Hello wingman!
Thank you for your post with your help, i do appritiate all you are doing for me.
Please include in your next reply:
1. Any problem executing the instructions?
2. MBAM scan results
3. RSIT log.txt and info.txt file contents
4. How is the computer behaving?
1. Any problem executing the instructions?
The only thing that threw me off was in the instructions on step 2, you specified the following:
# Click on the Show Results button to see a list of any malware that was found.
# Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
I am not sure if the scan did not come up with anything, this is then not aplicable, as i did not have to do anything involving the "C:\System Volume Information folder".
2. MBAM scan results
Although, i did get a .txt from the scan and it is as follows:
Malwarebytes' Anti-Malware 1.41
Database version: 3258
Windows 6.0.6002 Service Pack 2
29/11/2009 21:14:54
mbam-log-2009-11-29 (21-14-54).txt
Scan type: Quick Scan
Objects scanned: 103594
Time elapsed: 6 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
RSIT log.txt and info.txt file contents
(I am sorry if you wanted me to post these two logs on separet posts, but you also told me to post this in my next post)
Logfile of random's system information tool 1.06 (written by random/random)
Run by calvin at 2009-11-29 21:18:45
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 216 GB (46%) free of 469 GB
Total RAM: 3070 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:47, on 29/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\calvin\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\calvin.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) -
http://picasaweb.google.co.uk/s/v/56.31/uploader2.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 1956764499O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 1956856774O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
--
End of file - 6544 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Driver Robot.job
C:\Windows\tasks\Recovery DVD Creator.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll [2009-07-03 68112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll [2009-09-11 264720]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\Windows\System32\msconfig.exe [2008-01-19 227840]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
"SoundTray"=C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe [2007-09-27 53248]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-01-09 4186112]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-10-25 1302528]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\28c7e029]
C:\Users\calvin\AppData\Local\Temp\uxjnqoka.dll,b []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Habu]
C:\Program Files\Razer\Habu\razerhid.exe [2007-05-11 176128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPService]
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe [2007-06-12 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-02-21 366400]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Profiler]
C:\Program Files\Saitek\Software\ProfilerU.exe [2005-10-18 163840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QTEO Agent]
C:\Windows\system32\28463\QTEO.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reclusa]
C:\Program Files\Razer\Reclusa\razerhid.exe [2007-03-07 167936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-01-11 232184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
C:\Program Files\Saitek\Software\SaiMfd.exe [2005-11-03 126976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe /icon []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2009-11-06 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe /a /m C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME\TomTomHOME.exe [2007-05-15 3975848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe [2007-02-20 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^calvin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
C:\PROGRA~1\Webshots\Launcher.exe [2008-08-15 157000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^calvin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
C:\PROGRA~1\Xfire\xfire.exe [2009-07-02 3190096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2009-07-03 219664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2009-11-29 21:18:45 ----D---- C:\rsit
2009-11-25 03:02:58 ----A---- C:\Windows\system32\tzres.dll
2009-11-24 20:42:18 ----A---- C:\Windows\system32\msxml6.dll
2009-11-24 20:42:18 ----A---- C:\Windows\system32\msxml3.dll
2009-11-22 19:26:01 ----D---- C:\Program Files\Spring 1944
2009-11-14 20:56:34 ----D---- C:\Program Files\LogMeIn Hamachi
2009-11-12 00:57:13 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-11-10 17:30:42 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\xactengine3_3.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-11-10 17:30:41 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\XAudio2_2.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\xactengine3_2.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\D3DX9_39.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\d3dx10_39.dll
2009-11-10 17:30:40 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2009-11-10 17:02:11 ----D---- C:\Program Files\DAEMON Tools Lite
2009-11-10 17:01:54 ----D---- C:\Users\calvin\AppData\Roaming\DAEMON Tools Lite
2009-11-10 17:01:51 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-11-10 16:58:52 ----D---- C:\Program Files\2K Games
2009-11-10 16:57:48 ----D---- C:\BDS
2009-11-09 22:34:27 ----A---- C:\Windows\system32\javaws.exe
2009-11-09 22:34:27 ----A---- C:\Windows\system32\javaw.exe
2009-11-09 22:34:27 ----A---- C:\Windows\system32\java.exe
2009-11-08 00:12:23 ----D---- C:\Program Files\BitTornado
2009-11-06 22:29:24 ----D---- C:\Program Files\GIMP-2.0
2009-11-04 16:37:32 ----A---- C:\Windows\system32\mshtml.dll
2009-11-02 02:26:39 ----D---- C:\Program Files\Paint.NET
======List of files/folders modified in the last 1 months======
2009-11-29 21:18:47 ----D---- C:\Windows\Prefetch
2009-11-29 21:17:05 ----D---- C:\Windows\temp
2009-11-29 21:01:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-29 21:01:06 ----D---- C:\Windows\system32\drivers
2009-11-29 20:57:44 ----D---- C:\ProgramData\Kaspersky Lab
2009-11-29 20:56:40 ----D---- C:\ProgramData\NVIDIA
2009-11-29 20:54:38 ----D---- C:\Windows
2009-11-29 18:10:45 ----SHD---- C:\System Volume Information
2009-11-29 17:10:23 ----D---- C:\Windows\system32\catroot2
2009-11-29 17:10:17 ----D---- C:\Program Files\Steam
2009-11-29 03:03:36 ----SHD---- C:\Windows\Installer
2009-11-29 03:03:36 ----D---- C:\ProgramData\Microsoft Help
2009-11-28 02:57:30 ----D---- C:\Program Files\Cheat Engine
2009-11-27 00:02:08 ----D---- C:\Program Files\Spring Engine
2009-11-26 22:00:50 ----D---- C:\Program Files\Common Files\Steam
2009-11-25 17:38:17 ----D---- C:\Windows\rescache
2009-11-25 03:40:28 ----D---- C:\Windows\system32\en-US
2009-11-25 03:40:28 ----AD---- C:\Windows\System32
2009-11-25 03:04:00 ----D---- C:\Windows\winsxs
2009-11-25 03:03:30 ----D---- C:\Windows\system32\catroot
2009-11-22 19:26:01 ----RD---- C:\Program Files
2009-11-22 16:19:37 ----D---- C:\Windows\Minidump
2009-11-22 16:03:53 ----A---- C:\Windows\system32\pbsvc.exe
2009-11-18 01:33:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-12 04:50:43 ----D---- C:\Program Files\Windows Mail
2009-11-11 03:32:52 ----D---- C:\Users\calvin\AppData\Roaming\gtk-2.0
2009-11-10 17:55:22 ----D---- C:\Users\calvin\AppData\Roaming\Hamachi
2009-11-10 17:30:24 ----RSD---- C:\Windows\assembly
2009-11-10 17:27:52 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-10 17:27:43 ----D---- C:\Program Files\Common Files\microsoft shared
2009-11-10 17:11:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-10 17:01:51 ----HD---- C:\ProgramData
2009-11-09 22:34:07 ----D---- C:\Program Files\Java
2009-11-05 17:36:21 ----A---- C:\Windows\system32\mrt.exe
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-11-02 02:50:57 ----D---- C:\Windows\system32\Tasks
2009-11-01 04:23:42 ----SD---- C:\Users\calvin\AppData\Roaming\Microsoft
2009-10-30 18:30:33 ----D---- C:\Program Files\Mozilla Firefox
2009-10-30 17:05:49 ----D---- C:\Windows\inf
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2009-06-15 128016]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-09-11 280592]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
R2 WinFLdrv;WinFLdrv; C:\Windows\system32\WinFLdrv.sys [2009-08-19 10752]
R2 WinVd32;WinVd32; \??\C:\Windows\system32\WinVd32.sys [2009-08-19 180224]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2007-10-25 354304]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HabuFltr;Habu Mouse; C:\Windows\system32\drivers\habu.sys [2006-10-23 27776]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-14 9557216]
R3 RecFltr;Reclusa Keyboard; C:\Windows\System32\Drivers\RecFltr.sys [2007-01-18 41984]
R3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2006-07-27 13824]
R3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2006-07-27 35200]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S2 ASInsHelp;ASInsHelp; \??\C:\Windows\system32\drivers\AsInsHelp32.sys []
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\Windows\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\Windows\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 anjmjssy;anjmjssy; C:\Windows\system32\drivers\anjmjssy.sys []
S3 Cam5603D;BisonCam, NB Pro; C:\Windows\System32\Drivers\BisonCam.sys [2005-12-19 649088]
S3 catchme;catchme; \??\C:\Users\calvin\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-09 1655464]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SaiH075C;SaiH075C; C:\Windows\system32\DRIVERS\SaiH075C.sys [2006-07-27 176640]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\Windows\system32\drivers\ScreamingBAudio.sys []
S3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Users\calvin\Desktop\SysProt\SysProtDrv.sys [2009-11-24 44288]
S3 tap0801;TAP-Win32 Adapter V8; C:\Windows\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-04-19 131368]
S4 nvsmu;nvsmu; C:\Windows\system32\drivers\nvsmu.sys [2007-02-16 12032]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2007-10-19 86016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-07-03 303376]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-14 215584]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-03-06 266343]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-10-07 185640]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-01-11 166648]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-01-11 887544]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-11-26 320760]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
And next is the Info log you requested.
info.txt logfile of random's system information tool 1.06 2009-11-29 21:18:50
======Uninstall list======
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
-->MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA8A7C81-B0D0-422D-8FBD-BF2D25986667}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AdobeReader*
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Shockwave Player-->MsiExec.exe /X{A7DB362E-16DC-4E29-8A34-E74381E00B5B}
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AquaMark3-->C:\PROGRA~1\AQUAMA~1\UNWISE.EXE C:\PROGRA~1\AQUAMA~1\INSTALL.LOG
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x9 -removeonly
Battlefield 2142-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}\setup.exe" -l0x9 -removeonly
BisonCam, NB Pro-->Rundll32.exe BisonRem.dll,WinMainRmv
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Borderlands-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}\setup.exe" -l0x9 -removeonly
British Telecom-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *BT_GB*
Call of Duty 4: Modern Warfare-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/7940Call of Duty: World at War-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/10090CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.5-->"C:\Program Files\Cheat Engine\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/240Counter-Strike-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/10Creator 9-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *CREATOR9*
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
D.I.P.R.I.P. Warm Up-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/17530Day of Defeat-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/30dBpoweramp Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
DCXtended .9-->C:\Program Files\EA GAMES\Battlefield 1942\Mods\DC_Extended\uninstall.exe
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Firefox-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *FirefoxGB*
Flash Player 9 Internet Explorer-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Flashplayer*
Garry's Mod-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/4000GCFScape 1.7.3-->"C:\Program Files\GCFScape\unins000.exe"
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GIMP 2.6.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/420Half-Life 2-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/220Half-Life-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/70HDReg-->MsiExec.exe /I{AB7032FF-AFED-4C58-AA5C-8473B273793A}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.3.0-->"C:\Program Files\HLSW\unins000.exe"
Host OpenAL (ADI)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA8A7C81-B0D0-422D-8FBD-BF2D25986667}\setup.exe" -l0x9 /remove
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Infocentre Rev. 2.0-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Infocentre*
Insurgency-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/17700Internet From BT-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE9033AD-CBAE-4EDF-989A-BC479FBC6F1F}\Setup.exe"
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java DB 10.4.2.1-->MsiExec.exe /X{926C96FB-9D0A-4504-8000-C6D3A4A3118E}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Java(TM) SE Development Kit 6 Update 16-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160160}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Internet Security 2010-->MsiExec.exe /I{9D8B0949-7C47-476F-9F06-F900D3B078EA}
Kaspersky Online Scanner-->C:\Windows\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Left 4 Dead 2 Demo-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/590Left 4 Dead-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/500LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {067EC517-9731-43FD-B4D5-296EE0027BBB} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{067EC517-9731-43FD-B4D5-296EE0027BBB}
Magic Sports-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *MagicSports*
MagicSports 3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5927AF0D-335C-41D6-937B-54587EBD6D2C}\setup.exe" -uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Men of War-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/7830Metaboli-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *METABOLI*
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft® Office Trial 2007-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *OFF2k7_UK*
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MTA:SA DM Developer Preview 2.3-->C:\Program Files\MTA San Andreas\Uninstall.exe
Natural Selection 3.2-->"c:\program files\steam\steamapps\makem\half-life\unins000.exe"
NS Training Public Beta 1.0-->"c:\program files\steam\steamapps\ryanl0210\half-life\nstraining\unins000.exe"
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->MsiExec.exe /I{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
Packard Bell ImageWriter-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *ImageWriter*
Packard Bell LCD Test-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *LCDTest*
Packard Bell Updator-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Updator*
PC Wizard 2008.1.81-->"C:\Program Files\PC Wizard 2008\unins000.exe"
Peggle Extreme-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/3483Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
Picasa2-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Picasa_2*
PiraMod_30000.04-->"C:\Program Files\PiraMod\unins000.exe"
PremiumSoft Navicat MySQL 7.2-->"C:\Program Files\PremiumSoft\Navicat MySQL\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Razer Habu Config-->C:\Program Files\InstallShield Installation Information\{32CF189D-52BB-4C1C-8F93-97E8F3CDDC95}\setup.exe -runfromtemp -l0x0009 -removeonly
Razer Reclusa Config-->C:\Program Files\InstallShield Installation Information\{328591D2-4F59-4EE1-ABF1-7F47E90E31A1}\Setup.exe -runfromtemp -l0x0009 -removeonly
Real Lives 2007-->C:\Program Files\Educational Simulations\Real Lives\UnInstall_21355.exe
Realtek HD Audio V6.0.1.5334-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *AUDIO_REALTEK*
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Roger Wilco-->C:\PROGRA~1\ROGERW~1\rwbs\UNWISE.EXE C:\PROGRA~1\ROGERW~1\rwbs\INSTALL.LOG
Roxio Creator 9 LE-->MsiExec.exe /I{B7FB0C86-41A4-4402-9A33-912C462042A0}
Saitek SST Programming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{967FB80D-56BD-42EF-A942-9E8C78F984A4}\Setup.exe" -l0x9 -removeonly
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SetUp My PC-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SETUPMYPC_GB*
Shockwave player 10-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *Shockwave*
Silkroad-->C:\Program Files\Silkroad\Remove.Exe
Skype 2.5.2.151-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *SKYPE*
Skype™ Beta 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SmartFTP Client 2.5.1006.16-->"C:\Program Files\SmartFTP Client\unins000.exe"
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
Source SDK Base-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/215Source SDK-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/211Spring 1944 Lyuban (1.07)-->C:\Program Files\Spring 1944\uninst.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress Classic-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/20TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Theme Park World-->C:\Windows\IsUninst.exe -f"C:\Program Files\Bullfrog\Theme Park World\Uninst.isu" -c"C:\Program Files\Bullfrog\Theme Park World\uninst.dll" -BFLANG=2057
TomTom HOME-->C:\Program Files\InstallShield Installation Information\{CE325D55-FCAF-4273-BB79-069BB8747270}\setup.exe -runfromtemp -l0x0009 -removeonly -removeonly
TortoiseSVN 1.6.0.15855 (32 bit)-->MsiExec.exe /X{AE6FB4CD-554F-4560-9A99-F8AE602414DB}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Valve Hammer Editor-->C:\PROGRA~1\VALVEH~1\UNWISE.EXE C:\PROGRA~1\VALVEH~1\INSTALL.LOG
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Video NVIDIA v162.22-->"C:\Program Files\Packard Bell\Smart Restore\SmartRestore.exe" /MSADDREM *VIDEO_NVIDIA*
VLC media player 1.0.0-rc3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Webshots Desktop-->"C:\Program Files\Webshots\unins000.exe"
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Zombie Panic! Source-->"C:\Program Files\Steam\steam.exe"
steam://uninstall/17500=====HijackThis Backups=====
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-06-11]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2008-06-11]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-08-29]
======System event log======
Computer Name: Calvins-PC
Event Code: 1003
Message:
Record Number: 167847
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090911161236.000000-000
Event Type: Warning
User:
Computer Name: Calvins-PC
Event Code: 1004
Message: The DHCP Client service is shutting down. The following error occurred :
Access is denied.
Record Number: 167846
Source Name: Microsoft-Windows-DHCPv6-Client
Time Written: 20090911161236.000000-000
Event Type: Warning
User:
Computer Name: Calvins-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
i8042prt
Record Number: 167796
Source Name: Service Control Manager
Time Written: 20090911003152.000000-000
Event Type: Error
User:
Computer Name: Calvins-PC
Event Code: 7000
Message: The ASInsHelp service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 167758
Source Name: Service Control Manager
Time Written: 20090911003152.000000-000
Event Type: Error
User:
Computer Name: Calvins-PC
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 167755
Source Name: Service Control Manager
Time Written: 20090911003152.000000-000
Event Type: Error
User:
=====Application event log=====
Computer Name: Calvins-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 19858
Source Name: WerSvc
Time Written: 20080528140447.000000-000
Event Type: Error
User:
Computer Name: Calvins-PC
Event Code: 3
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall.
Record Number: 19856
Source Name: SecurityCenter
Time Written: 20080528140225.000000-000
Event Type: Error
User:
Computer Name: Calvins-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-982722604-1779561880-2959229312-1002_Classes:
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002_CLASSES
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002_CLASSES
Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002_CLASSES
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002_CLASSES\VirtualStore\MACHINE\SOFTWARE\Microsoft\Direct3D
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002_CLASSES\VirtualStore\MACHINE\SOFTWARE
Record Number: 19820
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080528041259.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Calvins-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
35 user registry handles leaked from \Registry\User\S-1-5-21-982722604-1779561880-2959229312-1002:
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 848 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Policies
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\trust
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\trust
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\MSNMessenger
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\TrustedPeople
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Policies\Microsoft\SystemCertificates
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Policies\Microsoft\SystemCertificates
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Policies\Microsoft\SystemCertificates
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Policies\Microsoft\SystemCertificates
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Policies\Microsoft\SystemCertificates
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\Direct3D
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\Root
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\Root
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\Disallowed
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\Disallowed
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\My
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\My
Process 3820 (\Device\HarddiskVolume2\Program Files\Windows Live\installer\WLSetupSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\CA
Process 5848 (\Device\HarddiskVolume2\Program Files\Windows Live\Messenger\msnmsgr.exe) has opened key \REGISTRY\USER\S-1-5-21-982722604-1779561880-2959229312-1002\Software\Microsoft\SystemCertificates\CA
Record Number: 19819
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080528041258.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Calvins-PC
Event Code: 1000
Message: Faulting application hl.exe, version 1.1.1.1, time stamp 0x43712ff5, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9, exception code 0xc0000005, fault offset 0x00067316, process id 0x1164, application start time 0x01c8c05e774897a5.
Record Number: 19797
Source Name: Application Error
Time Written: 20080528013843.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Calvins-PC
Event Code: 4904
Message: An attempt was made to register a security event source.
Subject :
Security ID: S-1-5-18
Account Name: CALVINS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Process:
Process ID: 0xdc0
Process Name: C:\Windows\System32\VSSVC.exe
Event Source:
Source Name: VSSAudit
Event Source ID: 0x2f22d8
Record Number: 30619
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081104205504.210539-000
Event Type: Audit Success
User:
Computer Name: Calvins-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 30618
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081104205321.084539-000
Event Type: Audit Success
User:
Computer Name: Calvins-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: CALVINS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x24c
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 30617
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081104205321.084539-000
Event Type: Audit Success
User:
Computer Name: Calvins-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: CALVINS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x24c
Process Name: C:\Windows\System32\services.exe
Network Information:
Network Address: -
Port: -
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 30616
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081104205321.084539-000
Event Type: Audit Success
User:
Computer Name: Calvins-PC
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 30615
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081104205320.844539-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\TortoiseSVN\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
How is the computer behaving?
After i ran the TFC cleaner, on Reboot i noticed a dramatic decrease in the time it took for windows to start back up and let me log back in, not sure if this was intended but all is looking good in my opinon