders modified in the last 1 months======

2010-08-04 22:43:12 ----D---- C:\Windows\Prefetch
2010-08-04 22:43:02 ----D---- C:\Windows\Temp
2010-08-04 22:41:05 ----D---- C:\Windows\System32
2010-08-04 22:41:05 ----D---- C:\Windows\inf
2010-08-04 22:41:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-04 22:38:53 ----SD---- C:\Windows\Tasks
2010-08-04 22:36:35 ----D---- C:\Windows
2010-08-04 15:54:02 ----A---- C:\Windows\SchedLgU.Txt
2010-08-04 15:42:43 ----D---- C:\ProgramData\Google Updater
2010-08-04 03:01:37 ----D---- C:\Windows\winsxs
2010-08-04 03:00:59 ----SHD---- C:\System Volume Information
2010-08-03 13:21:16 ----D---- C:\Windows\system32\Tasks
2010-08-03 11:52:33 ----D---- C:\Windows\system32\catroot
2010-08-01 21:09:40 ----HD---- C:\ProgramData
2010-07-30 19:55:13 ----D---- C:\Program Files\dl_Cats
2010-07-29 05:57:12 ----RD---- C:\Program Files
2010-07-28 19:22:35 ----SHD---- C:\Windows\Installer
2010-07-28 19:03:04 ----D---- C:\Windows\system32\drivers
2010-07-28 18:20:36 ----D---- C:\Users\Mark Young\AppData\Roaming\Apple Computer
2010-07-26 21:54:16 ----D---- C:\Windows\system32\catroot2
2010-07-20 19:04:01 ----D---- C:\Windows\system32\Msdtc
2010-07-20 19:03:52 ----D---- C:\Windows\system32\wbem
2010-07-20 19:03:09 ----D---- C:\Windows\system32\config
2010-07-20 19:02:06 ----D---- C:\Windows\system32\spool
2010-07-20 19:02:06 ----D---- C:\Windows\system32\restore
2010-07-20 19:02:06 ----D---- C:\Windows\system32\oobe
2010-07-20 19:02:06 ----D---- C:\Windows\system32\drivers\UMDF
2010-07-20 19:02:05 ----RSD---- C:\Windows\Media
2010-07-20 19:02:05 ----D---- C:\Windows\system32\drivers\etc
2010-07-20 19:02:05 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-20 19:01:56 ----RSD---- C:\Windows\Fonts
2010-07-20 19:01:56 ----RSD---- C:\Windows\assembly
2010-07-20 19:01:45 ----RD---- C:\Users
2010-07-20 19:01:43 ----D---- C:\ProgramData\Microsoft Help
2010-07-20 19:01:38 ----D---- C:\Program Files\Microsoft Works
2010-07-20 19:01:32 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2010-07-20 19:00:57 ----D---- C:\Windows\registration
2010-07-20 09:48:04 ----D---- C:\Program Files\Common Files\Java
2010-07-20 09:47:22 ----D---- C:\Program Files\Java
2010-07-17 15:29:08 ----D---- C:\Program Files\Common Files
2010-07-14 22:31:36 ----D---- C:\Program Files\Windows Mail
2010-07-14 17:49:34 ----D---- C:\ProgramData\Symantec
2010-07-14 17:48:24 ----D---- C:\ProgramData\Norton
2010-07-14 17:27:49 ----SD---- C:\Users\Mark Young\AppData\Roaming\Microsoft
2010-07-14 17:27:43 ----D---- C:\ProgramData\avg9
2010-07-13 17:03:56 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2006-05-11 247808]
R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2005-05-12 20576]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS [2010-01-20 310320]
R0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys [2010-02-02 51984]
R0 TfSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys [2010-02-02 59664]
R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys [2010-01-20 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys [2010-07-15 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-07-14 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100803.001\IDSvix86.sys [2010-07-06 344112]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NAV\1008000.029\SRTSP.SYS [2010-01-20 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS [2010-01-20 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2010-01-20 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS [2010-01-20 217136]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-19 220672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-14 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100804.002\NAVENG.SYS [2010-07-20 85424]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100804.002\NAVEX15.SYS [2010-07-20 1362608]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-04-14 7766464]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-05-06 326656]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-07-15 124976]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS [2010-01-20 89904]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS [2010-01-20 48688]
R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MHNDRV;MHN driver; C:\Windows\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys [2010-04-08 63360]
S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NAV\1002000.007\SYMDNS.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NAV\1002000.007\SYMREDRV.SYS []
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2010-02-02 33552]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-07-19 198608]
R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-11-03 537480]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2010-01-20 117640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-04-14 207392]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-05-06 94208]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1ca6bd597e4aa80;Google Update Service (gupdate1ca6bd597e4aa80); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 183280]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-03-05 16680]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-01-19 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
S3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2010-02-02 70928]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 TlntSvr;@%SystemRoot%\system32\tlntsvr.exe,-119; C:\Windows\System32\tlntsvr.exe [2009-04-11 71168]

-----------------EOF-----------------

[helpintoledo]

info.txt logfile of random's system information tool 1.08 2010-08-04 22:43:18

======Uninstall list======

360Share Pro(remove only)-->"C:\Program Files\360Share Pro\bt-uninst.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat Reader 3.0-->C:\Windows\uninst.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
Browser Defender 3.0.0.11-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Dell PC Fax-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Fisher-Price® Ready for School Family Resource Center-->C:\Windows\uninst.exe -f"C:\Program Files\Fisher-Price\Family Resource Center\DeIsL1.isu"
Fisher-Price® Ready for School Kindergarten-->D:\setup.exe -funkinder.ins
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.125\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_29ABD4AA06EBA92A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Photo Creations Meijer-->"C:\Program Files\HP Photo Creations Meijer\uninst.exe"
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kindergarten v1.0-->C:\Windows\IsUninst.exe -fC:\DLCS\KG\DeIsL1.isu
Lyra Jukebox Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3374B4A6-5595-4667-882D-755ABE093806}\Setup.exe" -l0x9 -remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapQuest Toolbar for Internet Explorer-->"C:\Program Files\MapQuest Toolbar\uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MobileMe Control Panel-->MsiExec.exe /I{BA165460-FCF7-4D6C-A7A2-F2321700720F}
MSN Toolbar-->MsiExec.exe /I{94D16248-E39A-46A4-8CBD-0DAE9C7444B4}
My Fantasy Wedding-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3AC8DD1-A754-46D6-A777-6155D627D196}\setup.exe" -l0x9
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.8.0.41\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Safari-->MsiExec.exe /I{AFAC914D-9E83-4A89-8ABE-427521C82CCF}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: mark-cadb77fa37
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 298937
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20091128112648.000000-000
Event Type: Warning
User:

Computer Name: mark-cadb77fa37
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019D106F861. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 298921
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091128105330.000000-000
Event Type: Warning
User:

Computer Name: mark-cadb77fa37
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019D106F861. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 298896
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091127201833.000000-000
Event Type: Warning
User:

Computer Name: mark-cadb77fa37
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019D106F861. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 298877
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091127172141.000000-000
Event Type: Warning
User:

Computer Name: mark-cadb77fa37
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019D106F861. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 298876
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091127172138.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: mark-cadb77fa37
Event Code: 1030
Message: Product: Microsoft .NET Framework 1.1. The application tried to install a more recent version of the protected Windows file C:\Windows\Microsoft.NET\Framework\sbs_iehost.dll. You may need to update your operating system for this application to work correctly. (Package Version: 1.0.0.0, Operating System Protected Version: 1.0.0.0).
Record Number: 25
Source Name: MsiInstaller
Time Written: 20080501042225.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: mark-cadb77fa37
Event Code: 1030
Message: Product: Microsoft .NET Framework 1.1. The application tried to install a more recent version of the protected Windows file C:\Windows\Microsoft.NET\Framework\sbs_diasymreader.dll. You may need to update your operating system for this application to work correctly. (Package Version: 1.0.0.0, Operating System Protected Version: 1.0.0.0).
Record Number: 24
Source Name: MsiInstaller
Time Written: 20080501042225.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: mark-cadb77fa37
Event Code: 1534
Message: Profile notification of event Delete for component {D63AA156-D534-4BAC-9BF1-55359CF5EC30} failed, error code is -2147024893.


Record Number: 13
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080501042203.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: mark-cadb77fa37
Event Code: 1534
Message: Profile notification of event Delete for component {DE3F3560-3032-41B4-B6CF-F703B1B95640} failed, error code is -2147023838.


Record Number: 12
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080501042203.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: mark-cadb77fa37
Event Code: 2
Message: Unable to remove Windows Search Service indexed data for user 'MARK-CADB77FA37\Administrator' in response to user profile deletion. Error code 0x80070422.

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
Record Number: 11
Source Name: Microsoft-Windows-Search-ProfileNotify
Time Written: 20080501042203.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: mark-cadb77fa37
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-18
Account Name: MARK-CADB77FA37$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process Information:
Process ID: 0x388
Name: C:\Windows\System32\oobe\msoobe.exe

Previous Time: 12:47:29 AM 5/1/2008
New Time: 9:47:29 PM 4/30/2008

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080501014729.323600-000
Event Type: Audit Success
User:

Computer Name: mark-cadb77fa37
Event Code: 1108
Message: The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
Record Number: 4
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080501043138.430600-000
Event Type: Audit Success
User:

Computer Name: mark-cadb77fa37
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 3
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080501043138.087779-000
Event Type: Audit Success
User:

Computer Name: mark-cadb77fa37
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 2
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080501042656.119949-000
Event Type: Audit Success
User:

Computer Name: mark-cadb77fa37
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-2152478756-3922319563-605102323-500
Account Name: Administrator
Account Domain: 26L2233B2-11
Logon ID: 0x8496a

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20061102130954.400000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[Dakeyras]

Hi and you're welcome!

A question if I may before we proceed any further.

Has this machine still got internet access or not, as in is it connected be it say directly to a modem and or via a local area network? This I will need to know as most of the tools I use do require such. Only reason asking is the two scans I asked for appear to have been ran without any form of internet access.

If indeed the machine was connected online at the time of the scans still inform myself of such as this will be of help actually for myself diagnosing any problems, thank you.

[helpintoledo]

Sorry, access is available, but it was intentionally left disconnected. If new scan logs are needed with a connection active, let me know and they will happily be provided.

[Dakeyras]

Hi.

Sorry, access is available, but it was intentionally left disconnected.

OK and thanks for the clarification.

If new scan logs are needed with a connection active, let me know and they will happily be provided.

Aye please do so as in provide a new SecurityCheck log and set of RSIT logs.

You will however have to run RSIT in the manner below otherwise only one log will be created and I would prefer to have a new updated set at this time, thank you.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

Click on Start(Vista orb) >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

"%userprofile%\desktop\rsit.exe" /info

and click on OK

• Click on Run and RSIT will start.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open:
  
  • log.txt will be opened maximized.
  • info.txt will be opened minimized.
• Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

• How is the computer performing now, any other symptoms and or problems encountered?
• A new SecurityCheck Log.
• A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply.

[helpintoledo]

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 11
Java(TM) 6 Update 2
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

[helpintoledo]

Logfile of random's system information tool 1.08 (written by random/random)
Run by Mark Young at 2010-08-06 21:23:28
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 87 GB (57%) free of 153 GB
Total RAM: 1021 MB (31% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-07-19 649168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2010-03-11 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\IPSBHO.DLL [2010-01-20 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-18 278128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-05-18 814648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [2008-12-04 83800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-28 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E34F0E11-AB79-487c-9773-36C594DFF5AA}]
MapQuest Toolbar Loader - C:\Program Files\MapQuest Toolbar\mqtb.dll [2008-03-18 1267040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{57ABF0DD-577C-4ec6-855C-8DC29768C2B0} - MapQuest Toolbar - C:\Program Files\MapQuest Toolbar\mqtb.dll [2008-03-18 1267040]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - MSN Toolbar - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [2008-12-04 83800]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-05-18 278128]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-07-19 649168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-28 136600]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-04-13 47392]
"DLCXCATS"=rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16 []
"FaxCenterServer"=C:\Program Files\Dell PC Fax\fm3032.exe [2006-11-03 312200]
"dlcxmon.exe"=C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [2007-01-12 292336]
"MemoryCardManager"=C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [2006-11-03 304008]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-04-14 13687328]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-04-14 92704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-11 202256]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-05-06 405504]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-05-17 68856]
"pjpjscti"=C:\Users\Mark Young\AppData\Local\swbjxyfqp\fdqvffktssd.exe []

C:\Users\Mark Young\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"legalnoticecaption"=
"legalnoticetext"=
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-04 22:43:09 ----D---- C:\rsit
2010-08-03 12:15:47 ----A---- C:\Windows\system32\shell32.dll
2010-07-28 19:22:34 ----D---- C:\Program Files\Trend Micro
2010-07-28 19:03:04 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-28 19:03:01 ----D---- C:\ProgramData\Malwarebytes
2010-07-28 19:03:01 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-28 19:03:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-28 18:54:23 ----ASH---- C:\hiberfil.sys
2010-07-28 18:46:27 ----A---- C:\Windows\ntbtlog.txt
2010-07-20 09:48:11 ----D---- C:\ProgramData\Sun
2010-07-17 17:19:38 ----AS---- C:\Windows\system32\drivers\TfSysMon.sys
2010-07-17 17:19:38 ----AS---- C:\Windows\system32\drivers\TfNetMon.sys
2010-07-17 17:19:38 ----AS---- C:\Windows\system32\drivers\TfFsMon.sys
2010-07-17 15:34:32 ----A---- C:\Windows\BDTSupport.dll.old
2010-07-17 15:34:32 ----A---- C:\Windows\BDTSupport.dll
2010-07-17 15:34:30 ----A---- C:\Windows\SGDetectionTool.dll
2010-07-17 15:34:30 ----A---- C:\Windows\PCTBDRes.dll
2010-07-17 15:34:30 ----A---- C:\Windows\PCTBDCore.dll.old
2010-07-17 15:34:30 ----A---- C:\Windows\PCTBDCore.dll
2010-07-17 15:31:06 ----A---- C:\Windows\system32\drivers\pctwfpfilter.sys
2010-07-17 15:31:06 ----A---- C:\Windows\system32\drivers\pctgntdi.sys
2010-07-17 15:30:17 ----A---- C:\Windows\system32\drivers\PCTCore.sys
2010-07-17 15:30:17 ----A---- C:\Windows\system32\drivers\PCTAppEvent.sys
2010-07-17 15:29:29 ----A---- C:\Windows\system32\drivers\pctplsg.sys
2010-07-17 15:29:08 ----D---- C:\ProgramData\PC Tools
2010-07-17 15:29:08 ----D---- C:\Program Files\Spyware Doctor
2010-07-17 15:29:08 ----D---- C:\Program Files\Common Files\PC Tools
2010-07-17 15:28:40 ----AD---- C:\ProgramData\TEMP
2010-07-15 10:54:34 ----D---- C:\ProgramData\Visan
2010-07-15 10:52:06 ----D---- C:\ProgramData\HP Photo Creations Meijer
2010-07-15 10:52:06 ----D---- C:\Program Files\HP Photo Creations Meijer
2010-07-14 17:48:03 ----RA---- C:\Windows\system32\drivers\SymIMV.sys
2010-07-14 17:47:53 ----D---- C:\Program Files\Symantec
2010-07-14 17:47:53 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-14 17:47:53 ----A---- C:\Windows\system32\drivers\SYMEVENT.SYS
2010-07-14 17:47:21 ----D---- C:\Windows\system32\drivers\NAV
2010-07-14 17:47:19 ----D---- C:\Program Files\Norton AntiVirus
2010-07-14 17:47:09 ----D---- C:\Program Files\NortonInstaller

======List of files/folders modified in the last 1 months======

2010-08-06 21:23:23 ----D---- C:\Windows\Temp
2010-08-06 21:22:51 ----D---- C:\Windows\System32
2010-08-06 21:22:51 ----D---- C:\Windows\inf
2010-08-06 21:22:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-06 21:18:10 ----SD---- C:\Windows\Tasks
2010-08-06 21:18:00 ----D---- C:\ProgramData\Google Updater
2010-08-06 21:17:37 ----D---- C:\Windows\Prefetch
2010-08-06 21:16:53 ----D---- C:\Windows\system32\LogFiles
2010-08-06 21:15:42 ----D---- C:\Windows
2010-08-04 22:54:54 ----A---- C:\Windows\SchedLgU.Txt
2010-08-04 03:01:37 ----D---- C:\Windows\winsxs
2010-08-04 03:00:59 ----SHD---- C:\System Volume Information
2010-08-03 13:21:16 ----D---- C:\Windows\system32\Tasks
2010-08-03 11:52:33 ----D---- C:\Windows\system32\catroot
2010-08-01 21:09:40 ----HD---- C:\ProgramData
2010-07-30 19:55:13 ----D---- C:\Program Files\dl_Cats
2010-07-29 05:57:12 ----RD---- C:\Program Files
2010-07-28 19:22:35 ----SHD---- C:\Windows\Installer
2010-07-28 19:03:04 ----D---- C:\Windows\system32\drivers
2010-07-28 18:20:36 ----D---- C:\Users\Mark Young\AppData\Roaming\Apple Computer
2010-07-26 21:54:16 ----D---- C:\Windows\system32\catroot2
2010-07-20 19:04:01 ----D---- C:\Windows\system32\Msdtc
2010-07-20 19:03:52 ----D---- C:\Windows\system32\wbem
2010-07-20 19:03:09 ----D---- C:\Windows\system32\config
2010-07-20 19:02:06 ----D---- C:\Windows\system32\spool
2010-07-20 19:02:06 ----D---- C:\Windows\system32\restore
2010-07-20 19:02:06 ----D---- C:\Windows\system32\oobe
2010-07-20 19:02:06 ----D---- C:\Windows\system32\drivers\UMDF
2010-07-20 19:02:05 ----RSD---- C:\Windows\Media
2010-07-20 19:02:05 ----D---- C:\Windows\system32\drivers\etc
2010-07-20 19:02:05 ----D---- C:\Windows\system32\CodeIntegrity
2010-07-20 19:01:56 ----RSD---- C:\Windows\Fonts
2010-07-20 19:01:56 ----RSD---- C:\Windows\assembly
2010-07-20 19:01:45 ----RD---- C:\Users
2010-07-20 19:01:43 ----D---- C:\ProgramData\Microsoft Help
2010-07-20 19:01:38 ----D---- C:\Program Files\Microsoft Works
2010-07-20 19:01:32 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2010-07-20 19:00:57 ----D---- C:\Windows\registration
2010-07-20 09:48:04 ----D---- C:\Program Files\Common Files\Java
2010-07-20 09:47:22 ----D---- C:\Program Files\Java
2010-07-17 15:29:08 ----D---- C:\Program Files\Common Files
2010-07-14 22:31:36 ----D---- C:\Program Files\Windows Mail
2010-07-14 17:49:34 ----D---- C:\ProgramData\Symantec
2010-07-14 17:48:24 ----D---- C:\ProgramData\Norton
2010-07-14 17:27:49 ----SD---- C:\Users\Mark Young\AppData\Roaming\Microsoft
2010-07-14 17:27:43 ----D---- C:\ProgramData\avg9
2010-07-13 17:03:56 ----D---- C:\Windows\Logs

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\drivers\iastor.sys [2006-05-11 247808]
R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2005-05-12 20576]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NAV\1008000.029\SYMEFA.SYS [2010-01-20 310320]
R0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys [2010-02-02 51984]
R0 TfSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys [2010-02-02 59664]
R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NAV\1008000.029\BHDrvx86.sys [2010-01-20 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NAV\1008000.029\ccHPx86.sys [2010-07-15 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-07-14 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100803.001\IDSvix86.sys [2010-07-06 344112]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NAV\1008000.029\SRTSP.SYS [2010-01-20 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NAV\1008000.029\SRTSPX.SYS [2010-01-20 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2010-01-20 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NAV\1008000.029\SYMTDI.SYS [2010-01-20 217136]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-19 220672]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-14 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100804.002\NAVENG.SYS [2010-07-20 85424]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100804.002\NAVEX15.SYS [2010-07-20 1362608]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-04-14 7766464]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-05-06 326656]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-07-15 124976]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NAV\1008000.029\SYMFW.SYS [2010-01-20 89904]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NAV\1008000.029\SYMNDISV.SYS [2010-01-20 48688]
R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MHNDRV;MHN driver; C:\Windows\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys [2010-04-08 63360]
S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NAV\1002000.007\SYMDNS.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NAV\1002000.007\SYMREDRV.SYS []
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2010-02-02 33552]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-07-19 198608]
R2 dlcx_device;dlcx_device; C:\Windows\system32\dlcxcoms.exe [2006-11-03 537480]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.8.0.41\ccSvcHst.exe [2010-01-20 117640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-04-14 207392]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-05-06 94208]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate1ca6bd597e4aa80;Google Update Service (gupdate1ca6bd597e4aa80); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-22 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-28 183280]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2009-03-05 16680]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-01-19 21504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]
S3 ThreatFire;ThreatFire; C:\Program Files\Spyware Doctor\TFEngine\TFService.exe [2010-02-02 70928]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 TlntSvr;@%SystemRoot%\system32\tlntsvr.exe,-119; C:\Windows\System32\tlntsvr.exe [2009-04-11 71168]

-----------------EOF-----------------

[helpintoledo]

info.txt logfile of random's system information tool 1.08 2010-08-06 21:23:37

======Uninstall list======

360Share Pro(remove only)-->"C:\Program Files\360Share Pro\bt-uninst.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat Reader 3.0-->C:\Windows\uninst.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /X{8A253629-0511-4854-8B4E-46E57E66005C}
Browser Defender 3.0.0.11-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Dell PC Fax-->C:\Program Files\Dell PC Fax\Install\x86\Uninst.exe /R:faxunst
Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
Fisher-Price® Ready for School Family Resource Center-->C:\Windows\uninst.exe -f"C:\Program Files\Fisher-Price\Family Resource Center\DeIsL1.isu"
Fisher-Price® Ready for School Kindergarten-->D:\setup.exe -funkinder.ins
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\5.0.375.125\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_29ABD4AA06EBA92A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Photo Creations Meijer-->"C:\Program Files\HP Photo Creations Meijer\uninst.exe"
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kindergarten v1.0-->C:\Windows\IsUninst.exe -fC:\DLCS\KG\DeIsL1.isu
Lyra Jukebox Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3374B4A6-5595-4667-882D-755ABE093806}\Setup.exe" -l0x9 -remove
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapQuest Toolbar for Internet Explorer-->"C:\Program Files\MapQuest Toolbar\uninstall.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MobileMe Control Panel-->MsiExec.exe /I{BA165460-FCF7-4D6C-A7A2-F2321700720F}
MSN Toolbar-->MsiExec.exe /I{94D16248-E39A-46A4-8CBD-0DAE9C7444B4}
My Fantasy Wedding-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3AC8DD1-A754-46D6-A777-6155D627D196}\setup.exe" -l0x9
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.8.0.41\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Safari-->MsiExec.exe /I{AFAC914D-9E83-4A89-8ABE-427521C82CCF}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: mark-cadb77fa37
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 299093
Source Name: Tcpip
Time Written: 20091129211117.773800-000
Event Type: Warning
User:

Computer Name: mark-cadb77fa37
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019D106F861. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 299084
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091129205755.000000-000
Event Type: Warning
User:

Computer Name: mark-cadb77fa37
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0019D106F861. The following error occurred:
The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 299069
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091129185902.000000-000
Event Type: Warning
User:

Computer Name: mark-cadb77fa37
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 299047
Source Name: Microsoft-Windows-Time-Service
Time Written: 20091129154114.000000-000
Event Type: Warning
User:

Computer Name: mark-cadb77fa37
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 299046
Source Name: Microsoft-Windows-Time-Service
Time Written: 20091129154112.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: mark-cadb77fa37
Event Code: 1030
Message: Product: Microsoft .NET Framework 1.1. The application tried to install a more recent version of the protected Windows file C:\Windows\Microsoft.NET\Framework\sbs_iehost.dll. You may need to update your operating system for this application to work correctly. (Package Version: 1.0.0.0, Operating System Protected Version: 1.0.0.0).
Record Number: 25
Source Name: MsiInstaller
Time Written: 20080501042225.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: mark-cadb77fa37
Event Code: 1030
Message: Product: Microsoft .NET Framework 1.1. The application tried to install a more recent version of the protected Windows file C:\Windows\Microsoft.NET\Framework\sbs_diasymreader.dll. You may need to update your operating system for this application to work correctly. (Package Version: 1.0.0.0, Operating System Protected Version: 1.0.0.0).
Record Number: 24
Source Name: MsiInstaller
Time Written: 20080501042225.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: mark-cadb77fa37
Event Code: 1534
Message: Profile notification of event Delete for component {D63AA156-D534-4BAC-9BF1-55359CF5EC30} failed, error code is -2147024893.


Record Number: 13
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080501042203.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: mark-cadb77fa37
Event Code: 1534
Message: Profile notification of event Delete for component {DE3F3560-3032-41B4-B6CF-F703B1B95640} failed, error code is -2147023838.


Record Number: 12
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080501042203.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: mark-cadb77fa37
Event Code: 2
Message: Unable to remove Windows Search Service indexed data for user 'MARK-CADB77FA37\Administrator' in response to user profile deletion. Error code 0x80070422.

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
Record Number: 11
Source Name: Microsoft-Windows-Search-ProfileNotify
Time Written: 20080501042203.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: mark-cadb77fa37
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-18
Account Name: MARK-CADB77FA37$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process Information:
Process ID: 0x388
Name: C:\Windows\System32\oobe\msoobe.exe

Previous Time: 12:47:29 AM 5/1/2008
New Time: 9:47:29 PM 4/30/2008

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20080501014729.323600-000
Event Type: Audit Success
User:

Computer Name: mark-cadb77fa37
Event Code: 1108
Message: The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing.
Record Number: 4
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080501043138.430600-000
Event Type: Audit Success
User:

Computer Name: mark-cadb77fa37
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 3
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080501043138.087779-000
Event Type: Audit Success
User:

Computer Name: mark-cadb77fa37
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 2
Source Name: Microsoft-Windows-Eventlog
Time Written: 20080501042656.119949-000
Event Type: Audit Success
User:

Computer Name: mark-cadb77fa37
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-2152478756-3922319563-605102323-500
Account Name: Administrator
Account Domain: 26L2233B2-11
Logon ID: 0x8496a

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20061102130954.400000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------