Jump to content

Recommended Posts

Hello lwminton,

This sys has two anti-virus apps doing active monitoring. This will lead to deadlocks (deadly embraces).

ref

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}

DE-install PC Tools Spyware Doctor if you do not have a license for it.

Please advise after you have done that, and we can proceed with malware hunt.

Link to post
Share on other sites

If you have a license for it (PC Tools) and want to keep that, then de-install MS Security Essentials. Then restart the system fresh.

and next do the following:

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

RE-Enable your antivirus program.

Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & log from Bitdefender.

Use separate replies as needed if logs do not fit into one reply box.

Link to post
Share on other sites

I am on to step 4 now

Logfile of random's system information tool 1.09 (written by random/random)

Run by lee at 2012-02-29 09:44:08

Microsoft Windows 7 Professional Service Pack 1

System drive C: has 151 GB (64%) free of 238 GB

Total RAM: 8151 MB (80% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:44:14 AM, on 2/29/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Program Files\trend micro\lee.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [WLSync] "C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: http://moneycentral.msn.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.appl...ex/qtplugin.cab

O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.h...SWebManager.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mim.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mim.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mim.local

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Broadcom Power monitoring service (BPowMon) - Broadcom Corp. - C:\Program Files\Broadcom\BPowMon\BPowMon.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9119 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

"c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

winlogon.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"C:\Program Files\Broadcom\BPowMon\BPowMon.exe"

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe"

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"

"C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 2320

C:\Windows\system32\nvvsvc.exe -session -first

"c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-2b2241cf-bacb-4aba-8df1-ff8dcd0a973b -SystemEventPortName:HostProcess-7406f3f5-326a-404e-a07b-92f576e702f2 -IoCancelEventPortName:HostProcess-77fda529-9a81-4bc8-aadc-90d4a557b7a5 -NonStateChangingEventPortName:HostProcess-b552ab03-1122-4808-8570-f7d71ba013a7 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:828ba680-c36c-4805-b52f-6309e7c35a8e

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"

C:\Windows\system32\SearchIndexer.exe /Embedding

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe" /background

"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun

"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"

"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"C:\Program Files (x86)\Windows Live\Mesh\MOE.exe" "Global\MOE_STARTUP_COMPLETE_146d973f-e241-434d-93ae-2bf832cd1640_lee" "Global\MOE_SHUTDOWN_146d973f-e241-434d-93ae-2bf832cd1640_lee"

"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding

"C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE"

"C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding

C:\Windows\splwow64.exe 8192

"C:\Windows\sysWow64\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3598799491-2946266706-4120222405-11474_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3598799491-2946266706-4120222405-11474 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" http://forums.malwar...l=&fromsearch=1

"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4436 CREDAT:71937

"C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe" -Embedding

taskeng.exe {8761D52C-9D39-4D60-B478-846F4AEE1926}

C:\Windows\System32\jusched.exe

"C:\Windows\system32\SearchFilterHost.exe" 0 540 544 552 65536 548

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"

C:\Windows\system32\svchost.exe -k SDRSVC

"C:\Users\Lee.MIM\Desktop\RSITx64.exe"

C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-08 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]

HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]

Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]

HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 1436224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"WLSync"=C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe [2011-05-13 1449312]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]

C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe [2003-06-18 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]

c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-07-09 1712672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]

C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-06-24 140520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-08-18 8067616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe [2009-09-23 270336]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

""= []

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]

C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"RunStartupScriptSync"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-29 09:44:09 ----D---- C:\Program Files\trend micro

2012-02-29 09:44:08 ----D---- C:\rsit

2012-02-29 09:41:34 ----D---- C:\Windows\ERDNT

2012-02-29 09:40:43 ----D---- C:\Program Files (x86)\ERUNT

2012-02-28 10:57:49 ----A---- C:\Windows\system32\sfcdetails.txt

2012-02-27 18:02:15 ----A---- C:\Windows\system32\drivers\Cat.DB

2012-02-27 18:02:12 ----A---- C:\Windows\system32\drivers\PCTSD64.sys

2012-02-27 18:02:09 ----D---- C:\Program Files (x86)\PC Tools

2012-02-27 18:00:45 ----AD---- C:\ProgramData\TEMP

2012-02-27 18:00:40 ----D---- C:\ProgramData\PC Tools

2012-02-27 18:00:39 ----D---- C:\Users\Lee.MIM\AppData\Roaming\TestApp

2012-02-15 03:02:46 ----A---- C:\Windows\system32\win32k.sys

2012-02-15 03:02:17 ----A---- C:\Windows\system32\drivers\afd.sys

2012-02-15 03:01:53 ----A---- C:\Windows\SYSWOW64\msvcrt.dll

2012-02-15 03:01:53 ----A---- C:\Windows\system32\msvcrt.dll

2012-02-15 03:00:30 ----A---- C:\Windows\SYSWOW64\ieui.dll

2012-02-15 03:00:30 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2012-02-15 03:00:30 ----A---- C:\Windows\system32\ieui.dll

2012-02-15 03:00:30 ----A---- C:\Windows\system32\iertutil.dll

2012-02-15 03:00:28 ----A---- C:\Windows\SYSWOW64\wininet.dll

2012-02-15 03:00:28 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2012-02-15 03:00:28 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2012-02-15 03:00:28 ----A---- C:\Windows\system32\wininet.dll

2012-02-15 03:00:28 ----A---- C:\Windows\system32\mshtmled.dll

2012-02-15 03:00:28 ----A---- C:\Windows\system32\msfeeds.dll

2012-02-15 03:00:28 ----A---- C:\Windows\system32\jsproxy.dll

2012-02-15 03:00:27 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2012-02-15 03:00:26 ----A---- C:\Windows\SYSWOW64\url.dll

2012-02-15 03:00:26 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2012-02-15 03:00:26 ----A---- C:\Windows\system32\url.dll

2012-02-15 03:00:24 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2012-02-15 03:00:24 ----A---- C:\Windows\system32\urlmon.dll

2012-02-15 03:00:21 ----A---- C:\Windows\system32\mshtml.dll

2012-02-15 03:00:20 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2012-02-15 03:00:18 ----A---- C:\Windows\system32\ieframe.dll

======List of files/folders modified in the last 1 month======

2012-02-29 09:44:14 ----D---- C:\Windows\Prefetch

2012-02-29 09:44:09 ----RD---- C:\Program Files

2012-02-29 09:44:05 ----D---- C:\Windows\system32\config

2012-02-29 09:43:40 ----D---- C:\Windows\Temp

2012-02-29 09:41:34 ----D---- C:\Windows

2012-02-29 09:40:43 ----RD---- C:\Program Files (x86)

2012-02-29 09:21:31 ----D---- C:\Windows\System32

2012-02-29 09:21:31 ----D---- C:\Windows\inf

2012-02-29 09:21:31 ----A---- C:\Windows\system32\PerfStringBackup.INI

2012-02-29 09:17:03 ----SHD---- C:\System Volume Information

2012-02-29 09:16:11 ----D---- C:\Windows\system32\drivers

2012-02-27 18:13:35 ----SHD---- C:\Windows\Installer

2012-02-27 18:13:35 ----SHD---- C:\Config.Msi

2012-02-27 18:02:10 ----D---- C:\Program Files (x86)\Common Files

2012-02-27 18:00:45 ----HD---- C:\ProgramData

2012-02-27 16:06:23 ----D---- C:\Program Files\CCleaner

2012-02-23 16:05:23 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-15 03:21:14 ----D---- C:\Windows\Microsoft.NET

2012-02-15 03:21:10 ----RSD---- C:\Windows\assembly

2012-02-15 03:09:55 ----D---- C:\Windows\winsxs

2012-02-15 03:09:20 ----D---- C:\Program Files (x86)\Microsoft Silverlight

2012-02-15 03:08:06 ----D---- C:\Windows\SysWOW64

2012-02-15 03:08:05 ----D---- C:\Windows\SYSWOW64\migration

2012-02-15 03:08:05 ----D---- C:\Windows\system32\migration

2012-02-15 03:08:05 ----D---- C:\Program Files\Internet Explorer

2012-02-15 03:08:05 ----D---- C:\Program Files (x86)\Internet Explorer

2012-02-15 03:02:51 ----D---- C:\Windows\system32\catroot

2012-02-15 03:02:50 ----D---- C:\Windows\system32\catroot2

2012-02-15 03:01:49 ----A---- C:\Windows\win.ini

2012-02-02 09:59:24 ----D---- C:\Users\Lee.MIM\AppData\Roaming\HpUpdate

2012-01-31 07:44:20 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-03 540696]

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]

R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]

R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 188928]

R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]

R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]

R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-08-18 1983264]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2009-08-21 320040]

R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]

R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]

R3 RDPDISPM;RDPDISPM; C:\Windows\system32\DRIVERS\rdpdispm.sys [2010-08-31 10752]

R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]

R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-13 12288]

R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]

R3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]

S0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys []

S0 TFSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys []

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]

S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]

S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]

S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys []

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 BPowMon;Broadcom Power monitoring service; C:\Program Files\Broadcom\BPowMon\BPowMon.exe [2009-08-17 117568]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-13 27136]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-13 27136]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]

R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 12784]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-14 383008]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]

R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]

R2 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-13 27136]

R3 NisSrv;@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136]

S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

S3 nosGetPlusHelper;getPlus® Helper 3004; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 27136]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-03-16 1255736]

S4 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]

S4 GoToAssist;GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe [2010-03-26 16680]

S4 stllssvr;stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-01-16 74392]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2012-02-29 09:44:15

======Uninstall list======

(XP mode application)AREV

(XP mode application)I.R.I.S. OCR Registration

(XP mode application)Microsoft Clip Organizer

(XP mode application)Microsoft Office 2003 Save My Settings Wizard

(XP mode application)Microsoft Office Access 2003

(XP mode application)Microsoft Office Application Recovery

(XP mode application)Microsoft Office Document Imaging

(XP mode application)Microsoft Office Excel 2003

(XP mode application)Microsoft Office Picture Manager

(XP mode application)Microsoft Office Word 2003

(XP mode application)Microsoft Security Essentials

64 Bit HP CIO Components Installer-->MsiExec.exe /I{55D55008-E5F6-47D6-B16F-B2A40D4D145F}

Acrobat.com-->msiexec /qb /x {4571CC76-42C4-7D67-E024-0AEB166E1C6F}

Acrobat.com-->MsiExec.exe /I{4571CC76-42C4-7D67-E024-0AEB166E1C6F}

Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe -maintain activex

Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Bing Bar-->MsiExec.exe /X{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}

Broadcom Management Programs-->MsiExec.exe /X{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

Dell Edoc Viewer-->MsiExec.exe /I{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}

ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"

GoToAssist 8.0.0.514-->C:\Program Files (x86)\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall

HP Customer Participation Program 13.0-->C:\Program Files (x86)\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot

HP Imaging Device Functions 13.0-->C:\Program Files (x86)\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP OfficeJet L7300/L7500/7600/7700-->C:\Program Files (x86)\HP\Digital Imaging\{A219F6D7-D2AD-4DD5-AC31-C23AA2E18084}\setup\hpzscr40.exe -datfile hpwscr05.dat -onestop -forcereboot

HP Smart Web Printing 4.60-->C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat

HP Solution Center 13.0-->C:\Program Files (x86)\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot

HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}

Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm

Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall

Java™ 6 Update 17 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416017FF}

Java™ 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"

Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}

Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}

Microsoft Default Manager-->MsiExec.exe /X{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}

Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E149-54BA-11D6-91B1-00500462BE80}

Microsoft Money 2004-->MsiExec.exe /I{1D643CD0-4DD6-11D7-A4E0-000874180BB3}

Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}

Microsoft Security Client-->MsiExec.exe /I{E77543EE-6FB5-4FF6-AB70-635392C8C756}

Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft UI Engine-->MsiExec.exe /I{2656D0AB-9EA4-4C58-A117-635F3CED8B93}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

MPM-->MsiExec.exe /X{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}

MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

NEF Codec-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A89768CF-CD21-44FD-A723-16D5A8557415}\Setup.exe" -l0x9 -removeonly

NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI

NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall

OCR Software by I.R.I.S. 13.0-->C:\Program Files (x86)\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat

PowerDVD DX-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x9 -cluninstall

Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709

Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}

Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}

Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}

Roxio Creator DE 10.3-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}

Roxio Creator DE 10.3-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}

Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}

Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Shop for HP Supplies-->C:\Program Files (x86)\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}

Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}

Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}

Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}

Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}

Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}

Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}

Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}

Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}

Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}

Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}

Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}

Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}

Windows Small Business Server 2008 ClientAgent-->MsiExec.exe /I{E4FF4DF1-F99C-49AC-B398-BE0887432846}

Windows Small Business Server 2008 Desktop Links Gadget-->MsiExec.exe /I{F5E5D7CA-0F94-41A3-8106-66473C2F3728}

Windows Small Business Server 2008 WMI Provider-->MsiExec.exe /I{838257FC-952A-467B-86BF-21DB6B137A3F}

Windows XP Mode-->MsiExec.exe /X{1374CC63-B520-4f3f-98E8-E9020BF01CFF}

======System event log======

Computer Name: LEE64BIT.mim.local

Event Code: 7

Message: The device, \Device\CdRom0, has a bad block.

Record Number: 108171

Source Name: cdrom

Time Written: 20110708132726.604574-000

Event Type: Error

User:

Computer Name: LEE64BIT.mim.local

Event Code: 11

Message: The driver detected a controller error on \Device\Harddisk5\DR5.

Record Number: 108170

Source Name: Disk

Time Written: 20110708132616.296727-000

Event Type: Error

User:

Computer Name: LEE64BIT.mim.local

Event Code: 11

Message: The driver detected a controller error on \Device\Harddisk5\DR5.

Record Number: 107963

Source Name: Disk

Time Written: 20110707153012.771682-000

Event Type: Error

User:

Computer Name: LEE64BIT.mim.local

Event Code: 11

Message: The driver detected a controller error on \Device\Harddisk5\DR5.

Record Number: 107955

Source Name: Disk

Time Written: 20110707145419.821821-000

Event Type: Error

User:

Computer Name: LEE64BIT.mim.local

Event Code: 1014

Message: Name resolution for the name zpoz1.info timed out after none of the configured DNS servers responded.

Record Number: 107454

Source Name: Microsoft-Windows-DNS-Client

Time Written: 20110705093511.086014-000

Event Type: Warning

User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: Lee64bit

Event Code: 59

Message: Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2. Invalid Xml syntax.

Record Number: 637

Source Name: SideBySide

Time Written: 20100317122304.000000-000

Event Type: Error

User:

Computer Name: Lee64bit

Event Code: 35

Message: Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.

Record Number: 635

Source Name: SideBySide

Time Written: 20100317122219.000000-000

Event Type: Error

User:

Computer Name: Lee64bit

Event Code: 1000

Message: Faulting application name: VPCWizard.exe, version: 6.1.7600.16393, time stamp: 0x4ab97acf

Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5be02b

Exception code: 0xc015000f

Fault offset: 0x000000000006f30c

Faulting process id: 0xd1c

Faulting application start time: 0x01cac52b5bdbcd05

Faulting application path: C:\Windows\System32\VPCWizard.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: ac454aa6-311f-11df-ae2f-a4badb036573

Record Number: 594

Source Name: Application Error

Time Written: 20100316171635.000000-000

Event Type: Error

User:

Computer Name: Lee64bit

Event Code: 1000

Message: Faulting application name: VPCWizard.exe, version: 6.1.7600.16393, time stamp: 0x4ab97acf

Faulting module name: PRINTUI.dll, version: 6.1.7600.16385, time stamp: 0x4a5be068

Exception code: 0xc0000005

Fault offset: 0x0000000000050a7a

Faulting process id: 0xd1c

Faulting application start time: 0x01cac52b5bdbcd05

Faulting application path: C:\Windows\System32\VPCWizard.exe

Faulting module path: C:\Windows\System32\PRINTUI.dll

Report Id: ab312b06-311f-11df-ae2f-a4badb036573

Record Number: 592

Source Name: Application Error

Time Written: 20100316171634.000000-000

Event Type: Error

User:

Computer Name: Lee64bit

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-572131989-893956449-2386300904-1000:

Process 560 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-572131989-893956449-2386300904-1000

Record Number: 568

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20100316170643.214033-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: LEE64BIT.mim.local

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-21-3598799491-2946266706-4120222405-1143

Account Name: SBSMonAcct

Account Domain: MIM

Logon ID: 0xf9eecad

Logon GUID: {CA29C710-40AA-689D-0618-791FB993349C}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name:

Source Network Address: 192.168.16.3

Source Port: 3040

Detailed Authentication Information:

Logon Process: Kerberos

Authentication Package: Kerberos

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 772375

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120130120024.003307-000

Event Type: Audit Success

User:

Computer Name: LEE64BIT.mim.local

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-21-3598799491-2946266706-4120222405-1143

Account Name: SBSMonAcct

Account Domain: MIM

Logon ID: 0xf9eecad

Privileges: SeSecurityPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeTakeOwnershipPrivilege

SeDebugPrivilege

SeSystemEnvironmentPrivilege

SeLoadDriverPrivilege

SeImpersonatePrivilege

Record Number: 772374

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120130120024.003307-000

Event Type: Audit Success

User:

Computer Name: LEE64BIT.mim.local

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-21-3598799491-2946266706-4120222405-1014

Account Name: MIM2008$

Account Domain: MIM

Logon ID: 0xf9eec5d

Logon GUID: {2BCC8119-D332-D508-22BB-C2444849CEF3}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name:

Source Network Address: 192.168.16.3

Source Port: 3040

Detailed Authentication Information:

Logon Process: Kerberos

Authentication Package: Kerberos

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 772373

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120130120023.847307-000

Event Type: Audit Success

User:

Computer Name: LEE64BIT.mim.local

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-0-0

Account Name: -

Account Domain: -

Logon ID: 0x0

Logon Type: 3

New Logon:

Security ID: S-1-5-21-3598799491-2946266706-4120222405-1143

Account Name: SBSMonAcct

Account Domain: MIM

Logon ID: 0xf9eec1f

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x0

Process Name: -

Network Information:

Workstation Name: MIM2008

Source Network Address: 192.168.16.3

Source Port: 3040

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: -

Package Name (NTLM only): NTLM V2

Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 772372

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120130120023.769307-000

Event Type: Audit Success

User:

Computer Name: LEE64BIT.mim.local

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-21-3598799491-2946266706-4120222405-1143

Account Name: SBSMonAcct

Account Domain: MIM

Logon ID: 0xf9eec1f

Privileges: SeSecurityPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeTakeOwnershipPrivilege

SeDebugPrivilege

SeSystemEnvironmentPrivilege

SeLoadDriverPrivilege

SeImpersonatePrivilege

Record Number: 772371

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20120130120023.769307-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=AMD64

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"NUMBER_OF_PROCESSORS"=8

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 30 Stepping 5, GenuineIntel

"PROCESSOR_REVISION"=1e05

"RoxioCentral"=C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\

-----------------EOF-----------------

Edited by Maurice Naggar
Logs placed in-line
Link to post
Share on other sites

I am here now

Results of screen317's Security Check version 0.99.31

Windows 7 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Java™ 6 Update 29

Java version out of date!

Adobe Reader X (10.1.2)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Microsoft Security Client Antimalware NisSrv.exe

``````````End of Log````````````

Link to post
Share on other sites

The BitDefender scan found no infections.

This pc is in a company setting. Have you reported your issues to the system admin/help desk support? You should do so right away.

You are not allowed to get/run MBAM in a corporate environment without a license. That's against the EULA.

Link to post
Share on other sites

If the pc is company owned, it would need an MBAM corporate license. I assume you say, you have a personal MBAM license.

With that aside, does this system now have an anti-virus? Which one? and is it up-to-date and did you do a scan with it?

If not, then, do so.

Link to post
Share on other sites

I am a 1 man office and am on my own trying to keep things running let alone run the business. I looked on the old machine and opened license.txt and it reads Malwarebytes End-User License. I don't see any way to move the software to the machine that I use now. Is that possible?

What is a corporate license?

Link to post
Share on other sites

If you no longer use MBAM on the old system, de-install that one. Given it is your own pc, you can install MBAM on this system. A corporate license is for business use http://www.malwarebytes.org/corporate_licensing

Let's have you run these diagnostic tools:

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 2

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 3

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Click on Scan.
  • Click on Report and copy/paste the content of the notepad into your next reply.

Step 4

Copy & Paste into a reply box the contents of log from aswMBR,

the TDSSKILLER log,

and Roguekiller log

Do NOT attach the files.

Link to post
Share on other sites

Good news then.

Now, you have apparently 2 licenses. 1 on the old system and 1 on this system.

You do not actually "move" the program, but as to the previous license, save/print the original email with license & key. That can be used on some other system of yours (maybe a future one).

To cleanup after tools we used, do the following:

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Afterwards, if these are still around, delete them

aswMBR

TDSSKILLER

RogueKiller

My best to you. Stay safe.

Link to post
Share on other sites

Before I close this out, you need the latest of Java runtime:

javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.
    ( jre-6u31-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.

We are finished here. Best regards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.